Author: joeyh
Date: 2009-05-02 21:14:15 +0000 (Sat, 02 May 2009)
New Revision: 11769
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-05-02 18:35:00 UTC (rev 11768)
+++ data/CVE/list 2009-05-02 21:14:15 UTC (rev 11769)
@@ -155,6 +155,7 @@
CVE-2009-1441
RESERVED
CVE-2009-1439 (Buffer overflow in fs/cifs/connect.c in CIFS in the Linux kernel
...)
+ {DSA-1787-1}
- linux-2.6 <unfixed>
- linux-2.6.24 <removed>
CVE-2009-1438 (Integer overflow in the CSoundFile::ReadMed function ...)
@@ -438,9 +439,11 @@
- twiki <unfixed> (bug #526258)
NOTE: We should probably request removal from unstable, replaced by foswiki
CVE-2009-1338 (The kill_something_info function in kernel/signal.c in the Linux
...)
+ {DSA-1787-1}
- linux-2.6 <unfixed>
[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2009-1337 (The exit_notify function in kernel/exit.c in the Linux kernel
before ...)
+ {DSA-1787-1}
- linux-2.6 <unfixed>
- linux-2.6.24 <removed>
CVE-2009-1336 (fs/nfs/client.c in the Linux kernel before 2.6.23 does not
properly ...)
@@ -732,6 +735,7 @@
CVE-2009-1266 (Unspecified vulnerability in Wireshark before 1.0.7-0.1-1 has
unknown ...)
NOTE: Dupe of CVE-2009-1210
CVE-2009-1265 (Integer overflow in rose_sendmsg (sys/net/af_rose.c) in the
Linux ...)
+ {DSA-1787-1}
- linux-2.6 <unfixed>
- linux-2.6.24 <unfixed>
CVE-2009-1264 (Frontend User Registration (sr_feuser_register) extension 2.5.20
and ...)
@@ -842,6 +846,7 @@
- linux-2.6 <not-affected> (Issue was introduced after 2.6.27 release)
- linux-2.6.24 <not-affected> (Issue was introduced after 2.6.27
release)
CVE-2009-1242 (The vmx_set_msr function in arch/x86/kvm/vmx.c in the VMX ...)
+ {DSA-1787-1}
- linux-2.6 <unfixed>
[etch] - linux-2.6 <not-affected> (Doesn''t include KVM yet)
- linux-2.6.24 <unfixed>
@@ -1136,6 +1141,7 @@
CVE-2009-1193
RESERVED
CVE-2009-1192 (drivers/char/agp/generic.c in the agp subsystem in the Linux
kernel ...)
+ {DSA-1787-1}
- linux-2.6 <unfixed>
- linux-2.6.24 <removed>
CVE-2009-1191 (mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP
Server ...)
@@ -1668,6 +1674,7 @@
CVE-2009-1047 (Cross-site scripting (XSS) vulnerability in the Send by e-mail
module ...)
NOT-FOR-US: Send by e-mail module for Drupal
CVE-2009-1046 (The console selection feature in the Linux kernel 2.6.28 before
...)
+ {DSA-1787-1}
- linux-2.6 2.6.29-1
- linux-2.6.24 <removed>
[etch] - linux-2.6 <not-affected> (Introduced in 2.6.23-rc1)
@@ -2183,6 +2190,7 @@
CVE-2009-0860 (Cross-site scripting (XSS) vulnerability in the web user
interface in ...)
NOT-FOR-US: NetMRI
CVE-2009-0859 (The shm_get_stat function in ipc/shm.c in the shm subsystem in
the ...)
+ {DSA-1787-1}
- linux-2.6 2.6.29-1 (unimportant)
NOTE: All Debian kernels set CONFIG_SHMEM, so this is moot except
NOTE: for locally modified configs and even for that I fail to
@@ -2316,6 +2324,7 @@
- linux-2.6.24 <unfixed> (unimportant)
NOTE: CONFIG_SECCOMP has only been enabled in 2.6.26
CVE-2009-0834 (The audit_syscall_entry function in the Linux kernel 2.6.28.7
and ...)
+ {DSA-1787-1}
- linux-2.6 <unfixed> (low)
- linux-2.6.24 <unfixed> (low)
CVE-2009-0833 (Heap-based buffer overflow in gen_msn.dll in the gen_msn plugin
0.31 ...)
@@ -2700,7 +2709,7 @@
- linux-2.6.24 <unfixed> (low)
NOTE: Since the feature is experimental until 2.6.27, I don''t think
we need to fix this
CVE-2009-0745 (The ext4_group_add function in fs/ext4/resize.c in the Linux
kernel ...)
- {DSA-1749-1}
+ {DSA-1787-1 DSA-1749-1}
- linux-2.6 2.6.29-1 (low)
[etch] - linux-2.6 <not-affected> (ext4 not yet present)
- linux-2.6.24 <unfixed> (low)
@@ -2965,7 +2974,7 @@
CVE-2009-0677 (avatarlist.php in the Your Account module, reached through ...)
NOT-FOR-US: RavenNuke
CVE-2009-0676 (The sock_getsockopt function in net/core/sock.c in the Linux
kernel ...)
- {DSA-1749-1}
+ {DSA-1787-1 DSA-1749-1}
- linux-2.6 2.6.29-1 (low)
- linux-2.6.24 <unfixed> (low)
NOTE: Original fix was incomplete/risky, see:
@@ -2973,7 +2982,7 @@
NOTE: Reproducer in <https://bugzilla.redhat.com/show_bug.cgi?id=486305>
NOTE: lacks initialzer for len. Leak confirmed with fixed reproducer.
CVE-2009-0675 (The skfp_ioctl function in drivers/net/skfp/skfddi.c in the
Linux ...)
- {DSA-1749-1}
+ {DSA-1787-1 DSA-1749-1}
- linux-2.6 2.6.29-1 (low)
- linux-2.6.24 <removed> (low)
CVE-2009-0674 (images/captcha.php in Raven Web Services RavenNuke 2.30, when
...)
@@ -4443,7 +4452,7 @@
CVE-2009-0324 (Multiple SQL injection vulnerabilities in BibCiter 1.4 allow
remote ...)
NOT-FOR-US: BibCiter
CVE-2009-0322 (drivers/firmware/dell_rbu.c in the Linux kernel before
2.6.27.13, and ...)
- {DSA-1749-1}
+ {DSA-1787-1 DSA-1749-1}
- linux-2.6 2.6.29-1 (low)
- linux-2.6.24 <removed>
CVE-2009-0321 (Apple Safari 3.2.1 (aka AppVer 3.525.27.1) on Windows allows
remote ...)
@@ -4628,7 +4637,7 @@
CVE-2009-0272 (Cross-site request forgery (CSRF) vulnerability in Novell
GroupWise ...)
NOT-FOR-US: Novell GroupWise
CVE-2009-0269 (fs/ecryptfs/inode.c in the eCryptfs subsystem in the Linux
kernel ...)
- {DSA-1749-1}
+ {DSA-1787-1 DSA-1749-1}
- linux-2.6 2.6.29-1
[etch] - linux-2.6 <not-affected> (ecryptfs was merged in 2.6.19)
- linux-2.6.24 <removed>
@@ -5342,7 +5351,7 @@
CVE-2009-0066 (Multiple unspecified vulnerabilities in Intel system software
for ...)
TODO: will be presented at Black Hat
CVE-2009-0065 (Buffer overflow in net/sctp/sm_statefuns.c in the Stream Control
...)
- {DSA-1749-1}
+ {DSA-1787-1 DSA-1749-1}
- linux-2.6 2.6.29-1
- linux-2.6.24 <removed>
CVE-2009-0064 (Multiple unspecified vulnerabilities in the Control Center in
Symantec ...)
@@ -5757,12 +5766,15 @@
[etch] - gpsdrive <no-dsa> (Minor issue)
[lenny] - gpsdrive 2.10~pre4-6.dfsg-1+lenny1
CVE-2008-5702 (Buffer underflow in the ibwdt_ioctl function in ...)
+ {DSA-1787-1}
- linux-2.6 2.6.26-13
- linux-2.6.24 <removed>
CVE-2008-5701 (Array index error in arch/mips/kernel/scall64-o32.S in the Linux
...)
+ {DSA-1787-1}
- linux-2.6 2.6.26-13
- linux-2.6.24 <removed>
CVE-2008-5700 (libata in the Linux kernel before 2.6.27.9 does not set minimum
...)
+ {DSA-1787-1}
- linux-2.6 2.6.26-13
[etch] - linux-2.6 <not-affected> (Vulnerable code not present, was
introduced later)
- linux-2.6.24 <removed>
@@ -6021,16 +6033,17 @@
CVE-2009-0032 (CUPS on Mandriva Linux 2008.0, 2008.1, 2009.0, Corporate Server
(CS) ...)
NOT-FOR-US: issue affects pdfdistiller
CVE-2009-0031 (Memory leak in the keyctl_join_session_keyring function ...)
- {DSA-1749-1}
+ {DSA-1787-1 DSA-1749-1}
- linux-2.6 2.6.29-1 (low)
- linux-2.6.24 <removed>
CVE-2009-0030 (A certain Red Hat patch for SquirrelMail 1.4.8 sets the same
SQMSESSID ...)
- squirrelmail <not-affected> (RedHat-specific regression)
CVE-2009-0029 (The ABI in the Linux kernel 2.6.28 and earlier on s390, powerpc,
...)
- {DSA-1749-1}
+ {DSA-1787-1 DSA-1749-1}
- linux-2.6 <unfixed> (medium)
- linux-2.6.24 <removed>
CVE-2009-0028 (The clone system call in the Linux kernel 2.6.28 and earlier
allows ...)
+ {DSA-1787-1}
- linux-2.6 2.6.29-1
- linux-2.6.24 <removed>
CVE-2009-0027 (The request handler in JBossWS in JBoss Enterprise Application
...)
@@ -6570,6 +6583,7 @@
{DSA-1699-1}
- zaptel 1:1.4.11~dfsg-3
CVE-2008-5395 (The parisc_show_stack function in arch/parisc/kernel/traps.c in
the ...)
+ {DSA-1787-1}
- linux-2.6 2.6.26-13
- linux-2.6.24 <removed>
CVE-2008-5393 (UPR-Kernel in Ubuntu Privacy Remix (UPR) before 8.04_r1 includes
...)
@@ -7465,7 +7479,7 @@
{DSA-1679-1}
- awstats 6.7.dfsg-5.1 (bug #495432; low)
CVE-2008-5079 (net/atm/svc.c in the ATM subsystem in the Linux kernel 2.6.27.8
and ...)
- {DSA-1687-1}
+ {DSA-1787-1 DSA-1687-1}
- linux-2.6 2.6.26-12
- linux-2.6.24 <removed>
NOTE: http://marc.info/?l=linux-netdev&m=122841256115780&w=2
@@ -9270,6 +9284,7 @@
CVE-2008-4308 (The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and
5.5.10 ...)
- tomcat5.5 5.5.23-1 (low)
CVE-2008-4307 (Race condition in the do_setlk function in fs/nfs/file.c in the
Linux ...)
+ {DSA-1787-1}
- linux-2.6 2.6.26-1
- linux-2.6.24 <removed>
CVE-2008-4306 (Buffer overflow in enscript before 1.6.4 has unknown impact and
attack ...)