Author: jmm Date: 2011-06-06 15:05:33 +0000 (Mon, 06 Jun 2011) New Revision: 16780 Modified: data/CVE/list Log: new kernel issues new nfs-utils and glibc issues NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2011-06-06 04:49:59 UTC (rev 16779) +++ data/CVE/list 2011-06-06 15:05:33 UTC (rev 16780) @@ -1,3 +1,10 @@ +CVE-2011-2184 [race condition in KSM] + - linux-2.6 <unfixed> + [lenny] - linux-2.6 <not-affected> (Introduced in 2.6.39) + [squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.39) +CVE-2011-2183 [race condition in KSM] + - linux-2.6 <unfixed> + [lenny] - linux-2.6 <not-affected> (Vulnerable code not present) CVE-2011-XXXX [login: tty hijacking possible in "su" via TIOCSTI ioctl] - shadow <unfixed> (bug #628843) NOTE: CVE requested http://www.openwall.com/lists/oss-security/2011/06/02/3 @@ -1139,7 +1146,9 @@ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=698906 CVE-2011-1749 [nfs-utils: mount.nfs fails to anticipate RLIMIT_FSIZE] RESERVED - TODO: check + - nfs-utils <unfixed> (low; bug #629420) + [squeeze] - nfs-utils <no-dsa> (Minor issue) + [lenny] - nfs-utils <no-dsa> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=697975 CVE-2011-1748 (The raw_release function in net/can/raw.c in the Linux kernel before ...) - linux-2.6 <unfixed> @@ -1192,9 +1201,9 @@ CVE-2011-1724 (Unspecified vulnerability in HP Virtual Server Environment before 6.3 ...) NOT-FOR-US: HP Virtual Server Environment CVE-2011-1723 (Cross-site scripting (XSS) vulnerability in ...) - TODO: check + NOT-FOR-US: WEC Discussion Forum CVE-2011-1722 (Multiple SQL injection vulnerabilities in WEC Discussion Forum ...) - TODO: check + NOT-FOR-US: WEC Discussion Forum CVE-2011-1721 (Cross-site request forgery (CSRF) vulnerability in ...) NOT-FOR-US: WebJaxe CVE-2011-1720 (The SMTP server in Postfix before 2.5.13, 2.6.x before 2.6.10, 2.7.x ...) @@ -1344,7 +1353,9 @@ CVE-2011-1660 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) NOT-FOR-US: GrapeCity Data Dynamics Reports CVE-2011-1659 (Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or ...) - TODO: check + - eglibc <unfixed> + - glibc <removed> + NOTE: http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=8126d90480fa CVE-2011-1658 (ld.so in the GNU C Library (aka glibc or libc6) 2.13 and earlier ...) TODO: check CVE-2011-1657 @@ -1720,7 +1731,6 @@ - dtc-xen <unfixed> (bug #611680) [squeeze] - dtc-xen <no-dsa> (minor issue) [lenny] - dtc-xen <no-dsa> (minor issue) - TODO: request CVE id NOTE: maintainer claims you shouldn''t grant access to the SOAP daemon to a user you do not trust. CVE-2011-1517 RESERVED