joeyh at alioth.debian.org
2008-Jun-25 21:14 UTC
[Secure-testing-commits] r9151 - data/CVE
Author: joeyh
Date: 2008-06-25 21:14:11 +0000 (Wed, 25 Jun 2008)
New Revision: 9151
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2008-06-25 21:07:18 UTC (rev 9150)
+++ data/CVE/list 2008-06-25 21:14:11 UTC (rev 9151)
@@ -1,6 +1,6 @@
CVE-2008-XXXX [sudo does not flush stdin on timeout]
- sudo 1.6.9p12-1
- [etch] - sudo <not-affected> (Issue was introduced in 1.6.9)
+ [etch] - sudo <not-affected> (Issue was introduced in 1.6.9)
CVE-2008-2841 (Argument injection vulnerability in XChat 2.8.7b and earlier on
...)
- xchat <not-affected> (Windows specific problem)
CVE-2008-2840 (Multiple directory traversal vulnerabilities in Exero CMS 1.0.0
and ...)
@@ -1022,7 +1022,7 @@
CVE-2008-2358 (The Datagram Congestion Control Protocol (DCCP) subsystem in the
Linux ...)
{DSA-1592-1}
- linux-2.6 2.6.25-4
- TODO: 2.6.24 status
+ TODO: 2.6.24 status
NOTE: this version casts sizeof to int. This is a module, not a compiled in
feature in Debian
CVE-2008-2357 (Stack-based buffer overflow in the split_redraw function in
split.c in ...)
{DSA-1587-1}
@@ -1468,7 +1468,7 @@
CVE-2008-2148 (The utimensat system call (sys_utimensat) in Linux kernel 2.6.22
and ...)
- linux-2.6 2.6.25-3 (bug #481195)
[etch] - linux-2.6 <not-affected> (vulnerable code not present)
- [etch] - linux-2.6.24 2.6.24-6~etchnhalf.3
+ [etch] - linux-2.6.24 2.6.24-6~etchnhalf.3
NOTE: utimensat() was introduced in 2.6.22 and sched_slice() in 2.6.24
CVE-2008-2145 (Stack-based buffer overflow in Novell Client 4.91 SP4 and
earlier ...)
NOT-FOR-US: Novell Client 4.91 SP4
@@ -1487,12 +1487,12 @@
CVE-2008-2137 (The (1) sparc_mmap_check function in
arch/sparc/kernel/sys_sparc.c and ...)
{DSA-1588-1}
- linux-2.6 <unfixed>
- [etch] - linux-2.6.24 2.6.24-6~etchnhalf.3
+ [etch] - linux-2.6.24 2.6.24-6~etchnhalf.3
NOTE: Upstream commit: 5816339310b2d9623cf413d33e538b45e815da5d
CVE-2008-2136 (Memory leak in the ipip6_rcv function in net/ipv6/sit.c in the
Linux ...)
{DSA-1588-1}
- linux-2.6 <unfixed>
- [etch] - linux-2.6.24 2.6.24-6~etchnhalf.3
+ [etch] - linux-2.6.24 2.6.24-6~etchnhalf.3
NOTE: Upstream commit: 36ca34cc3b8335eb1fe8bd9a1d0a2592980c3f02
CVE-2008-2135 (Multiple SQL injection vulnerabilities in VisualShapers
ezContents ...)
NOT-FOR-US: VisualShapers ezContents
@@ -2477,7 +2477,7 @@
CVE-2007-6712 (Integer overflow in the hrtimer_forward function (hrtimer.c) in
Linux ...)
{DSA-1588-1}
- linux-2.6 <unfixed> (medium)
- - linux-2.6.24 <unfixed>
+ - linux-2.6.24 <unfixed>
CVE-2008-1887 (Python 2.5.2 and earlier allows context-dependent attackers to
execute ...)
{DSA-1551-1}
- python2.4 2.4.5-2