[Secure-testing-commits] r3044 - in data: CVE DSA

Moritz Muehlenhoff jmm-guest at costa.debian.org
Wed Dec 14 20:48:03 UTC 2005 

Author: jmm-guest
Date: 2005-12-14 20:47:57 +0000 (Wed, 14 Dec 2005)
New Revision: 3044

Modified:
   data/CVE/list
   data/DSA/list
Log:
kernel DSAs are coming


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2005-12-14 20:33:42 UTC (rev 3043)
+++ data/CVE/list	2005-12-14 20:47:57 UTC (rev 3044)
@@ -2771,7 +2771,6 @@
 	- linux-2.6 2.6.13-1 (low)
 	- kernel-source-2.4.27 2.4.27-11 (low)
 	[sarge] - kernel-source-2.6.8 2.6.8-16sarge1 (low)
-	[sarge] - kernel-source-2.4.27 2.4.27-10sarge1 (low)
 CVE-2005-3274 (Race condition in ip_vs_conn_flush in Linux 2.6 before 2.6.13 and 2.4 ...)
 	- linux-2.6 2.6.13-1 (low)
 	[sarge] - kernel-source-2.6.8 2.6.8-16sarge1 (low)
@@ -4258,7 +4257,7 @@
 	- courier 0.47-8 (medium; bug #325631)
 CVE-2005-2801 (xattr.c in the ext2 and ext3 file system code for Linux kernel 2.6 ...)
 	- kernel-source-2.6.8 2.6.8-16sarge1 (medium)
-	- kernel-source-2.4.27 2.4.27-10sarge1
+	TODO: When was this fixed in sid for 2.4?
 	NOTE: this was fixed upstream in 2.6.11 (See bug #328395)
 	NOTE: http://lists.debian.org/debian-kernel/2005/08/msg00238.html
 CVE-2005-2873 (The ipt_recent kernel module (ipt_recent.c) in Linux kernel 2.6.12 and ...)
@@ -4269,7 +4268,6 @@
 	NOTE: of ipt_recent the best solution, which seems to occur soon
 CVE-2005-2872 (The ipt_recent kernel module (ipt_recent.c) in Linux kernel before ...)
 	- kernel-source-2.4.27 2.4.27-11 (bug #322237; medium)
-	[sarge] - kernel-source-2.4.27 2.4.27-10sarge1 (medium)
 	- kernel-source-2.6.8 2.6.8-16sarge2 (medium)
 CVE-2005-2761 (Cross-site scripting (XSS) vulnerability in phpGroupWare 0.9.16.000 ...)
 	{DSA-798-1}
@@ -5001,8 +4999,7 @@
 CVE-2005-2554 (The web server for Network Associates ePolicy Orchestrator Agent 3.5.0 ...)
 	NOT-FOR-US: Network Associated ePolicy Orchestrator Agent
 CVE-2005-2553 (The find_target function in ptrace32.c in the Linux kernel 2.4.x ...)
-	- kernel-source-2.4.27 2.4.27-10sarge1 (bug #323363; medium)
-	- kernel-source-2.4.27 2.4.27-12 (medium)
+	- kernel-source-2.4.27 2.4.27-12 (bug #323363; medium)
 CVE-2005-2552 (Unknown vulnerability in HP ProLiant DL585 servers running Integrated ...)
 	NOT-FOR-US: Integrated Light Out in HP servers
 CVE-2005-2551 (Buffer overflow in dhost.exe in iMonitor for Novell eDirectory 8.7.3 ...)
@@ -5227,9 +5224,8 @@
 CVE-2005-2458 (inflate.c in the zlib routines in the Linux kernel before 2.6.12.5 ...)
 	{DTSA-16-1}
 	- linux-2.6 2.6.12-3 (bug #323173; medium)
-	- kernel-source-2.6.8 2.6.8-16sarge1 (medium)
+	[sarge] - kernel-source-2.6.8 2.6.8-16sarge1 (medium)
 	- kernel-source-2.4.27 2.4.27-12 (medium)
-	- kernel-source-2.4.27 2.4.27-10sarge1
 CVE-2004-2301 (Eudora before 6.1.1 allows remote attackers to cause a denial of ...)
 	NOT-FOR-US: Eudora
 CVE-2004-2300 (Buffer overflow in snmpd in ucd-snmp 4.2.6 and earlier, when installed ...)

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2005-12-14 20:33:42 UTC (rev 3043)
+++ data/DSA/list	2005-12-14 20:47:57 UTC (rev 3044)
@@ -1,3 +1,7 @@
+[14 Dec 2005] DSA-921-1 kernel-source-2.4.27 - several
+	{CVE-2005-0756 CVE-2005-0757 CVE-2005-1762 CVE-2005-1767 CVE-2005-1768 CVE-2005-2456 CVE-2005-2458 CVE-2005-2459 CVE-2005-2553 CVE-2005-2801 CVE-2005-2872 CVE-2005-3275}
+	[sarge] - kernel-source-2.4.27 2.4.27-10sarge1
+	NOTE: fixed in testing at time of DSA
 [13 Dec 2005] DSA-920-1 ethereal - buffer overflow
 	{CVE-2005-3651}
 	[woody] - ethereal 0.9.4-1woody14

More information about the Secure-testing-commits mailing list