Author: jmm-guest
Date: 2010-01-31 11:21:13 +0000 (Sun, 31 Jan 2010)
New Revision: 13980
Modified:
data/CVE/list
Log:
mod-apache-perl fixed
record kernel fixes from latest stable point update
add bugnums
Modified: data/CVE/list
==================================================================---
data/CVE/list 2010-01-31 09:14:41 UTC (rev 13979)
+++ data/CVE/list 2010-01-31 11:21:13 UTC (rev 13980)
@@ -1686,6 +1686,7 @@
CVE-2009-4308 (The ext4_decode_error function in fs/ext4/super.c in the ext4
...)
- linux-2.6 2.6.32-1 (medium)
[etch] - linux-2.6 <not-affected> (ext4 introduced in 2.6.19)
+ [lenny] - linux-2.6 2.6.26-21
- linux-2.6.24 <removed> (medium)
CVE-2009-4307 (The ext4_fill_flex_info function in fs/ext4/super.c in the Linux
...)
- linux-2.6 2.6.32-2 (low)
@@ -2113,6 +2114,7 @@
CVE-2009-4138 (drivers/firewire/ohci.c in the Linux kernel before 2.6.32-git9,
when ...)
- linux-2.6 2.6.32-3 (medium)
[etch] - linux-2.6 <not-affected> (ohci introduced in 2.6.22)
+ [lenny] - linux-2.6 2.6.26-21
- linux-2.6.24 <removed> (medium)
CVE-2009-4137 (The loadContentFromCookie function in core/Cookie.php in Piwik
before ...)
- piwik <itp> (bug #506933)
@@ -2385,6 +2387,7 @@
CVE-2009-4031 (The do_insn_fetch function in arch/x86/kvm/emulate.c in the x86
...)
{DSA-1962-1}
- linux-2.6 2.6.32-3 (low)
+ [lenny] - linux-2.6 2.6.26-21
[etch] - linux-2.6 <not-affected> (kvm introduced in 2.6.25)
- linux-2.6.24 <not-affected> (kvm introduced in 2.6.25)
- kvm <removed> (low; bug #562075)
@@ -2443,6 +2446,7 @@
NOTE: consequences are quite severe.
CVE-2009-4020 (Stack-based buffer overflow in the hfs subsystem in the Linux
kernel ...)
- linux-2.6 2.6.32-3 (medium)
+ [lenny] - linux-2.6 2.6.26-21
- linux-2.6.24 <removed> (medium)
CVE-2009-4019 (mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does
not ...)
- mysql-dfsg-5.1 5.1.41-1
@@ -2500,6 +2504,7 @@
NOT-FOR-US: Serv-U FTP server
CVE-2009-4005 (The collect_rx_frame function in drivers/isdn/hisax/hfc_usb.c in
the ...)
- linux-2.6 2.6.32-1 (low)
+ [lenny] - linux-2.6 2.6.26-21
- linux-2.6.24 <removed> (low)
CVE-2009-4003 (Multiple integer overflows in Adobe Shockwave Player before
11.5.6.606 ...)
NOT-FOR-US: Adobe Shockwave Player
@@ -2610,10 +2615,12 @@
NOTE: 4B068517.802 at acunetix.com on bugtraq explains it
CVE-2009-3080 (Array index error in the gdth_read_event function in ...)
- linux-2.6 2.6.32-1 (medium)
+ [lenny] - linux-2.6 2.6.26-21
- linux-2.6.24 <removed> (medium)
NOTE:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=690e744869f3262855b83b4fb59199cf142765b0
CVE-2009-4021 (The fuse_direct_io function in fs/fuse/file.c in the fuse
subsystem in ...)
- linux-2.6 2.6.32-1 (low)
+ [lenny] - linux-2.6 2.6.26-21
- linux-2.6.24 <removed> (low)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=538734
CVE-2009-3963 (Multiple unspecified vulnerabilities in XOOPS before 2.4.0 Final
have ...)
@@ -2796,6 +2803,7 @@
CVE-2009-3889 (The dbg_lvl file for the megaraid_sas driver in the Linux kernel
...)
- linux-2.6 2.6.27-1 (low)
[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
+ [lenny] - linux-2.6 2.6.26-21
- linux-2.6.24 <removed> (low)
CVE-2009-3888 (The do_mmap_pgoff function in mm/nommu.c in the Linux kernel
before ...)
- linux-2.6 <unfixed> (unimportant)
@@ -2803,7 +2811,7 @@
NOTE: All Debian kernels have MMU support enabled
CVE-2009-3887 [ytnef path traversal]
RESERVED
- - ytnef <unfixed> (bug filed)
+ - ytnef <unfixed> (bug #567631)
[lenny] - ytnef <no-dsa> (Minor issue)
NOTE: http://www.ocert.org/advisories/ocert-2009-013.html
NOTE: This doesn''t affect Evolution, the TNEF plugin is external
@@ -3305,6 +3313,7 @@
[etch] - asterisk <no-dsa> (Minor issue)
CVE-2009-3726 (The nfs4_proc_lock function in fs/nfs/nfs4proc.c in the NFSv4
client ...)
- linux-2.6 2.6.31-1 (medium)
+ [lenny] - linux-2.6 2.6.26-21
- linux-2.6.24 <removed> (medium)
CVE-2009-3725 (The connector layer in the Linux kernel before 2.6.31.5 does not
...)
- linux-2.6 2.6.31-1 (medium)
@@ -3329,7 +3338,7 @@
NOTE: http://git.kernel.org/linus/0a79b009525b160081d75cef5dbf45817956acf2
CVE-2009-3721 [ytnef buffer overflow]
RESERVED
- - ytnef <unfixed> (bug filed)
+ - ytnef <unfixed> (bug #567631)
[lenny] - ytnef <no-dsa> (Minor issue)
NOTE: http://www.ocert.org/advisories/ocert-2009-013.html
NOTE: This doesn''t affect Evolution, the TNEF plugin is external
@@ -4538,7 +4547,7 @@
NOTE: http://mahara.org/interaction/forum/topic.php?id=1169
CVE-2009-3297 [mount race conditions]
RESERVED
- - fuse <unfixed> (bug filed)
+ - fuse <unfixed> (bug #567633)
- samba <unfixed> (bug #567554)
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=6853
CVE-2009-3296 (Multiple integer overflows in tiffread.c in CamlImages 2.2 might
allow ...)
@@ -6943,6 +6952,7 @@
- linux-2.6.24 <removed>
CVE-2009-2691 (The mm_for_maps function in fs/proc/base.c in the Linux kernel
...)
- linux-2.6 2.6.30-7 (low)
+ [lenny] - linux-2.6 2.6.26-21
- linux-2.6.24 <removed>
CVE-2009-2690 (The encoder in Sun Java SE 6 before Update 15, and OpenJDK,
grants ...)
- sun-java6 6-15-1
@@ -12972,7 +12982,7 @@
CVE-2009-0797
RESERVED
CVE-2009-0796 (Cross-site scripting (XSS) vulnerability in Status.pm in ...)
- - libapache2-mod-perl2 <unfixed> (low; bug filed)
+ - libapache2-mod-perl2 2.0.4-6 (low; bug #567635)
[lenny] - libapache2-mod-perl2 <no-dsa> (Minor issue)
- apache <removed>
[etch] - apache <no-dsa> (minor issue)