Secure testing commits - Feb 2010 - r13990 - data/CVE

Author: jmm-guest
Date: 2010-02-01 18:20:14 +0000 (Mon, 01 Feb 2010)
New Revision: 13990

Modified:
   data/CVE/list
Log:
kernel fixes


Modified: data/CVE/list
==================================================================---
data/CVE/list	2010-02-01 13:30:31 UTC (rev 13989)
+++ data/CVE/list	2010-02-01 18:20:14 UTC (rev 13990)
@@ -343,6 +343,7 @@
 	RESERVED
 CVE-2010-0291
 	RESERVED
+        - linux-2.6 2.6.32-6
 CVE-2010-0290 (Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4
before ...)
 	- bind9 <unfixed>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=554851#c7
@@ -912,14 +913,14 @@
 CVE-2010-0096
 	RESERVED
 CVE-2009-4538 (drivers/net/e1000e/netdev.c in the e1000e driver in the Linux
kernel ...)
-	- linux-2.6 <unfixed> (low; bug #564114)
+        - linux-2.6 2.6.32-6 (low; bug #564114)
 	- linux-2.6.24 <removed> (low)
 	NOTE: just like CVE-2009-4536 but was reported later
 CVE-2009-4537 (drivers/net/r8169.c in the r8169 driver in the Linux kernel
2.6.32.3 ...)
 	- linux-2.6 <unfixed> (medium; bug #564110)
 	- linux-2.6.24 <removed> (medium)
 CVE-2009-4536 (drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux
kernel ...)
-	- linux-2.6 <unfixed> (low; bug #564114)
+        - linux-2.6 2.6.32-6 (low; bug #564114)
 	- linux-2.6.24 <removed> (low)
 CVE-2009-4535 (Mongoose 2.8.0 and earlier allows remote attackers to obtain the
...)
 	NOT-FOR-US: Mongoose
@@ -1630,10 +1631,10 @@
 CVE-2010-0008
 	RESERVED
 CVE-2010-0007 (net/bridge/netfilter/ebtables.c in the ebtables module in the
...)
-	- linux-2.6 <unfixed>
+        - linux-2.6 2.6.32-6
 	- linux-2.6.24 <removed>
 CVE-2010-0006 (The ipv6_hop_jumbo function in net/ipv6/exthdrs.c in the Linux
kernel ...)
-	- linux-2.6 <unfixed>
+        - linux-2.6 2.6.32-6
 	[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in
2.6.28)
 	[etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.28)
 	- linux-2.6.24 <not-affected> (vulnerable code introduced in 2.6.28)
@@ -1646,7 +1647,7 @@
 	- viewvc <unfixed>
 	TODO: check
 CVE-2010-0003 (The print_fatal_signal function in kernel/signal.c in the Linux
kernel ...)
-	- linux-2.6 <unfixed>
+        - linux-2.6 2.6.32-6
 	- linux-2.6.24 <removed>
 CVE-2010-0002 (The /etc/profile.d/60alias.sh script in the Mandriva bash
package for ...)
 	- bash <not-affected> (mandriva-specific packaging issue)
@@ -2105,7 +2106,7 @@
 CVE-2009-4142 (The htmlspecialchars function in PHP before 5.2.12 does not
properly ...)
 	- php5 5.2.12.dfsg.1-1 (medium)
 CVE-2009-4141 (Use-after-free vulnerability in the fasync_helper function in
...)
-	- linux-2.6 <unfixed>
+        - linux-2.6 2.6.32-6
 	[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in
2.6.28)
 	[etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.28)
 	- linux-2.6.24 <not-affected> (vulnerable code introduced in 2.6.28)
@@ -2675,7 +2676,7 @@
 CVE-2009-3940 (Unspecified vulnerability in Guest Additions in Sun xVM
VirtualBox ...)
 	- virtualbox-guest-additions 3.0.10-1
 CVE-2009-3939 (The poll_mode_io file for the megaraid_sas driver in the Linux
kernel ...)
-	- linux-2.6 <unfixed> (low)
+        - linux-2.6 2.6.32-6 (low)
 	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
 	- linux-2.6.24 <removed> (low)
 CVE-2009-4004 (Buffer overflow in the kvm_vcpu_ioctl_x86_setup_mce function in
...)