Secure testing commits - Feb 2011 - r16028 - data/CVE

Author: gilbert-guest
Date: 2011-02-02 04:09:44 +0000 (Wed, 02 Feb 2011)
New Revision: 16028

Modified:
   data/CVE/list
Log:
kernel-sec sync

Modified: data/CVE/list
==================================================================---
data/CVE/list	2011-02-01 23:23:03 UTC (rev 16027)
+++ data/CVE/list	2011-02-02 04:09:44 UTC (rev 16028)
@@ -1995,7 +1995,7 @@
 	[lenny] - pidgin <not-affected> (Vulnerable code not present)
 CVE-2010-4527 (The load_mixer_volumes function in sound/oss/soundcard.c in the
OSS ...)
 	{DSA-2153-1}
-	- linux-2.6 <unfixed>
+	- linux-2.6 2.6.32-30
 CVE-2010-4526 (Race condition in the sctp_icmp_proto_unreachable function in
...)
 	{DSA-2153-1}
 	- linux-2.6 2.6.32-30
@@ -2773,7 +2773,7 @@
 	NOTE: http://core.trac.wordpress.org/changeset/16625
 	- wordpress 3.0.2-1 (bug #605603)
 CVE-2010-4256 (The pipe_fcntl function in fs/pipe.c in the Linux kernel before
2.6.37 ...)
-	- linux-2.6 <unfixed>
+	- linux-2.6 <not-affected> (introduced in 2.6.35; fixed in 2.6.37)
 CVE-2010-4255 (The fixup_page_fault function in arch/x86/traps.c in Xen 4.0.1
and ...)
 	- xen 4.0.1-2 (bug #609531)
 CVE-2010-4254 (Mono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10
is ...)
@@ -2786,7 +2786,7 @@
 	NOTE: http://www.openssl.org/news/secadv_20101202.txt
 CVE-2010-4251
 	RESERVED
-	- linux-2.6 <unfixed>
+	- linux-2.6 <not-affected> (introduced after 2.6.32; fixed in 2.6.37)
 CVE-2010-4250 [linux inotify memory leak]
 	RESERVED
 	- linux-2.6 <unfixed>
@@ -2797,7 +2797,7 @@
 	{DSA-2153-1}
 	- linux-2.6 2.6.32-29 
 CVE-2010-4247 (The do_block_io_op function in (1) drivers/xen/blkback/blkback.c
and ...)
-	- linux-2.6 <unfixed>
+	- linux-2.6 <not-affected> (changes included since introduction of dom0
support)
 CVE-2010-4246 (Multiple cross-site scripting (XSS) vulnerabilities in graph.php
in ...)
 	NOT-FOR-US: pfSense
 CVE-2010-4245
@@ -3051,7 +3051,7 @@
 CVE-2010-4203 (WebM libvpx (aka the VP8 Codec SDK) before 0.9.5, as used in
Google ...)
 	- libvpx 0.9.1-2 (bug #602693)
 CVE-2010-4160 (Multiple integer overflows in the (1) pppol2tp_sendmsg function
in ...)
-	- linux-2.6 <unfixed> (low)
+	- linux-2.6 2.6.32-27 (low)
 CVE-2010-4158 (The sk_run_filter function in net/core/filter.c in the Linux
kernel ...)
 	{DSA-2153-1}
 	- linux-2.6 2.6.32-29 (low)
@@ -3703,7 +3703,7 @@
 	- linux-2.6 2.6.32-30 (low)
 CVE-2010-3874 (Heap-based buffer overflow in the bcm_connect function in ...)
 	{DSA-2126-1}
-	- linux-2.6 <unfixed> (unimportant)
+	- linux-2.6 2.6.32-29 (low)
 CVE-2010-3873 (The X.25 implementation in the Linux kernel before 2.6.36.2 does
not ...)
 	{DSA-2126-1}
 	- linux-2.6 2.6.32-28 (low)