Author: gilbert-guest Date: 2009-10-28 21:58:33 +0000 (Wed, 28 Oct 2009) New Revision: 13126 Modified: data/CVE/list Log: kernel-sec was unable to find any info about cve-2004-1191 - assuming that previous tracking is correct, this was fixed in the sarge kernel - thus assuming that at some point in that timeframe, fixes were pushed upstream Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-10-28 21:22:32 UTC (rev 13125) +++ data/CVE/list 2009-10-28 21:58:33 UTC (rev 13126) @@ -76977,8 +76977,9 @@ CVE-2004-1191 (Race condition in SuSE Linux 8.1 through 9.2, when run on SMP systems ...) NOTE: turned out that kernel-source-2.6.8 2.6.8-14 was incompletly fixed [sarge] - kernel-source-2.6.8 2.6.8-16 - TODO: check linux-2.6 - kernel-source-2.4.27 2.4.27-6 + - linux-2.6 <not-affected> (fixed before initial upload) + - linux-2.6.24 <not-affected> (fixed before initial upload) CVE-2004-1190 (SUSE Linux before 9.1 and SUSE Linux Enterprise Server before 9 do not ...) NOTE: Response from Suse people reveals that http://linux.bkbits.net:8080/linux-2.6/hist/drivers/block/scsi_ioctl.c NOTE: has a misleading entry titled "Fix exploitable hole"