thr3ads.net - Secure testing commits - [Secure-testing-commits] r3048

If this information is useful, please help other people find it:
Share via:
Moritz Muehlenhoff
2005-Dec-15 09:39 UTC
[Secure-testing-commits] r3048 - in data: CVE DSA

Author: jmm-guest
Date: 2005-12-15 09:39:16 +0000 (Thu, 15 Dec 2005)
New Revision: 3048

Modified:
   data/CVE/list
   data/DSA/list
Log:
*uff*


Modified: data/CVE/list
==================================================================---
data/CVE/list	2005-12-15 09:14:21 UTC (rev 3047)
+++ data/CVE/list	2005-12-15 09:39:16 UTC (rev 3048)
@@ -2766,28 +2766,23 @@
 CVE-2005-3276 (The sys_get_thread_area function in process.c in Linux 2.6
before ...)
 	- linux-2.6 2.6.12-2
 	- kernel-source-2.4.27 <not-affected>
-	[sarge] - kernel-source-2.6.8 2.6.8-16sarge1
 CVE-2005-3275 (The NAT code (1) ip_nat_proto_tcp.c and (2) ip_nat_proto_udp.c
in ...)
 	{DSA-921-1}
 	- linux-2.6 2.6.13-1 (low)
 	- kernel-source-2.4.27 2.4.27-11 (low)
-	[sarge] - kernel-source-2.6.8 2.6.8-16sarge1 (low)
 CVE-2005-3274 (Race condition in ip_vs_conn_flush in Linux 2.6 before 2.6.13
and 2.4 ...)
 	- linux-2.6 2.6.13-1 (low)
-	[sarge] - kernel-source-2.6.8 2.6.8-16sarge1 (low)
+	TODO: Check, whether the 2.4 fix was included in the DSA
 	[sarge] - kernel-source-2.4.27 2.4.27-10sarge1 (low)
 CVE-2005-3273 (The rose_rt_ioctl function in rose_route.c for Radionet Open
Source ...)
 	- linux-2.6 2.6.12-1
 	- kernel-source-2.4.27 <not-affected>
-	[sarge] - kernel-source-2.6.8 2.6.8-16sarge1
 CVE-2005-3272 (Linux kernel before 2.6.12 allows remote attackers to poison the
...)
 	- linux-2.6 2.6.12-1
 	- kernel-source-2.4.27 <not-affected>
-	[sarge] - kernel-source-2.6.8 2.6.8-16sarge1
 CVE-2005-3271 (Exec in Linux kernel 2.6 does not properly clear posix-timers in
...)
-	- linux-2.6 <not-affected> (Fixed before linux-2.6 was introduced)
+	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.9)
 	- kernel-source-2.4.27 <not-affected>
-	[sarge] - kernel-source-2.6.8 2.6.8-16sarge1
 CVE-2005-3270 (Untrusted search path vulnerability in DiskMountNotify for
Symantec ...)
 	NOT-FOR-US: Symantec Antivirus
 CVE-2005-3269 (Unspecified &quot;security exposure&quot; in the HTTP
Admin interface for Sun ...)
@@ -3169,24 +3164,22 @@
 CVE-2005-3112 (The &quot;reset password&quot; feature in Macromedia
Breeze 5.0 stores passwords ...)
 	NOT-FOR-US: Macromedia Breeze
 CVE-2005-3110 (Race condition in ebtables netfilter module (ebtables.c) in
Linux 2.6, ...)
-	- linux-2.6 2.6.12-1
-	- kernel-source-2.6.8 2.6.8-16sarge1
-	NOTE: 2.4.27 not applicable
+	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.11)
+	- kernel-source-2.4.27 <not-affected>
 CVE-2005-3109 (The HFS and HFS+ (hfsplus) modules in Linux 2.6 allow attackers
to ...)
-	- linux-2.6 2.6.12-1
-	- kernel-source-2.6.8 2.6.8-16sarge1
+	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.12)
 	- kernel-source-2.4.27 <unfixed> (low)
 CVE-2005-3108 (mm/ioremap.c in Linux 2.6 on 64-bit x86 systems allows local
users to ...)
-	- linux-2.6 2.6.12-1
-	- kernel-source-2.6.8 2.6.8-16sarge1
+	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.12)
+	- kernel-source-2.4.27 <not-affected>
 CVE-2005-3107 (fs/exec.c in Linux 2.6, when one thread is tracing another
thread that ...)
 	- linux-2.6 <not-affected> (Fixed before upload into archive; in 2.6.11)
-	- kernel-source-2.6.8 2.6.8-16sarge1 (low)
+	- kernel-source-2.4.27 <not-affected>
 CVE-2005-3106 (Race condition in Linux 2.6, when threads are sharing memory
mapping ...)
-	- kernel-source-2.6.8 2.6.8-16sarge1
+	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11)
 CVE-2005-3105 (The mprotect code (mprotect.c) in Linux 2.6 on Itanium IA64
Montecito ...)
-	- kernel-source-2.6.8 2.6.8-16sarge1
 	- kernel-source-2.4.27 <unfixed> (bug #332569; medium)
+	- linux-2.6 2.6.12-1
 CVE-2005-XXXX [Minor local DoS as libldap]
 	- openldap <unfixed> (bug #253838; low)
 	TODO: Check, whether openldap2.2 is affected as well
@@ -4258,10 +4251,8 @@
 	- courier 0.47-8 (medium; bug #325631)
 CVE-2005-2801 (xattr.c in the ext2 and ext3 file system code for Linux kernel
2.6 ...)
 	{DSA-921-1}
-	- kernel-source-2.6.8 2.6.8-16sarge1 (medium)
+	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11)
 	TODO: When was this fixed in sid for 2.4?
-	NOTE: this was fixed upstream in 2.6.11 (See bug #328395)
-	NOTE: http://lists.debian.org/debian-kernel/2005/08/msg00238.html
 CVE-2005-2873 (The ipt_recent kernel module (ipt_recent.c) in Linux kernel
2.6.12 and ...)
 	- kernel-source-2.4.27 <unfixed> (bug #332228; low)
 	- kernel-source-2.6.8 <unfixed> (bug #332231; low)
@@ -4271,7 +4262,7 @@
 CVE-2005-2872 (The ipt_recent kernel module (ipt_recent.c) in Linux kernel
before ...)
 	{DSA-921-1}
 	- kernel-source-2.4.27 2.4.27-11 (bug #322237; medium)
-	- kernel-source-2.6.8 2.6.8-16sarge2 (medium)
+	- linux-2.6 2.6.12-1
 CVE-2005-2761 (Cross-site scripting (XSS) vulnerability in phpGroupWare
0.9.16.000 ...)
 	{DSA-798-1}
 	- phpgroupware 0.9.16.008-1 (unknown)
@@ -5154,9 +5145,9 @@
 	- kernel-source-2.6.8 2.6.8-16sarge2
 CVE-2004-2302 (Race condition in the sysfs_read_file and sysfs_write_file
functions ...)
 	{DTSA-16-1}
-	- kernel-source-2.6.8 <unfixed> (bug #322339; medium)
-	- linux-2.6 2.6.12-1 (bug #322339; medium)
-	NOTE: 2.4.27 not affected
+	- linux-2.6 <not-affected> (Fixed before upload into archive)
+	TODO: Check, when this was fixed upstream
+	- kernel-source-2.4.27 <not-affected>
 CVE-2005-XXXX [Buffer overflow in Description parsing]
 	- bidwatcher <removed> (bug #319489; high)
 CVE-2005-XXXX [Does not do escaping in mysql version - both a worrying flaw and
stops adduser working]
@@ -5228,7 +5219,6 @@
 CVE-2005-2458 (inflate.c in the zlib routines in the Linux kernel before
2.6.12.5 ...)
 	{DSA-921-1 DTSA-16-1}
 	- linux-2.6 2.6.12-3 (bug #323173; medium)
-	[sarge] - kernel-source-2.6.8 2.6.8-16sarge1 (medium)
 	- kernel-source-2.4.27 2.4.27-12 (medium)
 CVE-2004-2301 (Eudora before 6.1.1 allows remote attackers to cause a denial of
...)
 	NOT-FOR-US: Eudora
@@ -8377,24 +8367,20 @@
 	NOTE: <http://service.real.com/help/faq/security/050623_player/EN/>
 CVE-2005-1765 (syscall in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64
platform, ...)
 	{DTSA-16-1}
-	[sarge] - kernel-source-2.6.8 2.6.8-16sarge1
 	- linux-2.6 2.6.12-1 (medium)
 	- kernel-source-2.4.27 <not-affected>
 CVE-2005-1764 (Linux 2.6.11 on 64-bit x86 (x86_64) platforms does not use a
guard ...)
 	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11)
 	- kernel-source-2.4.27 <not-affected>
 CVE-2005-1763 (Buffer overflow in ptrace in the Linux Kernel for 64-bit
architectures ...)
-	[sarge] - kernel-source-2.6.8 2.6.8-17
 	- linux-2.6 <not-affected> (Fixed before upload into archive;
2.6.12-rc5)
 CVE-2005-1762 (The ptrace call in the Linux kernel 2.6.8.1 and 2.6.10 for the
AMD64 ...)
 	{DSA-921-1 DTSA-16-1}
 	- linux-2.6 <not-affected> (Fixed before upload into archive;
2.6.12-rc5)
-	[sarge] - kernel-source-2.6.8 2.6.8-17
 	- kernel-source-2.4.27 2.4.27-11
 CVE-2005-1761 (Linux kernel 2.6 and 2.4 on the IA64 architecture allows local
users ...)
 	{DTSA-16-1}
 	- linux-2.6 2.6.12-1 (medium)
-	[sarge] - kernel-source-2.6.8 2.6.8-17
 	- kernel-source-2.4.27 <unfixed> (low)
 CVE-2005-1760 (sysreport 1.3.15 and earlier includes contents of the up2date
file in ...)
 	NOT-FOR-US: sysreport
@@ -11835,12 +11821,11 @@
 CVE-2005-0757 (The xattr file system code, as backported in Red Hat Enterprise
Linux ...)
 	{DSA-921-1}
 	- kernel-source-2.4.27 2.4.27-11 (bug #311164)
-	[sarge] - kernel-source-2.6.8 2.6.8-17
 	- linux-2.6 <not-affected> (Fixed before upload in archive)
+	TODO: Check, when this was fixed upstream
 CVE-2005-0756 (ptrace 2.6.8.1 does not properly verify addresses on the amd64
...)
 	{DSA-921-1}
 	- kernel-source-2.4.27 2.4.27-11 (medium)
-	[sarge] - kernel-source-2.6.8 2.6.8-17 (medium)
 	- linux-2.6 <not-affected> (Fixed before upload into archive;
2.6.12-rc5)
 CVE-2005-0755 (Heap-based buffer overflow in RealPlayer 10 and earlier, Helix
Player ...)
 	- helix-player 1.0.4-1

Modified: data/DSA/list
==================================================================---
data/DSA/list	2005-12-15 09:14:21 UTC (rev 3047)
+++ data/DSA/list	2005-12-15 09:39:16 UTC (rev 3048)
@@ -1,3 +1,7 @@
+[14 Dec 2005] DSA-922-1 kernel-source-2.6.8 - several
+	{CVE-2004-2302 CVE-2005-0756 CVE-2005-0757 CVE-2005-1265 CVE-2005-1761
CVE-2005-1762 CVE-2005-1763 CVE-2005-1765 CVE-2005-1767 CVE-2005-2456
CVE-2005-2458 CVE-2005-2459 CVE-2005-2548 CVE-2005-2801 CVE-2005-2872
CVE-2005-3105 CVE-2005-3106 CVE-2005-3107 CVE-2005-3108 CVE-2005-3109
CVE-2005-3110 CVE-2005-3271 CVE-2005-3272 CVE-2005-3273 CVE-2005-3274
CVE-2005-3275 CVE-2005-3276}
+	[sarge] - kernel-source-2.6.8 2.6.8-16sarge1
+	NOTE: fixed in testing at time of DSA
 [14 Dec 2005] DSA-921-1 kernel-source-2.4.27 - several
 	{CVE-2005-0756 CVE-2005-0757 CVE-2005-1762 CVE-2005-1767 CVE-2005-1768
CVE-2005-2456 CVE-2005-2458 CVE-2005-2459 CVE-2005-2553 CVE-2005-2801
CVE-2005-2872 CVE-2005-3275}
 	[sarge] - kernel-source-2.4.27 2.4.27-10sarge1
Secure testing commits - Dec 2005 - r3048 - in data: CVE DSA

[Secure-testing-commits] r3048 - in data: CVE DSA
