Author: kees Date: 2009-10-22 23:55:28 +0000 (Thu, 22 Oct 2009) New Revision: 13071 Modified: data/CVE/list Log: NFUs: 1, unfixed: libgd2 Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-10-22 22:09:28 UTC (rev 13070) +++ data/CVE/list 2009-10-22 23:55:28 UTC (rev 13071) @@ -420,6 +420,7 @@ CVE-2009-3547 RESERVED CVE-2009-3546 (The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.0, and the ...) + - libgd2 <unfixed> (medium) - php5 <not-affected> (the php packages use the system libgd2) NOTE: http://svn.php.net/viewvc?view=revision&revision=289557 NOTE: <20091015173822.084de220 at redhat.com> in OSS-sec @@ -428,7 +429,7 @@ CVE-2009-3544 (Xerver HTTP Server 4.32 allows remote attackers to obtain the source ...) NOT-FOR-US: Xerver HTTP Server CVE-2009-3527 (Race condition in the Pipe (IPC) close function in FreeBSD 6.3 and 6.4 ...) - TODO: check + NOT-FOR-US: FreeBSD (kernel kqueue) CVE-2009-3526 RESERVED CVE-2009-XXXX [php5''s pear is vulnerable to symlink attacks]
Michael Gilbert
2009-Oct-23 03:08 UTC
[Secure-testing-team] [Secure-testing-commits] r13071 - data/CVE
On Thu, 22 Oct 2009 23:55:29 +0000 Kees Cook wrote:> CVE-2009-3527 (Race condition in the Pipe (IPC) close function in FreeBSD 6.3 and 6.4 ...) > - TODO: check > + NOT-FOR-US: FreeBSD (kernel kqueue)debian does have freebsd kernels. are you sure that they are not affected? mike
Kees Cook
2009-Oct-23 03:14 UTC
[Secure-testing-team] [Secure-testing-commits] r13071 - data/CVE
Hi Michael, On Thu, Oct 22, 2009 at 11:08:57PM -0400, Michael Gilbert wrote:> On Thu, 22 Oct 2009 23:55:29 +0000 Kees Cook wrote: > > CVE-2009-3527 (Race condition in the Pipe (IPC) close function in FreeBSD 6.3 and 6.4 ...) > > - TODO: check > > + NOT-FOR-US: FreeBSD (kernel kqueue) > > debian does have freebsd kernels. are you sure that they are not > affected?Argh! I keep forgetting about that. Apologies, I''ve reverted that change. -Kees -- Kees Cook @outflux.net