jmm-guest at alioth.debian.org
2009-Apr-04 09:57 UTC
[Secure-testing-commits] r11562 - data/CVE
Author: jmm-guest
Date: 2009-04-04 09:57:16 +0000 (Sat, 04 Apr 2009)
New Revision: 11562
Modified:
data/CVE/list
Log:
kernel fixes
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-04-03 23:01:04 UTC (rev 11561)
+++ data/CVE/list 2009-04-04 09:57:16 UTC (rev 11562)
@@ -1620,25 +1620,25 @@
NOT-FOR-US: Onguma Time Sheet component for Joomla!
CVE-2009-0748 (The ext4_fill_super function in fs/ext4/super.c in the Linux
kernel ...)
{DSA-1749-1}
- - linux-2.6 <unfixed> (low)
+ - linux-2.6 2.6.29-1 (low)
[etch] - linux-2.6 <not-affected> (ext4 not yet present)
- linux-2.6.24 <unfixed> (low)
NOTE: Since the feature is experimental until 2.6.27, I don''t think
we need to fix this
CVE-2009-0747 (The ext4_isize function in fs/ext4/ext4.h in the Linux kernel
2.6.27 ...)
{DSA-1749-1}
- - linux-2.6 <unfixed> (low)
+ - linux-2.6 2.6.28-2 (low)
[etch] - linux-2.6 <not-affected> (ext4 not yet present)
- linux-2.6.24 <unfixed> (low)
NOTE: Since the feature is experimental until 2.6.27, I don''t think
we need to fix this
CVE-2009-0746 (The make_indexed_dir function in fs/ext4/namei.c in the Linux
kernel ...)
{DSA-1749-1}
- - linux-2.6 <unfixed> (low)
+ - linux-2.6 2.6.28-1 (low)
[etch] - linux-2.6 <not-affected> (ext4 not yet present)
- linux-2.6.24 <unfixed> (low)
NOTE: Since the feature is experimental until 2.6.27, I don''t think
we need to fix this
CVE-2009-0745 (The ext4_group_add function in fs/ext4/resize.c in the Linux
kernel ...)
{DSA-1749-1}
- - linux-2.6 <unfixed> (low)
+ - linux-2.6 2.6.29-1 (low)
[etch] - linux-2.6 <not-affected> (ext4 not yet present)
- linux-2.6.24 <unfixed> (low)
NOTE: Since the feature is experimental until 2.6.27, I don''t think
we need to fix this
@@ -1906,7 +1906,7 @@
NOT-FOR-US: RavenNuke
CVE-2009-0676 (The sock_getsockopt function in net/core/sock.c in the Linux
kernel ...)
{DSA-1749-1}
- - linux-2.6 <unfixed> (low)
+ - linux-2.6 2.6.29-1 (low)
- linux-2.6.24 <unfixed> (low)
NOTE: Original fix was incomplete/risky, see:
NOTE: <http://marc.info/?l=linux-kernel&m=123540732700371&w=2>
@@ -1914,7 +1914,7 @@
NOTE: lacks initialzer for len. Leak confirmed with fixed reproducer.
CVE-2009-0675 (The skfp_ioctl function in drivers/net/skfp/skfddi.c in the
Linux ...)
{DSA-1749-1}
- - linux-2.6 <unfixed> (low)
+ - linux-2.6 2.6.29-1 (low)
- linux-2.6.24 <unfixed> (low)
NOTE: Didn''t check 2.6.24 so far, only temporary for now
CVE-2009-0674 (images/captcha.php in Raven Web Services RavenNuke 2.30, when
...)
@@ -3364,7 +3364,7 @@
NOT-FOR-US: BibCiter
CVE-2009-0322 (drivers/firmware/dell_rbu.c in the Linux kernel before
2.6.27.13, and ...)
{DSA-1749-1}
- - linux-2.6 <unfixed> (low)
+ - linux-2.6 2.6.29-1 (low)
- linux-2.6.24 <removed>
CVE-2009-0321 (Apple Safari 3.2.1 (aka AppVer 3.525.27.1) on Windows allows
remote ...)
NOT-FOR-US: Apple Safari on Windows
@@ -3542,7 +3542,7 @@
NOT-FOR-US: Novell GroupWise
CVE-2009-0269 (fs/ecryptfs/inode.c in the eCryptfs subsystem in the Linux
kernel ...)
{DSA-1749-1}
- - linux-2.6 <unfixed>
+ - linux-2.6 2.6.29-1
[etch] - linux-2.6 <not-affected> (ecryptfs was merged in 2.6.19)
- linux-2.6.24 <removed>
CVE-2009-0265 (Internet Systems Consortium (ISC) BIND 9.6.0 and earlier does
not ...)
@@ -4238,7 +4238,7 @@
TODO: will be presented at Black Hat
CVE-2009-0065 (Buffer overflow in net/sctp/sm_statefuns.c in the Stream Control
...)
{DSA-1749-1}
- - linux-2.6 2.6.26-14
+ - linux-2.6 2.6.29-1
- linux-2.6.24 <removed>
CVE-2009-0064
RESERVED
@@ -4915,7 +4915,7 @@
NOT-FOR-US: issue affects pdfdistiller
CVE-2009-0031 (Memory leak in the keyctl_join_session_keyring function ...)
{DSA-1749-1}
- - linux-2.6 <unfixed> (low)
+ - linux-2.6 2.6.29-1 (low)
- linux-2.6.24 <removed>
CVE-2009-0030 (A certain Red Hat patch for SquirrelMail 1.4.8 sets the same
SQMSESSID ...)
- squirrelmail <not-affected> (RedHat-specific regression)