jmm-guest at alioth.debian.org
2007-Nov-19 18:38 UTC
[Secure-testing-commits] r7358 - data/CVE
Author: jmm-guest Date: 2007-11-19 18:38:57 +0000 (Mon, 19 Nov 2007) New Revision: 7358 Modified: data/CVE/list Log: one kernel not-affected for etch one kernel issue needs further investigation Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-11-19 17:12:07 UTC (rev 7357) +++ data/CVE/list 2007-11-19 18:38:57 UTC (rev 7358) @@ -120,6 +120,7 @@ RESERVED CVE-2006-7229 (The skge driver 1.5 in Linux kernel 2.6.15 on Ubuntu does not properly ...) - linux-2.6 2.6.20-1 + [etch] - linux-2.6 <not-affected> (Ubuntu-specific regression) CVE-2006-7228 (Integer overflow in Perl-Compatible Regular Expression (PCRE) library ...) - pcre3 6.2-1 NOTE: http://www.pcre.org/changelog.txt states fixed in 6.2 @@ -251,7 +252,7 @@ CVE-2007-5909 (Multiple stack-based buffer overflows in Autonomy (formerly Verity) ...) NOT-FOR-US: IBM Lotus Notes, Symantec Mail Security, and others CVE-2007-5908 (Buffer overflow in the (1) sysfs_show_available_clocksources and (2) ...) - - linux-2.6 <unfixed> (unimportant) + - linux-2.6 <unfixed> NOTE: there is a list of possible clocksource names which consits of short enough names NOTE: this is a bug in the kernel but not a security issue, there is no way for a user to NOTE: exploit this, they can only chose an item from the list