jmm-guest at alioth.debian.org
2008-Aug-24 21:10 UTC
[Secure-testing-commits] r9638 - in data: . CVE
Author: jmm-guest Date: 2008-08-24 21:10:13 +0000 (Sun, 24 Aug 2008) New Revision: 9638 Modified: data/CVE/list data/spu-candidates.txt Log: new kernel issue add entries for 2.6.24 no-dsas Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-08-24 14:57:04 UTC (rev 9637) +++ data/CVE/list 2008-08-24 21:10:13 UTC (rev 9638) @@ -111,7 +111,9 @@ CVE-2008-3687 (Heap-based buffer overflow in the flask_security_label function in Xen ...) - xen-3 <not-affected> (Not compiled with XSM:FLASK) CVE-2008-3686 (The rt6_fill_node function in Linux kernel 2.6.26-rc4, 2.6.26.2, and ...) - TODO: check + - linux-2.6.24 <not-affected> (Vulnerable code was introduced in 2.6.26) + - linux-2.6 <unfixed> + [etch] - linux-2.6 <not-affected> (Vulnerable code was introduced in 2.6.26) CVE-2008-3685 RESERVED CVE-2008-3684 @@ -229,6 +231,7 @@ NOTE: attacker needs to be authenticated, see https://bugzilla.redhat.com/show_bug.cgi?id=456660 CVE-2008-3651 (Memory leak in racoon/proposal.c in the racoon daemon in ipsec-tools ...) - ipsec-tools 1:0.7.1-1 (low) + [etch] - ipsec-tools <no-dsa> (Minor issue) CVE-2008-3650 (Multiple unspecified vulnerabilities in Horde Groupware Webmail before ...) - horde3 3.2.1+debian0-1 (low; bug #495332) - turba2 2.2.1-1 @@ -466,8 +469,14 @@ RESERVED CVE-2008-3535 (Off-by-one error in the iov_iter_advance function in mm/filemap.c in ...) - linux-2.6 2.6.26-2 + - linux-2.6.24 <unfixed> + NOTE: 94ad374a0751f40d25e22e036c37f7263569d24c + NOTE: Fixed in 2.6.25.14 and 2.6.26.1 CVE-2008-3534 (The shmem_delete_inode function in mm/shmem.c in the tmpfs ...) + - linux-2.6.24 <unfixed> - linux-2.6 2.6.26-2 + NOTE: 14fcc23fdc78e9d32372553ccf21758a9bd56fa1 + NOTE: Fixed in 2.6.25.14 and 2.6.26.1 CVE-2008-3533 (Format string vulnerability in the window_error function in ...) {DTSA-154-1} - yelp 2.22.1-4 (low) @@ -2413,6 +2422,7 @@ NOTE: I set this to medium CVE-2008-2696 (Exiv2 0.16 allows user-assisted remote attackers to cause a denial of ...) - exiv2 0.17-1 (low; bug #486328) + [etch] - exiv2 <no-dsa> (Minor issue) NOTE: http://dev.robotbattle.com/cgi-bin/viewvc.cgi/exiv2/trunk/src/nikonmn.cpp?r1=1473&r2=1499 CVE-2008-2713 (libclamav/petite.c in ClamAV before 0.93.1 allows remote attackers to ...) {DSA-1616-2 DTSA-138-1} Modified: data/spu-candidates.txt ==================================================================--- data/spu-candidates.txt 2008-08-24 14:57:04 UTC (rev 9637) +++ data/spu-candidates.txt 2008-08-24 21:10:13 UTC (rev 9638) @@ -79,6 +79,11 @@ -- +ipsec-tools (CVE-2008-3651) ++http://sourceforge.net/mailarchive/forum.php?thread_name=48a0c7a0.qPeWZAE0PY8bDDq%2B%25olel%40ans.pl&forum_name=ipsec-tools-dev+el + +-- + libapache2-mod-perl2 (CVE-2007-1349) http://svn.apache.org/viewvc?view=rev&revision=521584 #433549