Author: jmm-guest
Date: 2005-12-19 11:57:28 +0000 (Mon, 19 Dec 2005)
New Revision: 3095
Modified:
data/CVE/list
Log:
kernel updates from dannf and horms
Modified: data/CVE/list
==================================================================---
data/CVE/list 2005-12-19 09:14:20 UTC (rev 3094)
+++ data/CVE/list 2005-12-19 11:57:28 UTC (rev 3095)
@@ -2384,8 +2384,8 @@
- linux-2.6 2.6.14-4
- kernel-source-2.4.27 <not-affected>
CVE-2005-3857 (The time_out_leases function in locks.c for Linux kernel before
...)
- - linux-2.6 2.6.14-4
- - kernel-source-2.4.27 <not-affected>
+ - linux-2.6 2.6.14-4 (low)
+ - kernel-source-2.4.27 2.4.27-13 (low)
CVE-2005-XXXX [Insecure temp file usage in migrationtools]
- migrationtools <unfixed> (bug #338920; medium)
CVE-2005-XXXX [user logout in drupal has no effect]
@@ -2849,9 +2849,9 @@
CVE-2004-2537 (Unspecified vulnerability in SurgeMail before 2.2c10 has unknown
...)
NOT-FOR-US: SurgeMail
CVE-2004-2536 (The exit_thread function (process.c) in Linux kernel 2.6 through
2.6.5 ...)
- - linux-2.6 <not-affected> (fixed upstream in 2.6.6)
- [sarge] - kernel-source-2.6.8 <not-affected> (fixed upstream in 2.6.6)
- TODO: check 2.4.27
+ - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.6)
+ - kernel-source-2.4.27 <not-affected>
+ [sarge] - kernel-source-2.6.8 <not-affected> (Fixed before upload into
archive; 2.6.6)
CVE-2004-2535 (The person-to-person secure messaging feature in Sticker before
3.1.0 ...)
NOT-FOR-US: Sticker
CVE-2004-2534 (Fastream NETFile Server 7.1.2 does not properly handle
keep-alive ...)
@@ -8636,9 +8636,9 @@
- kernel-source-2.4.27 2.4.27-11 (medium; bug #319629)
CVE-2005-1767 (traps.c in the Linux kernel 2.6.x and 2.4.x executes stack
segment ...)
{DSA-922-1 DSA-921-1}
- - linux-2.6 <not-affected> (Fixed before upload into archive)
- TODO: Add which revision fixed this
- - kernel-source-2.4.27 2.4.27-11 (unknown)
+ - linux-2.6 2.6.12-1
+ - kernel-source-2.4.27 <not-affected> (amd64 specific and 2.4/amd64 not
supported)
+ NOTE: This was fixed in 2.4.27-11, but amd64 is not supported for 2.4
(it''s amd64 speficic)
CVE-2005-1766 (Heap-based buffer overflow in rtffplin.cpp in RealPlayer 10.5
...)
{DSA-826-1}
- helix-player 1.0.5-1 (bug #316276; high)
@@ -12894,8 +12894,9 @@
[sarge] - kernel-source-2.6.8 2.6.8-14
TODO: 2.4.27 seems to be unaffected, check back with kernel patch tracker
TODO: check, when this was fixed in 2.6
-CVE-2005-0528
+CVE-2005-0528 [mremap kernel issue]
RESERVED
+ TODO: Fixed for Woody, check 2.4 and 2.6
CVE-2005-0527 (Firefox 1.0 allows remote attackers to execute arbitrary code
via ...)
- mozilla-firefox 1.0.1
NOTE: didn''t other with YA mozilla-browser bug, it has enough for
1.7.6 already..