Author: jmm-guest
Date: 2006-01-03 16:31:56 +0000 (Tue, 03 Jan 2006)
New Revision: 3215
Modified:
data/CVE/list
Log:
procfs mem disclosure fixed in linux-2.6
fib hash issue turned out to be a non-issue, it''s
not triggerable by non-priv users
Modified: data/CVE/list
==================================================================---
data/CVE/list 2006-01-03 15:58:32 UTC (rev 3214)
+++ data/CVE/list 2006-01-03 16:31:56 UTC (rev 3215)
@@ -1,5 +1,5 @@
CVE-2005-4605 [kernel procfs information leak]
- - linux-2.6 <unfixed>
+ - linux-2.6 2.6.15-1
- kernel-source-2.4.27 <not-affected> (2.4''s proc_file_lseek
contains a sanity check)
NOTE: Sarge 2.6.8 status yet unclear
CVE-2005-XXXX [xshisen follows symlinks for shared gid games files]
@@ -988,8 +988,6 @@
NOT-FOR-US: DUportal
CVE-2005-4165 (Multiple SQL injection vulnerabilities in ASP-DEV ASP Resources
Forum ...)
NOT-FOR-US: ASP-DEV ASP Resources Forum
-CVE-2005-XXXX [Another fib_lookup DoS]
- - linux-2.6 <unfixed>
CVE-2005-4178 (Buffer overflow in Dropbear server before 0.47 allows
authenticated ...)
{DSA-923-1}
- dropbear 0.47-1 (high)