Author: micah Date: 2005-07-29 04:38:01 +0000 (Fri, 29 Jul 2005) New Revision: 1483 Modified: data/CAN/list Log: More fixes in kernels Modified: data/CAN/list ==================================================================--- data/CAN/list 2005-07-29 03:32:40 UTC (rev 1482) +++ data/CAN/list 2005-07-29 04:38:01 UTC (rev 1483) @@ -98,6 +98,7 @@ NOTE: not-for-us (FTGate) CAN-2002-2079 (mosix-protocol-stack in Multicomputer Operating System for UnIX ...) - kernel-patch-openmosix (unfixed; bug #319621; low) + NOTE: filed bug with ftp.debian.org for removal (#319817) CAN-2002-2078 (Heap-based buffer overflow in Floositek (1) FTGate Pro 1.05 and (2) ...) NOTE: not-for-us (FTGate) CAN-2002-2077 (The DCOM client in Windows 2000 before SP3 does not properly clear ...) @@ -2417,7 +2418,8 @@ CAN-2005-1766 (Heap-based buffer overflow in rtffplin.cpp in RealPlayer 10.5 ...) NOTE: not-for-us (RealPlayer) CAN-2005-1765 (syscall in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 platform, ...) - - kernel-source-2.6.8 (unfixed; unknown) + - kernel-source-2.6.8 2.6.8-17 + - kernel-source-2.6.8 2.6.8-16sarge1 - linux-2.6 2.6.12-1 (medium) NOTE: Fixed in the 2.6.11 stable series and merged into 2.6.12 CAN-2005-1764 [Unspecified DoS vulnerability on amd64] @@ -2428,11 +2430,16 @@ CAN-2005-1762 (The ptrace call in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 ...) - linux-2.6 2.6.12-1 (medium) NOTE: Fixed in the 2.6.11 stable series and merged into 2.6.12 - - kernel-source-2.6.8 (unfixed; unknown) + - kernel-source-2.6.8 2.6.8-17 + - kernel-source-2.6.8 2.6.8-16sarge1 + - kernel-source-2.4.27 2.4.27-11 CAN-2005-1761 [Kernel changelog for 2.6.12.1: ia64 ptrace + sigrestore_context] NOTE: reserved - linux-2.6 2.6.12-1 (medium) - kernel-source-2.6.11 2.6.11-6 (normal) + - kernel-source-2.6.8 2.6.8-17 + - kernel-source-2.6.8 2.6.8-16sarge1 + - kernel-source-2.4.27 2.4.27-11 CAN-2005-1760 (sysreport 1.3.15 and earlier includes contents of the up2date file in ...) NOTE: not-for-us (sysreport) CAN-2005-1759 (Race condition in shtool 2.0.1 and earlier allows local users to ...) @@ -5867,6 +5874,7 @@ - kernel-source-2.4.27 2.4.27-11 - kernel-source-2.6.8 2.6.8-17 CAN-2005-0756 (ptrace 2.6.8.1 does not properly verify addresses on the amd64 ...) + - kernel-source.2.4.27 2.4.27-11 (medium) - kernel-source-2.6.8 2.6.8-17 (medium) - kernel-source-2.6.11 2.6.11-7 (medium) CAN-2005-0755 (Heap-based buffer overflow in RealPlayer 10 and earlier, Helix Player ...) @@ -9625,7 +9633,7 @@ NOTE: not-for-us (NetOp Host) CAN-2004-0949 (The smb_recv_trans2 function call in the samba filesystem (smbfs) in ...) NOTE: fixed in 2.4.28, 2.6.9 - NOTE: check with kernel people + TODO: check with kernel people CAN-2004-0948 NOTE: rejected CAN-2004-0947 (Buffer overflow in unarj before 2.63a-r2 allows remote attackers to ...) @@ -10805,6 +10813,7 @@ - cvs 1:1.12.9-1 CAN-2004-0415 (Linux kernel does not properly convert 64-bit file offset pointers to ...) NOTE: fixed in 2.4.27-rc6 + TODO: does this mean we are ok? CAN-2004-0414 (CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not ...) - cvs 1:1.12.9-1 CAN-2004-0413 (libsvn_ra_svn in Subversion 1.0.4 trusts the length field of (1) ...)