Author: gilbert-guest Date: 2009-06-10 23:00:51 +0000 (Wed, 10 Jun 2009) New Revision: 12100 Modified: data/CVE/list Log: kernel issue triage Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-06-10 22:27:51 UTC (rev 12099) +++ data/CVE/list 2009-06-10 23:00:51 UTC (rev 12100) @@ -219,7 +219,7 @@ CVE-2009-1915 (Stack-based buffer overflow in the URL Search Hook (ICQToolBar.dll) in ...) NOT-FOR-US: ICQ CVE-2009-1914 (The pci_register_iommu_region function in ...) - - linux-2.6 <unfixed> + - linux-2.6 <unfixed> (low; bug #532722) - linux-2.6.24 <removed> CVE-2009-1913 (SQL injection vulnerability in manager.php in LuxBum 0.5.5, when ...) NOT-FOR-US: LuxBum @@ -1562,8 +1562,11 @@ RESERVED CVE-2009-1390 RESERVED -CVE-2009-1389 +CVE-2009-1389 [linux-2.6: packet overflow] RESERVED + - linux-2.6 <unfixed> (high; bug #532376) + - linux-2.6.24 <removed> + NOTE: potential for kernel memory corruption by remote attacker CVE-2009-1388 RESERVED CVE-2009-1387 (The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in ...) @@ -1573,7 +1576,7 @@ - openssl 0.9.8k-1 (low; bug #532037) - openssl097 <not-affected> (DTLS support was introduced in 0.9.8) CVE-2009-1385 (Integer underflow in the e1000_clean_rx_irq function in ...) - - linux-2.6 <unfixed> + - linux-2.6 <unfixed> (low; bug #532721) - linux-2.6.24 <removed> CVE-2009-1384 (pam_krb5 2.2.14 through 2.3.4, as used in Red Hat Enterprise Linux ...) NOT-FOR-US: Different code base than Debian''s libpam-krb5 @@ -2511,7 +2514,9 @@ CVE-2009-1190 (Algorithmic complexity vulnerability in the ...) NOT-FOR-US: Spring Framework CVE-2009-1189 (The _dbus_validate_signature_with_reason function ...) - - dbus 1.2.14-1 + - dbus 1.2.14-1 (high; bug #532720) + NOTE: remote signature spoofing possible, and this was supposed to be + NOTE: originally fixed with the updates for CVE-2008-3834 CVE-2009-1188 (Integer overflow in the JBIG2 decoding feature in Poppler before ...) - poppler 0.10.6-1 (medium; bug #524806) [lenny] - poppler 0.8.7-2