joeyh at alioth.debian.org
2008-Dec-17 21:14 UTC
[Secure-testing-commits] r10722 - data/CVE
Author: joeyh
Date: 2008-12-17 21:14:11 +0000 (Wed, 17 Dec 2008)
New Revision: 10722
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2008-12-17 18:49:58 UTC (rev 10721)
+++ data/CVE/list 2008-12-17 21:14:11 UTC (rev 10722)
@@ -694,7 +694,7 @@
CVE-2008-5301 (Directory traversal vulnerability in the ManageSieve
implementation in ...)
- dovecot 1:1.0.15-2.3 (bug #506031)
CVE-2008-5300 (Linux kernel 2.6.28 allows local users to cause a denial of
service ...)
- {DSA-1681-1}
+ {DSA-1687-1 DSA-1681-1}
- linux-2.6 2.6.26-12
- linux-2.6.24 2.6.24-6~etchnhalf.7
CVE-2008-5296 (Gallery 1.5.x before 1.5.10 and 1.6 before 1.6-RC3, when ...)
@@ -959,7 +959,7 @@
- cups 1.3.8-1
[etch] - cupsys <not-affected> (cupsys doesn''t crash, code base
changed, guest username not submitted)
CVE-2008-5182 (The inotify functionality in Linux kernel 2.6 before 2.6.28-rc5
might ...)
- {DSA-1681-1}
+ {DSA-1687-1 DSA-1681-1}
- linux-2.6 <unfixed>
- linux-2.6.24 2.6.24-6~etchnhalf.7
CVE-2008-5181 (Microsoft Communicator allows remote attackers to cause a denial
of ...)
@@ -1104,6 +1104,7 @@
- cups <unfixed> (bug #506180)
[etch] - cupsys <not-affected> (RSS subscription code not yet present)
CVE-2008-5297 (Buffer overflow in No-IP DUC 2.1.7 and earlier allows remote DNS
...)
+ {DSA-1686-1}
- no-ip 2.1.7-11 (bug #506179)
CVE-2008-5132 (SQL injection vulnerability in inc/ajax/ajax_rating.php in MemHT
...)
NOT-FOR-US: MemHT Portal
@@ -1215,6 +1216,7 @@
{DSA-1679-1}
- awstats 6.7.dfsg-5.1 (bug #495432; low)
CVE-2008-5079 (net/atm/svc.c in the ATM subsystem in the Linux kernel 2.6.27.8
and ...)
+ {DSA-1687-1}
- linux-2.6 <unfixed>
- linux-2.6.24 <unfixed>
NOTE: http://marc.info/?l=linux-netdev&m=122841256115780&w=2
@@ -1412,11 +1414,11 @@
CVE-2008-5009 (Race condition in the s_xout kernel module in Sun Solstice X.25
9.2, ...)
NOT-FOR-US: Sun Solstice X.25
CVE-2008-5025 (Stack-based buffer overflow in the hfs_cat_find_brec function in
...)
- {DSA-1681-1}
+ {DSA-1687-1 DSA-1681-1}
- linux-2.6 2.6.26-11
- linux-2.6.24 2.6.24-6~etchnhalf.7
CVE-2008-5029 (The __scm_destroy function in net/core/scm.c in the Linux kernel
...)
- {DSA-1681-1}
+ {DSA-1687-1 DSA-1681-1}
- linux-2.6 2.6.26-11
- linux-2.6.24 2.6.24-6~etchnhalf.7
CVE-2008-XXXX [Trac Multiple Vulnerabilities]
@@ -1480,11 +1482,11 @@
- aegis 4.24-3.1 (low; bug #496400)
[etch] - aegis <no-dsa> (Minor issue)
CVE-2008-4934 (The hfsplus_block_allocate function in fs/hfsplus/bitmap.c in
the ...)
- {DSA-1681-1}
+ {DSA-1687-1 DSA-1681-1}
- linux-2.6 2.6.26-11
- linux-2.6.24 2.6.24-6~etchnhalf.7
CVE-2008-4933 (Buffer overflow in the hfsplus_find_cat function in ...)
- {DSA-1681-1}
+ {DSA-1687-1 DSA-1681-1}
- linux-2.6 2.6.26-11
- linux-2.6.24 2.6.24-6~etchnhalf.7
CVE-2008-4932 (webmail/modules/filesystem/edit.php in U-Mail Webmail server
4.91 ...)
@@ -2364,7 +2366,7 @@
- dovecot 1:1.0.15-2.2 (low; bug #502967)
[etch] - dovecot <no-dsa> (Minor issue)
CVE-2008-4576 (sctp in Linux kernel before 2.6.25.18 allows remote attackers to
cause ...)
- {DSA-1681-1}
+ {DSA-1687-1 DSA-1681-1}
- linux-2.6 2.6.26-9
- linux-2.6.24 2.6.24-6~etchnhalf.7
CVE-2008-4575 (Buffer overflow in the DoCommand function in jhead before 2.84
might ...)
@@ -2411,7 +2413,7 @@
TODO: [etch] - graphviz 2.8-3+etch1
NOTE: Scheduled for r6
CVE-2008-4554 (The do_splice_from function in fs/splice.c in the Linux kernel
before ...)
- {DSA-1681-1}
+ {DSA-1687-1 DSA-1681-1}
- linux-2.6 2.6.26-9
- linux-2.6.24 2.6.24-6~etchnhalf.7
CVE-2008-4553 (qemu-make-debian-root in qemu 0.9.1-5 on Debian GNU/Linux allows
local ...)
@@ -4997,7 +4999,7 @@
{DSA-1654-1}
- libxml2 2.6.32.dfsg-4 (bug #498768)
CVE-2008-3528 (The error-reporting functionality in (1) fs/ext2/dir.c, (2) ...)
- {DSA-1681-1}
+ {DSA-1687-1 DSA-1681-1}
- linux-2.6 2.6.26-11 (unimportant)
- linux-2.6.24 2.6.24-6~etchnhalf.7 (unimportant)
NOTE: cdbf6dba28e8e6268c8420857696309470009fd9 (ext3)
@@ -5015,6 +5017,7 @@
NOTE: include a setuid shell or world-writable hard disk device file or some
NOTE: such). Me, I think they''re just being silly.
CVE-2008-3527 (arch/i386/kernel/sysenter.c in the Virtual Dynamic Shared
Objects ...)
+ {DSA-1687-1}
- linux-2.6 2.6.21-1
CVE-2008-3526 (Integer overflow in the sctp_setsockopt_auth_key function in
...)
{DSA-1636-1}