[Secure-testing-commits] r3021 - data/CVE

Moritz Muehlenhoff jmm-guest at costa.debian.org
Mon Dec 12 23:42:19 UTC 2005 

Author: jmm-guest
Date: 2005-12-12 23:42:15 +0000 (Mon, 12 Dec 2005)
New Revision: 3021

Modified:
   data/CVE/list
Log:
more kernel and syntax updates


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2005-12-12 23:18:07 UTC (rev 3020)
+++ data/CVE/list	2005-12-12 23:42:15 UTC (rev 3021)
@@ -14682,27 +14682,23 @@
 CVE-2004-1338 (The triggers in Oracle 9i and 10g allow local users to gain privileges ...)
 	NOT-FOR-US: oracle
 CVE-2004-1337 (The POSIX Capability Linux Security Module (LSM) for Linux kernel 2.6 ...)
-	- kernel-source-2.6.8 2.6.8-14
-	- kernel-source-2.6.9 2.6.9-6
-	- kernel-source-2.6.10 2.6.10-1
+	- linux-2.6 <not-affected> (Fixed before upload into archive)
+	[sarge] - kernel-source-2.6.8 2.6.8-14
+	TODO: Check, when this was fixed
 CVE-2004-1336 (The xdvizilla script in tetex-bin 2.0.2 creates temporary files with ...)
 	- tetex-bin 2.0.2-25
 CVE-2004-1335 (Memory leak in the ip_options_get function in the Linux kernel before ...)
-	NOTE: Fixed in upstream 2.6.10
-	- kernel-source-2.6.8 2.6.8-11
-	- kernel-source-2.6.9 2.6.9-4
+	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.10)
+	[sarge] - kernel-source-2.6.8 2.6.8-11
 	- kernel-source-2.4.27 2.4.27-9
 CVE-2004-1334 (Integer overflow in the ip_options_get function in the Linux kernel ...)
-	NOTE: apparantly 2.6 only
-	NOTE: Fixed in upstream 2.6.10
-	- kernel-source-2.6.8 2.6.8-11
-	- kernel-source-2.6.9 2.6.9-4
+	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.10)
+	[sarge] - kernel-source-2.6.8 2.6.8-11
+	- kernel-source-2.4.27 <not-affected>
 CVE-2004-1333 (Integer overflow in the vc_resize function in the Linux kernel 2.4 and ...)
-	NOTE: Fixed in upstream 2.6.10
-	- kernel-source-2.6.8 2.6.8-11
-	- kernel-source-2.6.9 2.6.9-4
+	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.10)
+	[sarge] - kernel-source-2.6.8 2.6.8-11
 	- kernel-source-2.4.27 2.4.27-9
-	NOTE: will be fixed in 2.4.27-9
 CVE-2004-1332 (Stack-based buffer overflow in the FTP daemon in HP-UX 11.11i, with ...)
 	NOT-FOR-US: hpux
 CVE-2004-1331 (The execCommand method in Microsoft Internet Explorer 6.0 SP2 allows ...)
@@ -14735,7 +14731,7 @@
 	{DSA-627-1}
 	- namazu2 2.0.14-1
 CVE-2004-1317 (Stack-based buffer overflow in doexec.c in Netcat for Windows 1.1, ...)
-	NOTE: apparently only affects netcat in windows
+	- netcat <not-affected> (only affects netcat in Windows)
 CVE-2004-1316 (Heap-based buffer overflow in MSG_UnEscapeSearchUrl in ...)
 	- mozilla 2:1.7.5-1 (bug #288047)
 CVE-2004-1315 (viewtopic.php in phpBB 2.x before 2.0.11 improperly URL decodes the ...)
@@ -14747,11 +14743,11 @@
 CVE-2004-1312 (A bug in the HTML parser in a certain Microsoft HTML library, as used ...)
 	NOT-FOR-US: Microsoft
 CVE-2004-1311 (Integer overflow in the real_setup_and_get_header function in real.c ...)
-	NOT-FOR-US: mplayer
+	- mplayer <itp>
 CVE-2004-1310 (Stack-based buffer overflow in the asf_mmst_streaming.c functionality ...)
-	NOT-FOR-US: mplayer
+	- mplayer <itp>
 CVE-2004-1309 (Heap-based buffer overflow in the demux_open_bmp function in ...)
-	NOT-FOR-US: mplayer
+	- mplayer <itp>
 CVE-2004-1308 (Integer overflow in (1) tif_dirread.c and (2) tif_fax3.c for libtiff ...)
 	{DSA-617-1}
 	- tiff 3.6.1-4
@@ -14781,8 +14777,7 @@
 CVE-2004-1296 (The (1) eqn2graph and (2) pic2graph scripts in groff 1.18.1 allow ...)
 	- groff 1.18.1.1-5
 CVE-2004-1295 (The slip_down function in slip.c for the uml_net program in ...)
-	NOTE: uml_net is only executable by users in group uml-net in Debian
-	NOTE: uml-utilities-20040406 does not seem to be vulnerable, tried exploit
+	- uml-utilities <not-affected> (uml_net is only executable by users in group uml-net)
 CVE-2004-1294 (The mget function in cmds.c for tnftp 20030825 allows remote FTP ...)
 	- tnftp <unfixed> (bug #285902; medium)
 CVE-2004-1293 (Buffer overflow in the ReadFontTbl function in reader.c for ...)
@@ -14806,7 +14801,6 @@
 CVE-2004-1285 (Buffer overflow in the get_header function in asf_mmst_streaming.c for ...)
 	NOT-FOR-US: mplayer
 CVE-2004-1284 (Buffer overflow in the find_next_file function in playlist.c for ...)
-	NOTE: non-free
 	NOTE: Previous fix 0.59r-18 introduced new integer overflows and caused regressions
 	- mpg123 0.59r-20 (bug #287043)
 CVE-2004-1283 (Buffer overflow in the Mesh::type method in mesh.c for the mview ...)
@@ -14906,14 +14900,15 @@
 CVE-2004-1238
 	REJECTED
 CVE-2004-1237 (Unknown vulnerability in the system call filtering code in the audit ...)
-	NOTE: apparently redhat specific
+	- linux-2.6 <not-affected> (Apparently Red Hat specific)
 CVE-2004-1236 (Buffer overflow in the LDAP component for Netscape Directory Server ...)
 	NOT-FOR-US: Netscape Directory Server on HP-UX
 CVE-2004-1235 (Race condition in the (1) load_elf_library and (2) binfmt_aout ...)
-	- linux-2.6 2.6.12-1 (bug #289202; high)
+	- linux-2.6 <not-affected> (Fixed before upload into archive)
+	TODO: Check, when this was fixed
 	- kernel-source-2.4.27 2.4.27-8 (bug #289202; bug #289708; bug #291053; high)
 CVE-2004-1234 (load_elf_binary in Linux before 2.4.26 allows local users to cause a ...)
-	NOTE: fixed after 2.4.25
+	- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.26)
 CVE-2004-1233 (Integer overflow in Gadu-Gadu allows remote attackers to cause a ...)
 	NOT-FOR-US: Gadu-Gadu
 CVE-2004-1232 (Stack-based buffer overflow in the code that sends images in Gadu-Gadu ...)

More information about the Secure-testing-commits mailing list