Author: joeyh
Date: 2009-11-06 09:14:39 +0000 (Fri, 06 Nov 2009)
New Revision: 13221
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-11-06 00:54:30 UTC (rev 13220)
+++ data/CVE/list 2009-11-06 09:14:39 UTC (rev 13221)
@@ -615,11 +615,11 @@
[etch] - wordpress <no-dsa> (Minor issue)
NOTE: http://seclists.org/fulldisclosure/2009/Oct/263
CVE-2009-3621 (net/unix/af_unix.c in the Linux kernel 2.6.31.4 and earlier
allows ...)
- {DSA-1927-1}
+ {DSA-1929-1 DSA-1928-1 DSA-1927-1}
- linux-2.6 <unfixed> (low)
- linux-2.6.24 <removed> (low)
CVE-2009-3620 (The ATI Rage 128 (aka r128) driver in the Linux kernel before
...)
- {DSA-1927-1}
+ {DSA-1928-1 DSA-1927-1}
- linux-2.6 <unfixed> (medium)
- linux-2.6.24 <removed> (medium)
CVE-2009-3619
@@ -643,12 +643,12 @@
[lenny] - liboping <not-affected> (doesn''t have -f option yet)
[etch] - liboping <not-affected> (doesn''t have -f option yet)
CVE-2009-3613 (The swiotlb functionality in the r8169 driver in
drivers/net/r8169.c ...)
- {DSA-1915-1}
+ {DSA-1928-1 DSA-1915-1}
- linux-2.6 2.6.29-1 (medium)
- linux-2.6.24 <removed>
NOTE: http://www.openwall.com/lists/oss-security/2009/10/15/4
CVE-2009-3612 (The tcf_fill_node function in net/sched/cls_api.c in the netlink
...)
- {DSA-1927-1}
+ {DSA-1929-1 DSA-1928-1 DSA-1927-1}
- linux-2.6 <unfixed> (low)
- linux-2.6.24 <removed> (low)
NOTE: fixed in 2.6.32-rc5
@@ -817,7 +817,7 @@
CVE-2009-3548
RESERVED
CVE-2009-3547 (Multiple race conditions in fs/pipe.c in the Linux kernel before
...)
- {DSA-1927-1}
+ {DSA-1929-1 DSA-1928-1 DSA-1927-1}
- linux-2.6 <unfixed> (high)
- linux-2.6.24 <removed> (high)
NOTE: being exploited in the wild
@@ -1503,7 +1503,7 @@
[lenny] - linux-2.6 <not-affected> (introduced in 2.6.28)
- linux-2.6.24 <not-affected> (introduced in 2.6.28)
CVE-2009-3286 (NFSv4 in the Linux kernel 2.6.18, and possibly other versions,
does ...)
- {DSA-1915-1}
+ {DSA-1929-1 DSA-1928-1 DSA-1915-1}
- linux-2.6 2.6.30-1 (low)
- linux-2.6.24 <removed>
CVE-2009-3270 (Microsoft Internet Explorer 7 through 7.0.6000.16711 allows
remote ...)
@@ -1585,7 +1585,7 @@
- openoffice.org <not-affected>
NOTE: SUSE says that it is not a dup of CVE-2009-2139 and CVE-2009-2140...
CVE-2009-3238 (The get_random_int function in drivers/char/random.c in the
Linux ...)
- {DSA-1927-1}
+ {DSA-1929-1 DSA-1928-1 DSA-1927-1}
- linux-2.6 2.6.30-1 (low)
- linux-2.6.24 <removed> (low)
CVE-2009-3237 (Multiple cross-site scripting (XSS) vulnerabilities in Horde
...)
@@ -1597,7 +1597,7 @@
- dovecot 1:1.2.1-1 (medium; bug #546656)
NOTE: This is a different vulnerability than CVE-2009-2632, it covers a few
additional buffer overflows
CVE-2009-3228 (The tc_fill_tclass function in net/sched/sch_api.c in the tc
subsystem ...)
- {DSA-1927-1}
+ {DSA-1929-1 DSA-1928-1 DSA-1927-1}
- linux-2.6 2.6.31-1 (low)
- linux-2.6.24 <removed> (low)
CVE-2005-4881 (The netlink subsystem in the Linux kernel 2.4.x before 2.4.37.6
and ...)
@@ -2404,12 +2404,12 @@
CVE-2009-3003 (Microsoft Internet Explorer 6 through 8 allows remote attackers
to ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-3002 (The Linux kernel before 2.6.31-rc7 does not initialize certain
data ...)
- {DSA-1915-1}
+ {DSA-1929-1 DSA-1928-1 DSA-1915-1}
- linux-2.6 2.6.30-7 (low)
- linux-2.6.24 <removed>
NOTE: minor info leaks
CVE-2009-3001 (The llc_ui_getname function in net/llc/af_llc.c in the Linux
kernel ...)
- {DSA-1915-1}
+ {DSA-1929-1 DSA-1928-1 DSA-1915-1}
- linux-2.6 2.6.30-7 (low)
- linux-2.6.24 <removed>
NOTE: minor info leak
@@ -2874,15 +2874,15 @@
- systemtap 1.0-2 (bug #551918)
[lenny] - systemtap <not-affected> (Affected functionality only added in
1.0)
CVE-2009-2910 (arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.31.4 on
the ...)
- {DSA-1915-1}
+ {DSA-1928-1 DSA-1915-1}
- linux-2.6 2.6.31-1 (medium)
- linux-2.6.24 <unfixed> (medium)
CVE-2009-2909 (Integer signedness error in the ax25_setsockopt function in ...)
- {DSA-1915-1}
+ {DSA-1929-1 DSA-1928-1 DSA-1915-1}
- linux-2.6 2.6.31-1 (medium)
- linux-2.6.24 <removed> (medium)
CVE-2009-2908 (The d_delete function in fs/ecryptfs/inode.c in eCryptfs in the
Linux ...)
- {DSA-1915-1}
+ {DSA-1928-1 DSA-1915-1}
- linux-2.6 2.6.31-1 (medium)
[etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.19)
- linux-2.6.24 <removed> (medium)
@@ -2897,7 +2897,7 @@
CVE-2009-2904 (A certain Red Hat modification to the ChrootDirectory feature in
...)
- openssh <not-affected> (issue with homechroot patch specific to Red
Hat)
CVE-2009-2903 (Memory leak in the appletalk subsystem in the Linux kernel 2.4.x
...)
- {DSA-1915-1}
+ {DSA-1928-1 DSA-1915-1}
- linux-2.6 2.6.31-1 (low)
- linux-2.6.24 <removed> (low)
CVE-2009-2902
@@ -3046,22 +3046,22 @@
CVE-2008-7004 (Buffer overflow in Electronic Logbook (ELOG) before 2.7.1 has
unknown ...)
NOT-FOR-US: Electronic Logbook
CVE-2009-2849 (The md driver (drivers/md/md.c) in the Linux kernel before
2.6.30.2 ...)
- {DSA-1872-1}
+ {DSA-1928-1 DSA-1872-1}
- linux-2.6 2.6.30-4 (medium)
- linux-2.6.24 <removed>
[lenny] - linux-2.6 2.6.26-19 (medium)
CVE-2009-2848 (The execve function in the Linux kernel, possibly 2.6.30-rc6 and
...)
- {DSA-1872-1}
+ {DSA-1928-1 DSA-1872-1}
- linux-2.6 2.6.31-1 (low)
- linux-2.6.24 <removed>
[lenny] - linux-2.6 2.6.26-19 (low)
CVE-2009-2847 (The do_sigaltstack function in kernel/signal.c in Linux kernel
2.4 ...)
- {DSA-1872-1}
+ {DSA-1928-1 DSA-1872-1}
- linux-2.6 2.6.30-6 (low)
- linux-2.6.24 <removed>
[lenny] - linux-2.6 2.6.26-19 (low)
CVE-2009-2846 (The eisa_eeprom_read function in the parisc isa-eeprom component
...)
- {DSA-1872-1}
+ {DSA-1928-1 DSA-1872-1}
- linux-2.6 2.6.30-6 (low)
- linux-2.6.24 <removed>
[lenny] - linux-2.6 2.6.26-19 (low)
@@ -5976,6 +5976,7 @@
- libcompress-raw-bzip2-perl 2.018-1 (medium; bug #542777)
[lenny] - libcompress-raw-bzip2-perl 2.011-2lenny1
CVE-2009-1883 (The z90crypt_unlocked_ioctl function in the z90crypt driver in
the ...)
+ {DSA-1929-1}
- linux-2.6 2.6.19-1 (unimportant)
- linux-2.6.24 <not-affected> (problem was fixed before first upload,
2.6.19)
NOTE: See Solar Designer''s posting to oss-security