Author: micah
Date: 2005-10-07 13:06:08 +0000 (Fri, 07 Oct 2005)
New Revision: 2343
Modified:
data/CAN/list
Log:
Finished cross-referencing kernel CAN numbers
Modified: data/CAN/list
==================================================================---
data/CAN/list 2005-10-07 12:25:32 UTC (rev 2342)
+++ data/CAN/list 2005-10-07 13:06:08 UTC (rev 2343)
@@ -153,12 +153,13 @@
CAN-2005-3110 (Race condition in ebtables netfilter module (ebtables.c) in
Linux 2.6, ...)
- linux-2.6 2.6.12-1
- kernel-source-2.6.8 2.6.8-16sarge1
- - kernel-source-2.4.27 <unfixed>
NOTE: Reported directly to Horms
+ NOTE: 2.4.27 not applicable
CAN-2005-3109 (The HFS and HFS+ (hfsplus) modules in Linux 2.6 allows attackers
to ...)
- linux-2.6 2.6.12-1
- kernel-source-2.6.8 2.6.8-16sarge1
NOTE: Reported directly to Horms
+ TODO: 2.4.27 affected? Horms asking upstream:
http://lkml.org/lkml/2005/10/7/3/index.html
CAN-2005-3108 (mm/ioremap.c in Linux 2.6 on 64-bit x86 systems allows local
users to ...)
- linux-2.6 2.6.12-1
- kernel-source-2.6.8 2.6.8-16sarge1
@@ -168,12 +169,11 @@
- kernel-source-2.6.8 2.6.8-16sarge1
NOTE: Reported directly to Horms
CAN-2005-3106 (Race condition in Linux 2.6, when threads are sharing memory
mapping ...)
- - linux-2.6 <unfixed>
- kernel-source-2.6.8 2.6.8-16sarge1
NOTE: Reported directly to Horms
CAN-2005-3105 (The mrpotect code (mprotect.c) in Linux 2.6 on Itanium IA64
Montecito ...)
- - linux-2.6 <unfixed>
- kernel-source-2.6.8 2.6.8-16sarge1
+ - kernel-source-2.4.27 <unfixed> (bug #332569; medium)
NOTE: Reported directly to Horms
CAN-2005-XXXX [horde3 maintainer scripts don''t set sufficiently strict
permissions on config files]
- horde3 <unfixed> (bug #332289)
@@ -397,11 +397,13 @@
- twiki 20040902-2 (bug #330733; high)
CAN-2005-3055 (Linux kernel 2.6.8 to 2.6.14-rc2 allows local users to cause a
denial ...)
- linux-2.6 <unfixed> (bug #330343; bug #330287; medium)
+ - kernel-source-2.6.8 <unfixed> (bug #332596)
CAN-2005-3054 (fopen_wrappers.c in PHP 4.4.0, and possibly other versions, does
not ...)
- php4 <unfixed> (bug #353585; medium)
- php5 <unfixed> (bug #353585; medium)
CAN-2005-3053 (The sys_set_mempolicy function in mempolicy.c in Linux kernel
2.6.x ...)
- - linux-2.6 <unfixed> (bug #330343; bug #330353; medium)
+ - linux-2.6 2.6.12-3 (bug #330343; bug #330353; medium)
+ - kernel-source-2.6.8 2.6.8-16sarge2 (medium)
CAN-2005-3052 (SQL injection vulnerability in module/down.inc.php in jportal
2.3.1 ...)
NOT-FOR-US: jportal
CAN-2005-3051 (Stack-based buffer overflow in 7-Zip 3.13, 4.23, and 4.26 BETA
allows ...)
@@ -804,8 +806,9 @@
{DSA-822-1}
- gtkdiskfree 1.9.3-4sarge1 (bug #328566; low)
CAN-2005-3044 (Multiple vulnerabilities in Linux kernel before 2.6.13.2 allow
local ...)
- TODO: Pinged Horms for 2.4
- linux-2.6 2.6.12-7 (medium)
+ - kernel-source-2.6.8 2.6.8-16sarge2 (medium)
+ NOTE: code is vulnerable but there is no amd64 for 2.4 in Sarge
CAN-2005-2877 (The history (revision control) function in TWiki 02-Sep-2004 and
...)
NOTE: proactively fixed by the robustness patch
- twiki 20040902-2
@@ -1232,6 +1235,8 @@
NOTE: of ipt_recent the best solution, which seems to occur soon
CAN-2005-2872 (The ipt_recent kernel module (ipt_recent.c) in Linux kernel
before ...)
- kernel-source-2.4.27 2.4.27-11 (bug #322237; medium)
+ - kernel-source-2.4.27 2.4.27-10sarge1 (medium)
+ - kernel-source-2.6.8 2.6.8-16sarge2 (medium)
CAN-2005-2761 (Cross-site scripting (XSS) vulnerability in phpGroupWare
0.9.16.000 ...)
{DSA-798-1}
- phpgroupware 0.9.16.008-1 (unknown)
@@ -1950,7 +1955,8 @@
CAN-2005-2554 (The web server for Network Associates ePolicy Orchestrator Agent
3.5.0 ...)
NOT-FOR-US: Network Associated ePolicy Orchestrator Agent
CAN-2005-2553 (The find_target function in ptrace32.c in the Linux kernel 2.4.x
...)
- - kernel-source-2.4.27 <unfixed> (bug #323363; medium)
+ - kernel-source-2.4.27 2.4.27-10sarge2 (bug #323363; medium)
+ - kernel-source-2.4.27 2.4.27-12 (medium)
CAN-2005-2552 (Unknown vulnerability in HP ProLiant DL585 servers running
Integrated ...)
NOT-FOR-US: Integrated Light Out in HP servers
CAN-2005-2551 (Buffer overflow in dhost.exe in iMonitor for Novell eDirectory
8.7.3 ...)
@@ -2093,6 +2099,7 @@
- python2.3 2.3.5-8 (medium)
CAN-2005-2490 (Stack-based buffer overflow in the sendmsg function call in the
Linux ...)
- linux-2.6 2.6.12-7 (bug #327416; medium)
+ - kernel-source-2.6.8 2.6.8-16sarge2
CAN-2004-2302 (Race condition in the sysfs_read_file and sysfs_write_file
functions ...)
{DTSA-16-1}
- kernel-source-2.6.8 <unfixed> (bug #322339; medium)
@@ -2114,7 +2121,7 @@
CAN-2005-2548 (vlan_dev.c in Linux kernel 2.6.8 allows remote attackers to
cause a ...)
{DTSA-16-1}
NOTE: Will appear in next kernel DSA, fixed in 2.6 since 2.6.9-rc2
- - kernel-image-2.6.8-i386 <unfixed> (bug #309308; low)
+ - kernel-source-2.6.8 2.6.8-16sarge1 (bug #309308; low)
NOTE: 2.6.12-1 contained a partially broken fix
- linux-2.6 2.6.12-6 (bug #309308; low)
CAN-2005-XXXX [DoS by removal of default ACLs in ext2/ext3]
@@ -2171,7 +2178,9 @@
CAN-2005-2458 (inflate.c in the zlib routines in the Linux kernel before
2.6.12.5 ...)
{DTSA-16-1}
- linux-2.6 2.6.12-3 (bug #323173; medium)
+ - kernel-source-2.6.8 2.6.8-16sarge1 (medium)
- kernel-source-2.4.27 2.4.27-11 (medium)
+ - kernel-source-2.4.27 2.4.27-10sarge1
CAN-2004-2301 (Eudora before 6.1.1 allows remote attackers to cause a denial of
...)
NOT-FOR-US: Eudora
CAN-2004-2300 (Buffer overflow in snmpd in ucd-snmp 4.2.6 and earlier, when
installed ...)
@@ -2316,7 +2325,9 @@
CAN-2005-2457 (The driver for compressed ISO file systems (zisofs) in the Linux
...)
{DTSA-16-1}
- linux-2.6 2.6.12-3 (medium)
- - kernel-source-2.4.27 2.4.27-11 (medium)
+ - kernel-source-2.6.8 2.6.8-16sarge2 (medium)
+ - kernel-source-2.4.27 2.4.27-12 (medium)
+ - kernel-source-2.4.27 2.4.27-10sarge2 (medium)
CAN-2005-2456 (Array index overflow in the xfrm_sk_policy_insert function in
...)
{DTSA-16-1}
- linux-2.6 2.6.12-2 (bug #321401; medium)