Author: joeyh
Date: 2010-02-23 09:14:25 +0000 (Tue, 23 Feb 2010)
New Revision: 14142
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2010-02-23 04:57:01 UTC (rev 14141)
+++ data/CVE/list 2010-02-23 09:14:25 UTC (rev 14142)
@@ -274,6 +274,7 @@
[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in
2.6.28)
- linux-2.6.24 <not-affected> (vulnerable code introduced in 2.6.28)
CVE-2010-0622 (The wake_futex_pi function in kernel/futex.c in the Linux kernel
...)
+ {DSA-2003-1}
- linux-2.6 <unfixed>
- linux-2.6.24 <removed>
CVE-2010-0564 (Buffer overflow in Trend Micro URL Filtering Engine (TMUFE) in
...)
@@ -672,7 +673,7 @@
CVE-2010-0416 (Buffer overflow in the Unescape function in
common/util/hxurl.cpp and ...)
TODO: check
CVE-2010-0415 (The do_pages_move function in mm/migrate.c in the Linux kernel
before ...)
- {DSA-1996-1}
+ {DSA-2003-1 DSA-1996-1}
- linux-2.6 2.6.32-8
- linux-2.6.24 <removed>
CVE-2010-0414 (gnome-screensaver before 2.28.2 allows physically proximate
attackers ...)
@@ -690,7 +691,7 @@
NOTE: http://sourceware.org/bugzilla/show_bug.cgi?id=11234 and RH
CVE-2010-0410 [kernel OOM via NETLINK_CONNECTOR]
RESERVED
- {DSA-1996-1}
+ {DSA-2003-1 DSA-1996-1}
- linux-2.6 2.6.32-8
- linux-2.6.24 <removed>
NOTE:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=f98bfbd78c37c5946cc53089da32a5f741efdeb7
@@ -1481,7 +1482,6 @@
RESERVED
CVE-2010-0160 [vulnerability in web workers]
RESERVED
- {DSA-1999-1}
- xulrunner 1.9.1.8-1
[etch] - xulrunner <not-affected> (web workers introduced in gecko
1.9.1)
[lenny] - xulrunner <not-affected> (web workers introduced in gecko
1.9.1)
@@ -1725,7 +1725,7 @@
- linux-2.6 <unfixed> (medium; bug #564110)
- linux-2.6.24 <removed> (medium)
CVE-2009-4536 (drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux
kernel ...)
- {DSA-1996-1}
+ {DSA-2003-1 DSA-1996-1}
- linux-2.6 2.6.32-6 (low; bug #564114)
- linux-2.6.24 <removed> (low)
CVE-2009-4535 (Mongoose 2.8.0 and earlier allows remote attackers to obtain the
...)
@@ -2436,7 +2436,7 @@
CVE-2010-0008
RESERVED
CVE-2010-0007 (net/bridge/netfilter/ebtables.c in the ebtables module in the
...)
- {DSA-1996-1}
+ {DSA-2003-1 DSA-1996-1}
- linux-2.6 2.6.32-6
- linux-2.6.24 <removed>
CVE-2010-0006 (The ipv6_hop_jumbo function in net/ipv6/exthdrs.c in the Linux
kernel ...)
@@ -3260,6 +3260,7 @@
NOTE: Only affects installations with trust anchors, but then the
NOTE: consequences are quite severe.
CVE-2009-4020 (Stack-based buffer overflow in the hfs subsystem in the Linux
kernel ...)
+ {DSA-2003-1}
- linux-2.6 2.6.32-3 (medium)
[lenny] - linux-2.6 2.6.26-21
- linux-2.6.24 <removed> (medium)
@@ -3314,6 +3315,7 @@
CVE-2009-4006 (Stack-based buffer overflow in the TEA decoding algorithm in
RhinoSoft ...)
NOT-FOR-US: Serv-U FTP server
CVE-2009-4005 (The collect_rx_frame function in drivers/isdn/hisax/hfc_usb.c in
the ...)
+ {DSA-2003-1}
- linux-2.6 2.6.32-1 (low)
[lenny] - linux-2.6 2.6.26-21
- linux-2.6.24 <removed> (low)
@@ -3439,11 +3441,13 @@
NOTE: workarounds include using 5.3.1 or php5-suhosin
NOTE: 4B068517.802 at acunetix.com on bugtraq explains it
CVE-2009-3080 (Array index error in the gdth_read_event function in ...)
+ {DSA-2003-1}
- linux-2.6 2.6.32-1 (medium)
[lenny] - linux-2.6 2.6.26-21
- linux-2.6.24 <removed> (medium)
NOTE:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=690e744869f3262855b83b4fb59199cf142765b0
CVE-2009-4021 (The fuse_direct_io function in fs/fuse/file.c in the fuse
subsystem in ...)
+ {DSA-2003-1}
- linux-2.6 2.6.32-1 (low)
[lenny] - linux-2.6 2.6.26-21
- linux-2.6.24 <removed> (low)
@@ -4130,6 +4134,7 @@
[lenny] - asterisk <no-dsa> (Minor issue)
[etch] - asterisk <end-of-life> (Etch Packages no longer covered by
security support)
CVE-2009-3726 (The nfs4_proc_lock function in fs/nfs/nfs4proc.c in the NFSv4
client ...)
+ {DSA-2003-1}
- linux-2.6 2.6.31-1 (medium)
[lenny] - linux-2.6 2.6.26-21
- linux-2.6.24 <removed> (medium)