Moritz Muehlenhoff
2005-Dec-14 20:48 UTC
[Secure-testing-commits] r3044 - in data: CVE DSA
Author: jmm-guest
Date: 2005-12-14 20:47:57 +0000 (Wed, 14 Dec 2005)
New Revision: 3044
Modified:
data/CVE/list
data/DSA/list
Log:
kernel DSAs are coming
Modified: data/CVE/list
==================================================================---
data/CVE/list 2005-12-14 20:33:42 UTC (rev 3043)
+++ data/CVE/list 2005-12-14 20:47:57 UTC (rev 3044)
@@ -2771,7 +2771,6 @@
- linux-2.6 2.6.13-1 (low)
- kernel-source-2.4.27 2.4.27-11 (low)
[sarge] - kernel-source-2.6.8 2.6.8-16sarge1 (low)
- [sarge] - kernel-source-2.4.27 2.4.27-10sarge1 (low)
CVE-2005-3274 (Race condition in ip_vs_conn_flush in Linux 2.6 before 2.6.13
and 2.4 ...)
- linux-2.6 2.6.13-1 (low)
[sarge] - kernel-source-2.6.8 2.6.8-16sarge1 (low)
@@ -4258,7 +4257,7 @@
- courier 0.47-8 (medium; bug #325631)
CVE-2005-2801 (xattr.c in the ext2 and ext3 file system code for Linux kernel
2.6 ...)
- kernel-source-2.6.8 2.6.8-16sarge1 (medium)
- - kernel-source-2.4.27 2.4.27-10sarge1
+ TODO: When was this fixed in sid for 2.4?
NOTE: this was fixed upstream in 2.6.11 (See bug #328395)
NOTE: http://lists.debian.org/debian-kernel/2005/08/msg00238.html
CVE-2005-2873 (The ipt_recent kernel module (ipt_recent.c) in Linux kernel
2.6.12 and ...)
@@ -4269,7 +4268,6 @@
NOTE: of ipt_recent the best solution, which seems to occur soon
CVE-2005-2872 (The ipt_recent kernel module (ipt_recent.c) in Linux kernel
before ...)
- kernel-source-2.4.27 2.4.27-11 (bug #322237; medium)
- [sarge] - kernel-source-2.4.27 2.4.27-10sarge1 (medium)
- kernel-source-2.6.8 2.6.8-16sarge2 (medium)
CVE-2005-2761 (Cross-site scripting (XSS) vulnerability in phpGroupWare
0.9.16.000 ...)
{DSA-798-1}
@@ -5001,8 +4999,7 @@
CVE-2005-2554 (The web server for Network Associates ePolicy Orchestrator Agent
3.5.0 ...)
NOT-FOR-US: Network Associated ePolicy Orchestrator Agent
CVE-2005-2553 (The find_target function in ptrace32.c in the Linux kernel 2.4.x
...)
- - kernel-source-2.4.27 2.4.27-10sarge1 (bug #323363; medium)
- - kernel-source-2.4.27 2.4.27-12 (medium)
+ - kernel-source-2.4.27 2.4.27-12 (bug #323363; medium)
CVE-2005-2552 (Unknown vulnerability in HP ProLiant DL585 servers running
Integrated ...)
NOT-FOR-US: Integrated Light Out in HP servers
CVE-2005-2551 (Buffer overflow in dhost.exe in iMonitor for Novell eDirectory
8.7.3 ...)
@@ -5227,9 +5224,8 @@
CVE-2005-2458 (inflate.c in the zlib routines in the Linux kernel before
2.6.12.5 ...)
{DTSA-16-1}
- linux-2.6 2.6.12-3 (bug #323173; medium)
- - kernel-source-2.6.8 2.6.8-16sarge1 (medium)
+ [sarge] - kernel-source-2.6.8 2.6.8-16sarge1 (medium)
- kernel-source-2.4.27 2.4.27-12 (medium)
- - kernel-source-2.4.27 2.4.27-10sarge1
CVE-2004-2301 (Eudora before 6.1.1 allows remote attackers to cause a denial of
...)
NOT-FOR-US: Eudora
CVE-2004-2300 (Buffer overflow in snmpd in ucd-snmp 4.2.6 and earlier, when
installed ...)
Modified: data/DSA/list
==================================================================---
data/DSA/list 2005-12-14 20:33:42 UTC (rev 3043)
+++ data/DSA/list 2005-12-14 20:47:57 UTC (rev 3044)
@@ -1,3 +1,7 @@
+[14 Dec 2005] DSA-921-1 kernel-source-2.4.27 - several
+ {CVE-2005-0756 CVE-2005-0757 CVE-2005-1762 CVE-2005-1767 CVE-2005-1768
CVE-2005-2456 CVE-2005-2458 CVE-2005-2459 CVE-2005-2553 CVE-2005-2801
CVE-2005-2872 CVE-2005-3275}
+ [sarge] - kernel-source-2.4.27 2.4.27-10sarge1
+ NOTE: fixed in testing at time of DSA
[13 Dec 2005] DSA-920-1 ethereal - buffer overflow
{CVE-2005-3651}
[woody] - ethereal 0.9.4-1woody14