Author: gilbert-guest
Date: 2009-06-29 17:42:52 +0000 (Mon, 29 Jun 2009)
New Revision: 12225
Modified:
data/CVE/list
Log:
lenny''s point release kernel is now in squeeze
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-06-29 17:20:46 UTC (rev 12224)
+++ data/CVE/list 2009-06-29 17:42:52 UTC (rev 12225)
@@ -1148,6 +1148,7 @@
CVE-2009-1758 (The hypervisor_callback function in Xen, possibly before 3.4.0,
as ...)
{DSA-1809-1}
- linux-2.6 <unfixed>
+ [squeeze] - linux-2.6 2.6.26-17
- linux-2.6.24 <removed>
CVE-2009-1757 (Cross-site request forgery (CSRF) vulnerability in Transmission
1.5 ...)
- transmission 1.61-1 (low)
@@ -1449,6 +1450,7 @@
CVE-2009-1633 (Multiple buffer overflows in the cifs subsystem in the Linux
kernel ...)
{DSA-1809-1}
- linux-2.6 <unfixed>
+ [squeeze] - linux-2.6 2.6.26-17
- linux-2.6.24 <removed>
CVE-2009-1632 (Multiple memory leaks in Ipsec-tools before 0.7.2 allow remote
...)
{DSA-1804-1}
@@ -1461,6 +1463,7 @@
CVE-2009-1630 (The nfs_permission function in fs/nfs/dir.c in the NFS client
...)
{DSA-1809-1}
- linux-2.6 <unfixed>
+ [squeeze] - linux-2.6 2.6.26-17
- linux-2.6.24 <removed>
CVE-2009-1629 (ajaxterm.js in AjaxTerm 0.10 and earlier generates session IDs
with ...)
- ajaxterm <unfixed> (medium; bug #528938)
@@ -2030,6 +2033,7 @@
CVE-2009-1439 (Buffer overflow in fs/cifs/connect.c in CIFS in the Linux kernel
...)
{DSA-1800-1 DSA-1794-1 DSA-1787-1}
- linux-2.6 2.6.29-2 (bug #523365)
+ [squeeze] - linux-2.6 2.6.26-17
- linux-2.6.24 <removed>
CVE-2009-1438 (Integer overflow in the CSoundFile::ReadMed function ...)
- libmodplug 1:0.8.7-1 (low; bug #526657; bug #527076)
@@ -2358,10 +2362,12 @@
CVE-2009-1338 (The kill_something_info function in kernel/signal.c in the Linux
...)
{DSA-1800-1 DSA-1787-1}
- linux-2.6 <unfixed>
+ [squeeze] - linux-2.6 2.6.26-17
[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2009-1337 (The exit_notify function in kernel/exit.c in the Linux kernel
before ...)
{DSA-1800-1 DSA-1794-1 DSA-1787-1}
- linux-2.6 2.6.29-5
+ [squeeze] - linux-2.6 2.6.26-17
- linux-2.6.24 <removed>
CVE-2009-1336 (fs/nfs/client.c in the Linux kernel before 2.6.23 does not
properly ...)
{DSA-1794-1}
@@ -2676,6 +2682,7 @@
CVE-2009-1265 (Integer overflow in rose_sendmsg (sys/net/af_rose.c) in the
Linux ...)
{DSA-1800-1 DSA-1794-1 DSA-1787-1}
- linux-2.6 2.6.29-4
+ [squeeze] - linux-2.6 2.6.26-17
- linux-2.6.24 <removed>
CVE-2009-1264 (Frontend User Registration (sr_feuser_register) extension 2.5.20
and ...)
NOT-FOR-US: Frontend User Registration (sr_feuser_register) extension
@@ -2798,6 +2805,7 @@
CVE-2009-1242 (The vmx_set_msr function in arch/x86/kvm/vmx.c in the VMX ...)
{DSA-1800-1 DSA-1787-1}
- linux-2.6 <unfixed>
+ [squeeze] - linux-2.6 2.6.26-17
[etch] - linux-2.6 <not-affected> (Doesn''t include KVM yet)
- linux-2.6.24 <removed>
CVE-2008-6656 (Multiple SQL injection vulnerabilities in Open Auto Classifieds
1.4.3b ...)
@@ -3100,6 +3108,7 @@
CVE-2009-1192 (The (1) agp_generic_alloc_page and (2) agp_generic_alloc_pages
...)
{DSA-1800-1 DSA-1794-1 DSA-1787-1}
- linux-2.6 <unfixed>
+ [squeeze] - linux-2.6 2.6.26-17
- linux-2.6.24 <removed>
CVE-2009-1191 (mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP
Server ...)
- apache2 2.2.11-4 (low)
@@ -3126,6 +3135,7 @@
CVE-2009-1184 (The selinux_ip_postroute_iptables_compat function in ...)
{DSA-1809-1 DSA-1800-1}
- linux-2.6 2.6.29-5
+ [squeeze] - linux-2.6 2.6.26-17
[etch] - linux-2.6 <not-affected> (Issue was introduced after 2.6.24
release)
- linux-2.6.24 <not-affected> (Issue was introduced after 2.6.24
release)
CVE-2009-1183 (The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9
and ...)
@@ -3592,6 +3602,7 @@
CVE-2009-1072 (nfsd in the Linux kernel before 2.6.28.9 does not drop the
CAP_MKNOD ...)
{DSA-1800-1}
- linux-2.6 2.6.29-1
+ [squeeze] - linux-2.6 2.6.26-17
[etch] - linux-2.6 <not-affected> (Issue was introduced after 2.6.24
release)
- linux-2.6.24 <not-affected> (Issue was introduced after 2.6.24
release)
CVE-2009-0934 (Cross-site scripting (XSS) vulnerability in ejabberd before
2.0.4 ...)
@@ -3660,6 +3671,7 @@
CVE-2009-1046 (The console selection feature in the Linux kernel 2.6.28 before
...)
{DSA-1800-1 DSA-1787-1}
- linux-2.6 2.6.29-1
+ [squeeze] - linux-2.6 2.6.26-17
- linux-2.6.24 <removed>
[etch] - linux-2.6 <not-affected> (Introduced in 2.6.23-rc1)
CVE-2009-1045 (requests/status.xml in VLC 0.9.8a allows remote attackers to
cause a ...)
@@ -4317,12 +4329,14 @@
CVE-2009-0835 (The __secure_computing function in kernel/seccomp.c in the
seccomp ...)
{DSA-1800-1}
- linux-2.6 <unfixed> (low)
+ [squeeze] - linux-2.6 2.6.26-17
[etch] - linux-2.6 <not-affected> (Not enabled in 2.6.18)
- linux-2.6.24 <unfixed> (unimportant)
NOTE: CONFIG_SECCOMP has only been enabled in 2.6.26
CVE-2009-0834 (The audit_syscall_entry function in the Linux kernel 2.6.28.7
and ...)
{DSA-1800-1 DSA-1794-1 DSA-1787-1}
- linux-2.6 <unfixed> (low)
+ [squeeze] - linux-2.6 2.6.26-17
- linux-2.6.24 <unfixed> (low)
CVE-2009-0833 (Heap-based buffer overflow in gen_msn.dll in the gen_msn plugin
0.31 ...)
NOT-FOR-US: Winamp