Micah Anderson
2005-Mar-23 07:23 UTC
[Secure-testing-commits] r622 - in sarge-checks: CAN DSA
Author: micah
Date: 2005-03-23 08:23:49 +0100 (Wed, 23 Mar 2005)
New Revision: 622
Modified:
sarge-checks/CAN/list
sarge-checks/DSA/list
Log:
Fixed a typo in DSA/list 2004-0176
Added note to CAN-2005-0210
Added fixed version to 2005-0204
Added fixed version to CAN-2005-0202
Modified: sarge-checks/CAN/list
==================================================================---
sarge-checks/CAN/list 2005-03-23 00:14:43 UTC (rev 621)
+++ sarge-checks/CAN/list 2005-03-23 07:23:49 UTC (rev 622)
@@ -2296,6 +2296,7 @@
CAN-2005-0210 (Netfilter in the Linux kernel 2.6.8.1 allows local users to
cause a ...)
NOTE: fixed in ubuntu kernels
NOTE: 2.6.11 is not affected, apparantly 2.6.10 is no longer relevant
+ NOTE: was bug#300838
- kernel-source-2.6.8 2.6.8-15
- kernel-source-2.4.27 2.4.27-9
CAN-2005-0209 (Netfilter in Linux kernel 2.6.8.1 allows remote attackers to
cause a ...)
@@ -2320,12 +2321,11 @@
CAN-2005-0204 (Linux kernel before 2.6.9, when running on the AMD64 and Intel
EM64T ...)
NOTE: according to the CAN it is fixed in 2.6.10, but
NOTE: looking at the source it is not so clear, noting this
- NOTE: in the bug report
- - kernel-source-2.4.27 (unfixed; bug #296700)
+ NOTE: was bug #296700
+ - kernel-source-2.4.27 2.4.27-9
- kernel-source-2.6.8 2.6.8-14
+ - kernel-source-2.6.11 2.6.11-1
- kernel-image-2.6.8-ia64 2.6.8-13
- - kernel-source-2.6.9 (unfixed; bug #296700)
- - kernel-source-2.6.10 (unfixed; bug #296700)
CAN-2005-0203
NOTE: reserved
CAN-2005-0202 (Directory traversal vulnerability in the true_path function in
...)
@@ -3263,7 +3263,8 @@
NOTE: 2.4.27 is ok, 2.6.8 is vulnerable, 2.6.10 is ok
NOTE: http://xforce.iss.net/xforce/xfdb/18137
NOTE: 2.6.8 needs this patch:
http://linux.bkbits.net:8080/linux-2.6/patch@1.1938.197.15?nav=cset@1.1938.197.15
- - kernel-source-2.6.8 (unfixed; bug #300163)
+ NOTE: was bug #300163
+ kernel-source-2.6.8 2.6.8-14
CAN-2004-1190 (SUSE Linux before 9.1 and SUSE Linux Enterprise Server before 9
do not ...)
NOTE: Response from Suse people reveals that
http://linux.bkbits.net:8080/linux-2.6/hist/drivers/block/scsi_ioctl.c
NOTE: has a misleading entry titled "Fix exploitable hole"
Modified: sarge-checks/DSA/list
==================================================================---
sarge-checks/DSA/list 2005-03-23 00:14:43 UTC (rev 621)
+++ sarge-checks/DSA/list 2005-03-23 07:23:49 UTC (rev 622)
@@ -674,7 +674,7 @@
{CAN-2004-0522}
- gallery 1.4.3-pl2-1
[30 May 2004] DSA-511 ethereal - buffer overflows
- {CAN-2004-0176
+ {CAN-2004-0176}
- ethereal 0.10.3-1
[29 May 2004] DSA-510 jftpgw - format string
{CAN-2004-0448}