[Secure-testing-commits] r3021 - data/CVE
Moritz Muehlenhoff
jmm-guest at costa.debian.org
Mon Dec 12 23:42:19 UTC 2005
Author: jmm-guest
Date: 2005-12-12 23:42:15 +0000 (Mon, 12 Dec 2005)
New Revision: 3021
Modified:
data/CVE/list
Log:
more kernel and syntax updates
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2005-12-12 23:18:07 UTC (rev 3020)
+++ data/CVE/list 2005-12-12 23:42:15 UTC (rev 3021)
@@ -14682,27 +14682,23 @@
CVE-2004-1338 (The triggers in Oracle 9i and 10g allow local users to gain privileges ...)
NOT-FOR-US: oracle
CVE-2004-1337 (The POSIX Capability Linux Security Module (LSM) for Linux kernel 2.6 ...)
- - kernel-source-2.6.8 2.6.8-14
- - kernel-source-2.6.9 2.6.9-6
- - kernel-source-2.6.10 2.6.10-1
+ - linux-2.6 <not-affected> (Fixed before upload into archive)
+ [sarge] - kernel-source-2.6.8 2.6.8-14
+ TODO: Check, when this was fixed
CVE-2004-1336 (The xdvizilla script in tetex-bin 2.0.2 creates temporary files with ...)
- tetex-bin 2.0.2-25
CVE-2004-1335 (Memory leak in the ip_options_get function in the Linux kernel before ...)
- NOTE: Fixed in upstream 2.6.10
- - kernel-source-2.6.8 2.6.8-11
- - kernel-source-2.6.9 2.6.9-4
+ - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.10)
+ [sarge] - kernel-source-2.6.8 2.6.8-11
- kernel-source-2.4.27 2.4.27-9
CVE-2004-1334 (Integer overflow in the ip_options_get function in the Linux kernel ...)
- NOTE: apparantly 2.6 only
- NOTE: Fixed in upstream 2.6.10
- - kernel-source-2.6.8 2.6.8-11
- - kernel-source-2.6.9 2.6.9-4
+ - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.10)
+ [sarge] - kernel-source-2.6.8 2.6.8-11
+ - kernel-source-2.4.27 <not-affected>
CVE-2004-1333 (Integer overflow in the vc_resize function in the Linux kernel 2.4 and ...)
- NOTE: Fixed in upstream 2.6.10
- - kernel-source-2.6.8 2.6.8-11
- - kernel-source-2.6.9 2.6.9-4
+ - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.10)
+ [sarge] - kernel-source-2.6.8 2.6.8-11
- kernel-source-2.4.27 2.4.27-9
- NOTE: will be fixed in 2.4.27-9
CVE-2004-1332 (Stack-based buffer overflow in the FTP daemon in HP-UX 11.11i, with ...)
NOT-FOR-US: hpux
CVE-2004-1331 (The execCommand method in Microsoft Internet Explorer 6.0 SP2 allows ...)
@@ -14735,7 +14731,7 @@
{DSA-627-1}
- namazu2 2.0.14-1
CVE-2004-1317 (Stack-based buffer overflow in doexec.c in Netcat for Windows 1.1, ...)
- NOTE: apparently only affects netcat in windows
+ - netcat <not-affected> (only affects netcat in Windows)
CVE-2004-1316 (Heap-based buffer overflow in MSG_UnEscapeSearchUrl in ...)
- mozilla 2:1.7.5-1 (bug #288047)
CVE-2004-1315 (viewtopic.php in phpBB 2.x before 2.0.11 improperly URL decodes the ...)
@@ -14747,11 +14743,11 @@
CVE-2004-1312 (A bug in the HTML parser in a certain Microsoft HTML library, as used ...)
NOT-FOR-US: Microsoft
CVE-2004-1311 (Integer overflow in the real_setup_and_get_header function in real.c ...)
- NOT-FOR-US: mplayer
+ - mplayer <itp>
CVE-2004-1310 (Stack-based buffer overflow in the asf_mmst_streaming.c functionality ...)
- NOT-FOR-US: mplayer
+ - mplayer <itp>
CVE-2004-1309 (Heap-based buffer overflow in the demux_open_bmp function in ...)
- NOT-FOR-US: mplayer
+ - mplayer <itp>
CVE-2004-1308 (Integer overflow in (1) tif_dirread.c and (2) tif_fax3.c for libtiff ...)
{DSA-617-1}
- tiff 3.6.1-4
@@ -14781,8 +14777,7 @@
CVE-2004-1296 (The (1) eqn2graph and (2) pic2graph scripts in groff 1.18.1 allow ...)
- groff 1.18.1.1-5
CVE-2004-1295 (The slip_down function in slip.c for the uml_net program in ...)
- NOTE: uml_net is only executable by users in group uml-net in Debian
- NOTE: uml-utilities-20040406 does not seem to be vulnerable, tried exploit
+ - uml-utilities <not-affected> (uml_net is only executable by users in group uml-net)
CVE-2004-1294 (The mget function in cmds.c for tnftp 20030825 allows remote FTP ...)
- tnftp <unfixed> (bug #285902; medium)
CVE-2004-1293 (Buffer overflow in the ReadFontTbl function in reader.c for ...)
@@ -14806,7 +14801,6 @@
CVE-2004-1285 (Buffer overflow in the get_header function in asf_mmst_streaming.c for ...)
NOT-FOR-US: mplayer
CVE-2004-1284 (Buffer overflow in the find_next_file function in playlist.c for ...)
- NOTE: non-free
NOTE: Previous fix 0.59r-18 introduced new integer overflows and caused regressions
- mpg123 0.59r-20 (bug #287043)
CVE-2004-1283 (Buffer overflow in the Mesh::type method in mesh.c for the mview ...)
@@ -14906,14 +14900,15 @@
CVE-2004-1238
REJECTED
CVE-2004-1237 (Unknown vulnerability in the system call filtering code in the audit ...)
- NOTE: apparently redhat specific
+ - linux-2.6 <not-affected> (Apparently Red Hat specific)
CVE-2004-1236 (Buffer overflow in the LDAP component for Netscape Directory Server ...)
NOT-FOR-US: Netscape Directory Server on HP-UX
CVE-2004-1235 (Race condition in the (1) load_elf_library and (2) binfmt_aout ...)
- - linux-2.6 2.6.12-1 (bug #289202; high)
+ - linux-2.6 <not-affected> (Fixed before upload into archive)
+ TODO: Check, when this was fixed
- kernel-source-2.4.27 2.4.27-8 (bug #289202; bug #289708; bug #291053; high)
CVE-2004-1234 (load_elf_binary in Linux before 2.4.26 allows local users to cause a ...)
- NOTE: fixed after 2.4.25
+ - kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.26)
CVE-2004-1233 (Integer overflow in Gadu-Gadu allows remote attackers to cause a ...)
NOT-FOR-US: Gadu-Gadu
CVE-2004-1232 (Stack-based buffer overflow in the code that sends images in Gadu-Gadu ...)
More information about the Secure-testing-commits
mailing list