Author: gilbert-guest
Date: 2009-07-06 16:16:42 +0000 (Mon, 06 Jul 2009)
New Revision: 12294
Modified:
data/CVE/list
Log:
some more updates from kernel-sec tracker and DSA-1816 tagged
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-07-06 13:42:35 UTC (rev 12293)
+++ data/CVE/list 2009-07-06 16:16:42 UTC (rev 12294)
@@ -4,6 +4,7 @@
NOTE: vulnerable code not present, introduced in 2.3.x
NOTE: to be fixed in upstream version 2.3.3
CVE-2009-XXXX [php: segfaults on corrupted jpeg files]
+ {DSA-1816-1}
- php5 <unfixed> (low; bug #535888)
- php4 <unfixed> (low; bug #535897)
TODO: check 5.3.0-1, fix may already be applied
@@ -79,7 +80,7 @@
CVE-2009-2289 (Cross-site scripting (XSS) vulnerability in index.php in Arcade
Trade ...)
NOT-FOR-US: Arcade Trade Script
CVE-2009-2287 (The kvm_arch_vcpu_ioctl_set_sregs function in the KVM in Linux
kernel ...)
- - linux-2.6 <unfixed> (low)
+ - linux-2.6 2.6.30-2 (low)
- linux-2.6.24 <removed>
NOTE: upstream 2.6.30 does not contain the patch for this issue
TODO: check 2.6.31 when it is released
@@ -875,7 +876,7 @@
NOTE: These issues can be fixed in more recent upstream versions, but the risk
NOTE: of regression doesn''t outweigh the issue at hand
CVE-2009-1961 (The inode double locking code in fs/ocfs2/file.c in the Linux
kernel ...)
- - linux-2.6 <unfixed> (low)
+ - linux-2.6 2.6.30-1 (low)
[etch] - linux-2.6 <not-affected> (Affected code was introduced in
2.6.19)
- linux-2.6.24 <removed>
CVE-2009-1959 (Off-by-one error in the event_wallops function in ...)