Author: jmm-guest
Date: 2009-08-05 19:17:53 +0000 (Wed, 05 Aug 2009)
New Revision: 12488
Modified:
data/CVE/list
Log:
- new minor DoS issue, maintainer has been notified about spu
- adapt flash entry to the tracking we applied so far
- mark 2.6.24 as also not-affected
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-08-05 13:18:57 UTC (rev 12487)
+++ data/CVE/list 2009-08-05 19:17:53 UTC (rev 12488)
@@ -64,7 +64,7 @@
CVE-2009-2650 (Heap-based buffer overflow in Sorcerer Software MultiMedia
Jukebox 4.0 ...)
NOT-FOR-US: Sorcerer Software MultiMedia Jukebox
CVE-2009-2649 (The IATA (ata) driver in FreeBSD 6.0 and 8.0, when read access
to /dev ...)
- NOT-FOR-US: FreeBSD
+ TODO: Check, this might affect KFreeBSD
CVE-2009-2648 (FlashDen Guestbook allows remote attackers to obtain
configuration ...)
NOT-FOR-US: FlashDen Guestbook
CVE-2009-2647 (Unspecified vulnerability in Kaspersky Anti-Virus 2010 and
Kaspersky ...)
@@ -93,6 +93,10 @@
NOTE: CVE id request on oss-sec
CVE-2009-2643 (Multiple unspecified vulnerabilities in the PDF distiller in the
...)
NOT-FOR-US: BlackBerry Products
+CVE-2009-XXXX [ser2net DoS]
+ - set2net <unfixed> (low; bug #535159)
+ [etch] - ser2net <no-dsa> (Minor issue)
+ [lenny] - ser2net <no-dsa> (Minor issue)
CVE-2009-2642 (index.php in Desi Short URL Script 1.0 allows remote attackers
to ...)
NOT-FOR-US: Desi Short URL
CVE-2009-2641 (PHP remote file inclusion vulnerability in ...)
@@ -702,11 +706,13 @@
{DSA-1845-1 DSA-1844-1}
- linux-2.6 2.6.30-5 (medium)
[etch] - linux-2.6 <not-affected> (ecryptfs code introduced after
2.6.18)
+ [etch] - linux-2.6 <not-affected> (ecryptfs not yet present)
- linux-2.6.24 <removed>
CVE-2009-2406 (Stack-based buffer overflow in the parse_tag_11_packet function
in ...)
{DSA-1845-1 DSA-1844-1}
- linux-2.6 2.6.30-5 (medium)
[etch] - linux-2.6 <not-affected> (ecryptfs code introduced after
2.6.18)
+ [etch] - linux-2.6 <not-affected> (ecryptfs not yet present)
- linux-2.6.24 <removed>
CVE-2009-2405
RESERVED
@@ -2098,7 +2104,7 @@
CVE-2009-1863 (Unspecified vulnerability in Adobe Flash Player before 9.0.246.0
and ...)
TODO: check
CVE-2009-1862 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x
through ...)
- - flashplugin-nonfree <unfixed> (bug #538240)
+ NOT-FOR-US: Adobe Flash Player
CVE-2009-1861 (Multiple heap-based buffer overflows in Adobe Reader 7 and
Acrobat 7 ...)
NOT-FOR-US: Adobe Reader
CVE-2009-1860 (Unspecified vulnerability in Adobe Shockwave Player before
11.5.0.600 ...)
@@ -3427,7 +3433,7 @@
NOTE: potential for kernel memory corruption by remote attacker
CVE-2009-1388 (The ptrace_start function in kernel/ptrace.c in the Linux kernel
...)
- linux-2.6 <not-affected> (problem in redhat-specific kernel patches)
- - linux-2.6.24 <removed>
+ - linux-2.6.24 <not-affected> (problem in redhat-specific kernel
patches)
NOTE: i can''t find the ptrace_start() code in any of the debian
kernels,
NOTE: so my best guess is that this is a problem in a redhat-specific patch
NOTE: see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-1388