jmm-guest at alioth.debian.org
2008-Jun-25 21:07 UTC
[Secure-testing-commits] r9150 - data/CVE
Author: jmm-guest
Date: 2008-06-25 21:07:18 +0000 (Wed, 25 Jun 2008)
New Revision: 9150
Modified:
data/CVE/list
Log:
- track etch''n''half kernel as linux-2.6.24
- mark all issues fixed after initial 2.6.24 release as
unfixed, they can be fixed one by one after verification
for the 2.6.24 status.
Modified: data/CVE/list
==================================================================---
data/CVE/list 2008-06-25 20:59:08 UTC (rev 9149)
+++ data/CVE/list 2008-06-25 21:07:18 UTC (rev 9150)
@@ -1022,6 +1022,7 @@
CVE-2008-2358 (The Datagram Congestion Control Protocol (DCCP) subsystem in the
Linux ...)
{DSA-1592-1}
- linux-2.6 2.6.25-4
+ TODO: 2.6.24 status
NOTE: this version casts sizeof to int. This is a module, not a compiled in
feature in Debian
CVE-2008-2357 (Stack-based buffer overflow in the split_redraw function in
split.c in ...)
{DSA-1587-1}
@@ -1467,6 +1468,7 @@
CVE-2008-2148 (The utimensat system call (sys_utimensat) in Linux kernel 2.6.22
and ...)
- linux-2.6 2.6.25-3 (bug #481195)
[etch] - linux-2.6 <not-affected> (vulnerable code not present)
+ [etch] - linux-2.6.24 2.6.24-6~etchnhalf.3
NOTE: utimensat() was introduced in 2.6.22 and sched_slice() in 2.6.24
CVE-2008-2145 (Stack-based buffer overflow in Novell Client 4.91 SP4 and
earlier ...)
NOT-FOR-US: Novell Client 4.91 SP4
@@ -1485,10 +1487,12 @@
CVE-2008-2137 (The (1) sparc_mmap_check function in
arch/sparc/kernel/sys_sparc.c and ...)
{DSA-1588-1}
- linux-2.6 <unfixed>
+ [etch] - linux-2.6.24 2.6.24-6~etchnhalf.3
NOTE: Upstream commit: 5816339310b2d9623cf413d33e538b45e815da5d
CVE-2008-2136 (Memory leak in the ipip6_rcv function in net/ipv6/sit.c in the
Linux ...)
{DSA-1588-1}
- linux-2.6 <unfixed>
+ [etch] - linux-2.6.24 2.6.24-6~etchnhalf.3
NOTE: Upstream commit: 36ca34cc3b8335eb1fe8bd9a1d0a2592980c3f02
CVE-2008-2135 (Multiple SQL injection vulnerabilities in VisualShapers
ezContents ...)
NOT-FOR-US: VisualShapers ezContents
@@ -2473,6 +2477,7 @@
CVE-2007-6712 (Integer overflow in the hrtimer_forward function (hrtimer.c) in
Linux ...)
{DSA-1588-1}
- linux-2.6 <unfixed> (medium)
+ - linux-2.6.24 <unfixed>
CVE-2008-1887 (Python 2.5.2 and earlier allows context-dependent attackers to
execute ...)
{DSA-1551-1}
- python2.4 2.4.5-2
@@ -2570,12 +2575,14 @@
CVE-2008-1675 (The bdx_ioctl_priv function in the tehuti driver (tehuti.c) in
Linux ...)
- linux-2.6 2.6.25-2 (low)
[etch] - linux-2.6 <not-affected> (Tehuti driver not in 2.6.18)
+ - linux-2.6.24 <unfixed>
NOTE: the cve id description states that 2.6.25 is fixed, this is wrong,
it''s fixed in 2.6.25.1
CVE-2008-1674
RESERVED
CVE-2008-1673 (The asn1 implementation in (a) the Linux kernel 2.4 before
2.4.36.6 ...)
{DSA-1592-1}
- linux-2.6 2.6.25-5 (bug #485944)
+ - linux-2.6.24 <unfixed>
CVE-2008-1672 (OpenSSL 0.9.8f and 0.9.8g allows remote attackers to cause a
denial of ...)
{DTSA-136-1}
- openssl 0.9.8g-10.1 (bug #483379)
@@ -2589,6 +2596,7 @@
CVE-2008-1669 (Linux kernel before 2.6.25.2 does not apply a certain protection
...)
{DSA-1575-1}
- linux-2.6 2.6.25-2 (low)
+ - linux-2.6.24 <unfixed>
NOTE: 0b2bac2f1ea0d33a3621b27ca68b9ae760fca2e9
CVE-2008-1668
RESERVED
@@ -2704,6 +2712,7 @@
CVE-2008-1615 (Linux kernel 2.6.18, and possibly other versions, when running
on ...)
{DSA-1588-1}
- linux-2.6 2.6.25-1 (medium; bug #480390)
+ - linux-2.6.24 <unfixed>
CVE-2008-1614 (suPHP before 0.6.3 allows local users to gain privileges via (1)
a ...)
{DSA-1550-1 DTSA-124-1}
- suphp 0.6.2-2.1 (low; bug #475431)
@@ -3270,6 +3279,7 @@
CVE-2008-1375 (Race condition in the directory notification subsystem (dnotify)
in ...)
{DSA-1565-1}
- linux-2.6 2.6.25-2 (low)
+ - linux-2.6.24 <unfixed>
CVE-2008-1374 (Integer overflow in pdftops filter in CUPS in Red Hat Enterprise
Linux ...)
- cupsys <not-affected> (Redhat-specific incomplete patch, upstream
patch is complete)
- cups <not-affected> (Redhat-specific incomplete patch, upstream patch
is complete)
@@ -5075,6 +5085,7 @@
CVE-2008-0600 (The vmsplice_to_pipe function in Linux kernel 2.6.17 through
2.6.24.1 ...)
{DSA-1494-1 DTSA-113-1}
- linux-2.6 2.6.24-4 (high)
+ - linux-2.6.24 <unfixed>
CVE-2008-0599 (The init_request_info function in sapi/cgi/cgi_main.c in PHP
before ...)
{DTSA-135-1}
- php5 5.2.6-1
@@ -5567,6 +5578,7 @@
CVE-2007-6694 (The chrp_show_cpuinfo function (chrp/setup.c) in Linux kernel
2.4.21 ...)
{DSA-1565-1 DSA-1503-2 DSA-1504-1 DSA-1503-1}
- linux-2.6 <unfixed>
+ - linux-2.6.24 <unfixed>
CVE-2008-XXXX [exempi buffer overflow in GIF ReadHeader() function]
- exempi 1.99.7-1 (bug #454297)
CVE-2008-0544 (Heap-based buffer overflow in the IMG_LoadLBM_RW function in
IMG_lbm.c ...)
@@ -7446,6 +7458,7 @@
- bind9 <not-affected> (On Debian this file is rw for user bind and just
readable for group bind)
CVE-2007-6282 (The IPsec implementation in Linux kernel before 2.6.25 allows
remote ...)
- linux-2.6 2.6.25-1
+ - linux-2.6.24 <unfixed>
CVE-2007-6281 (Heap-based buffer overflow in Open File Manager service
(ofmnt.exe) in ...)
NOT-FOR-US: St. Bernard Open File Manager
CVE-2007-6304 (The federated engine in MySQL 5.0.x before 5.0.51a, 5.1.x before
...)
@@ -7620,15 +7633,18 @@
NOT-FOR-US: KML share
CVE-2008-0010 (The copy_from_user_mmap_sem function in fs/splice.c in the Linux
...)
- linux-2.6 2.6.24-4
+ - linux-2.6.24 <unfixed>
[etch] - linux-2.6 <not-affected> (vulnerable code not present)
CVE-2008-0009 (The vmsplice_to_user function in fs/splice.c in the Linux kernel
...)
- linux-2.6 2.6.24-4
+ - linux-2.6.24 <unfixed>
[etch] - linux-2.6 <not-affected> (vulnerable code not present)
CVE-2008-0008 (The pa_drop_root function in PulseAudio 0.9.8, and a certain
0.9.9 ...)
{DSA-1476-1}
- pulseaudio 0.9.9-1
CVE-2008-0007 (Linux kernel before 2.6.22.17, when using certain drivers that
...)
{DSA-1565-1 DSA-1503-2 DSA-1504-1 DSA-1503-1}
+ - linux-2.6.24 <unfixed>
- linux-2.6 2.6.24-4
CVE-2008-0006 (Buffer overflow in (1) X.Org Xserver before 1.4.1, and (2) the
libfont ...)
{DSA-1466-2 DTSA-110-1}
@@ -7650,11 +7666,13 @@
CVE-2008-0001 (VFS in the Linux kernel before 2.6.22.16, and 2.6.23.x before
...)
{DSA-1479-1}
- linux-2.6 2.6.24-1
+ - linux-2.6.24 <unfixed>
CVE-2007-6207 (Xen 3.x, possibly before 3.1.2, when running on IA64 systems,
does not ...)
- xen-3 3.1.2-1
CVE-2007-6206 (The do_coredump function in fs/exec.c in Linux kernel 2.4.x and
2.6.x ...)
{DSA-1503-2 DSA-1504-1 DSA-1503-1 DSA-1436-1}
- linux-2.6 2.6.24-1
+ - linux-2.6.24 <unfixed>
CVE-2007-6205 (Cross-site scripting (XSS) vulnerability in the remote RSS
sidebar ...)
{DSA-1528-1}
- serendipity 1.2.1-1 (low)
@@ -8460,6 +8478,7 @@
CVE-2007-5904 (Multiple buffer overflows in CIFS VFS in Linux kernel 2.6.23 and
...)
{DSA-1428-1}
- linux-2.6 <unfixed>
+ - linux-2.6.24 <unfixed>
CVE-2007-5903
RESERVED
CVE-2007-5902 (Integer overflow in the svcauth_gss_get_principal function in
...)