Author: jmm-guest
Date: 2006-08-14 19:20:58 +0000 (Mon, 14 Aug 2006)
New Revision: 4565
Modified:
data/CVE/list
Log:
- multiple kernel fixes from the kernel-sec repo
- gforge fixed
- elmo fixed
Modified: data/CVE/list
==================================================================---
data/CVE/list 2006-08-14 17:11:54 UTC (rev 4564)
+++ data/CVE/list 2006-08-14 19:20:58 UTC (rev 4565)
@@ -1016,7 +1016,7 @@
CVE-2006-3635
RESERVED
CVE-2006-3634 (The (1) __futex_atomic_op and (2) futex_atomic_cmpxchg_inatomic
...)
- - linux-2.6 <unfixed> (medium)
+ - linux-2.6 2.6.17-1 (medium)
- linux-2.6.16 <not-affected> (introduced in 2.6.17-rc4)
CVE-2006-3633 (OSSP shiela 1.1.5 and earlier allows remote authenticated users
to ...)
NOT-FOR-US: shiela
@@ -6435,9 +6435,8 @@
{DSA-1097-1}
- linux-2.6 2.6.16-15
CVE-2006-1342 (net/ipv4/af_inet.c in Linux kernel 2.4 does not clear ...)
- - linux-2.6 <unfixed>
- - linux-2.6.16 <unfixed>
- NOTE: Possibly not-affected, needs further checking
+ - linux-2.6 <not-affected> (Only affects 2.4 kernels)
+ - linux-2.6.16 <not-affected> (Only affects 2.4 kernels)
CVE-2003-1298 (Multiple directory traversal vulnerabilities in siteman.php3 in
...)
NOT-FOR-US: Veritas Backup
CVE-2000-1240 (Unspecified vulnerability in siteman.php3 in AnyPortal(php)
before 22 ...)
@@ -8237,8 +8236,8 @@
NOT-FOR-US: McAfee WebShield
CVE-2006-0558 (perfmon (perfmon.c) in Linux kernel on IA64 architectures allows
local ...)
{DSA-1103}
- - linux-2.6 <unfixed> (bug #365375; low)
- - linux-2.6.16 <unfixed> (bug #365375; low)
+ - linux-2.6 2.6.16-1 (bug #365375; low)
+ - linux-2.6.16 2.6.16-1 (bug #365375; low)
CVE-2006-0557 (sys_mbind in mempolicy.c in Linux kernel 2.6.16 and earlier does
not ...)
{DSA-1103}
- linux-2.6 2.6.15-8
@@ -14968,7 +14967,7 @@
[sarge] - kernel-source-2.4.27 <no-dsa> (Unfixable design issues)
[sarge] - kernel-source-2.6.8 <no-dsa> (Unfixable design issues)
- kernel-source-2.6.8 <unfixed> (bug #332231; low)
- - linux-2.6 <unfixed> (bug #332381; low)
+ - linux-2.6 2.6.18-1 (bug #332381; low)
- linux-2.6.16 <unfixed> (bug #332381; low)
NOTE: Dave Miller didn''t like the proposed fix and considers a
complete rewrite
NOTE: of ipt_recent the best solution, which seems to occur soon
@@ -16143,11 +16142,9 @@
CVE-2005-2431 (The (1) lost password and (2) account pending features in GForge
4.5 ...)
- gforge (bug #328224; unimportant)
NOTE: Direct flooding is possible as well in most circumstances.
- NOTE: maintainer lacks time for backport/investigation for GForge 3.1 in
Debian
CVE-2005-2430 (Multiple cross-site scripting (XSS) vulnerabilities in GForge
4.5 ...)
{DSA-1094-1}
- - gforge (bug #328224; medium)
- NOTE: maintainer lacks time for backport/investigation for GForge 3.1 in
Debian
+ - gforge 4.5.14-9 (bug #328224; medium)
CVE-2005-2429 (Firefox, when opening Microsoft Word documents, does not
properly set ...)
- mozilla-firefox <not-affected> (Only affects Firefox on Windows
platforms)
CVE-2005-2428 (Lotus Domino R5 and R6 WebMail, with "Generate HTML for
all fields" ...)
@@ -17165,8 +17162,7 @@
{DSA-761-2}
- heartbeat 1.2.3-12 (bug #318287; medium)
CVE-2005-2230 (Electronic Mail Operator (elmo) 1.3.2-r1 and earlier creates the
...)
- - elmo <unfixed> (bug #318291; medium)
- NOTE: upload to unstable still hasn''t occurred (2005-09-18)
+ - elmo 1.3.0-1.1 (bug #318291; low)
CVE-2005-2229 (Blog Torrent 0.92 and earlier stores sensitive files under the
web ...)
NOT-FOR-US: Blog Torrent
CVE-2005-2228 (Web Wiz Forums 7.9 and 8.0 allows remote attackers to view
message ...)