Author: jmm-guest
Date: 2005-09-23 21:31:57 +0000 (Fri, 23 Sep 2005)
New Revision: 2137
Modified:
data/CAN/list
Log:
dug through dilingers and horms mails wrt the migration
of 2.6.8 kernel fixes to 2.6.12, added information accordingly.
I also removed some sarge DSA specific entries.
Modified: data/CAN/list
==================================================================---
data/CAN/list 2005-09-23 13:42:35 UTC (rev 2136)
+++ data/CAN/list 2005-09-23 21:31:57 UTC (rev 2137)
@@ -1305,8 +1305,6 @@
CAN-2005-2555 (Linux kernel 2.6.x does not properly restrict socket policy
access to ...)
{DTSA-16-1}
- linux-2.6.12 2.6.12-6 (medium)
- - kernel-source-2.6.8 2.6.8-16sarge2 (medium)
- - kernel-source-2.4.27 2.4.27-10sarge2 (medium)
- kernel-source-2.4.27 2.4.27-12 (medium)
CAN-2004-2388 (rexecd for AIX 4.3.3 does not properly use a local copy of the
pwd ...)
NOTE: not-for-us (rexecd)
@@ -2169,7 +2167,7 @@
CAN-2005-2332 (Cross-site scripting (XSS) vulnerability in PHPPageProtect
1.0.0a ...)
NOTE: not-for-us (PHPPageProtect)
CAN-2005-2331 (PHP remote file inclusion vulnerability in display.php in
MooseGallery ...)
- NOTE: not-for-us (MooseGallery)
+ NOTE: not-for-us (MooseGallery)
CAN-2005-2330 (Directory traversal vulnerability in update.php in osCommerce
2.2 ...)
NOTE: not-for-us (osCommerce)
CAN-2005-2329 (MRV Communications In-Reach LX-8000S, LX-4000S, and LX-1000S
3.5.0, ...)
@@ -4888,20 +4886,19 @@
NOTE: horms says not vulnerable in 2.4.27 or 2.6.8 as far as he can tell
CAN-2005-1763 (Buffer overflow in ptrace in the Linux Kernel for 64-bit
architectures ...)
- kernel-source-2.6.8 2.6.8-17
- - kernel-source-2.6.8 2.6.8-16sarge1
- TODO: check if it''s fixed in linux-2.6
+ - linux-2.6 2.6.12-1
+ NOTE: Commited to kernel git on 2005-05-17 (between .12-rc4 and .12-rc5)
CAN-2005-1762 (The ptrace call in the Linux kernel 2.6.8.1 and 2.6.10 for the
AMD64 ...)
{DTSA-16-1}
- linux-2.6 2.6.12-1 (medium)
+ NOTE: Commited to kernel git on 2005-05-17 (between .12-rc4 and .12-rc5)
- kernel-source-2.6.8 2.6.8-17
- - kernel-source-2.6.8 2.6.8-16sarge1
- kernel-source-2.4.27 2.4.27-11
CAN-2005-1761 (Linux kernel 2.6 and 2.4 on the IA64 architecture allows local
users ...)
{DTSA-16-1}
- linux-2.6 2.6.12-1 (medium)
- kernel-source-2.6.11 2.6.11-6 (medium)
- kernel-source-2.6.8 2.6.8-17
- - kernel-source-2.6.8 2.6.8-16sarge1
- kernel-source-2.4.27 (unfixed; low)
CAN-2005-1760 (sysreport 1.3.15 and earlier includes contents of the up2date
file in ...)
NOTE: not-for-us (sysreport)
@@ -6952,8 +6949,8 @@
- spamassassin 3.0.4-1 (bug #314447; medium)
CAN-2005-1265 (The mmap function in the Linux Kernel 2.6.10 can be used to
create ...)
- kernel-source-2.6.8 2.6.8-17
+ - linux-2.6 2.6.12-1
CAN-2005-1264 (Raw character devices (raw.c) in the Linux kernel 2.6.x call the
wrong ...)
- - kernel-source-2.6.8 2.6.8-15sarge1
- kernel-source-2.6.8 2.6.8-16
- kernel-source-2.6.11 2.6.11-5
CAN-2005-1263 (The elf_core_dump function in binfmt_elf.c for Linux kernel
2.x.x to ...)
@@ -8359,14 +8356,13 @@
CAN-2005-0757 (The xattr file system code, as backported in Red Hat Enterprise
Linux ...)
- kernel-source-2.4.27 2.4.27-11 (bug #311164)
- kernel-source-2.6.8 2.6.8-17
- - kernel-source-2.6.8 2.6.8-16sarge1
- TODO: check if it''s fixed in linux-2.6
+ - linux-2.6 2.6.12-1
CAN-2005-0756 (ptrace 2.6.8.1 does not properly verify addresses on the amd64
...)
- kernel-source-2.4.27 2.4.27-11 (medium)
- kernel-source-2.6.8 2.6.8-17 (medium)
- - kernel-source-2.6.8 2.6.8-16sarge1 (medium)
- kernel-source-2.6.11 2.6.11-7 (medium)
- TODO: check if it''s fixed in linux-2.6
+ - linux-2.6 2.6.12-1 (medium)
+ NOTE: Commited to kernel 2.6 git on 2005-05-20, between .12-rc4 and .12-rc5
CAN-2005-0755 (Heap-based buffer overflow in RealPlayer 10 and earlier, Helix
Player ...)
- helix-player 1.0.4-1
CAN-2005-0754 (Kommander in KDE 3.2 through KDE 3.4.0 executes data files
without ...)