[Secure-testing-commits] r3095 - data/CVE

Moritz Muehlenhoff jmm-guest at costa.debian.org
Mon Dec 19 11:57:34 UTC 2005 

Author: jmm-guest
Date: 2005-12-19 11:57:28 +0000 (Mon, 19 Dec 2005)
New Revision: 3095

Modified:
   data/CVE/list
Log:
kernel updates from dannf and horms


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2005-12-19 09:14:20 UTC (rev 3094)
+++ data/CVE/list	2005-12-19 11:57:28 UTC (rev 3095)
@@ -2384,8 +2384,8 @@
 	- linux-2.6 2.6.14-4
 	- kernel-source-2.4.27 <not-affected>
 CVE-2005-3857 (The time_out_leases function in locks.c for Linux kernel before ...)
-	- linux-2.6 2.6.14-4
-	- kernel-source-2.4.27 <not-affected>
+	- linux-2.6 2.6.14-4 (low)
+	- kernel-source-2.4.27 2.4.27-13 (low)
 CVE-2005-XXXX [Insecure temp file usage in migrationtools]
 	- migrationtools <unfixed> (bug #338920; medium)
 CVE-2005-XXXX [user logout in drupal has no effect]
@@ -2849,9 +2849,9 @@
 CVE-2004-2537 (Unspecified vulnerability in SurgeMail before 2.2c10 has unknown ...)
 	NOT-FOR-US: SurgeMail
 CVE-2004-2536 (The exit_thread function (process.c) in Linux kernel 2.6 through 2.6.5 ...)
-	- linux-2.6 <not-affected> (fixed upstream in 2.6.6)
-	[sarge] - kernel-source-2.6.8 <not-affected> (fixed upstream in 2.6.6)
-	TODO: check 2.4.27
+	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.6)
+	- kernel-source-2.4.27 <not-affected>
+	[sarge] - kernel-source-2.6.8 <not-affected> (Fixed before upload into archive; 2.6.6)
 CVE-2004-2535 (The person-to-person secure messaging feature in Sticker before 3.1.0 ...)
 	NOT-FOR-US: Sticker
 CVE-2004-2534 (Fastream NETFile Server 7.1.2 does not properly handle keep-alive ...)
@@ -8636,9 +8636,9 @@
 	- kernel-source-2.4.27 2.4.27-11 (medium; bug #319629)
 CVE-2005-1767 (traps.c in the Linux kernel 2.6.x and 2.4.x executes stack segment ...)
 	{DSA-922-1 DSA-921-1}
-	- linux-2.6 <not-affected> (Fixed before upload into archive)
-	TODO: Add which revision fixed this
-	- kernel-source-2.4.27 2.4.27-11 (unknown)
+	- linux-2.6 2.6.12-1
+	- kernel-source-2.4.27 <not-affected> (amd64 specific and 2.4/amd64 not supported)
+	NOTE: This was fixed in 2.4.27-11, but amd64 is not supported for 2.4 (it's amd64 speficic)
 CVE-2005-1766 (Heap-based buffer overflow in rtffplin.cpp in RealPlayer 10.5 ...)
 	{DSA-826-1}
 	- helix-player 1.0.5-1 (bug #316276; high)
@@ -12894,8 +12894,9 @@
 	[sarge] - kernel-source-2.6.8 2.6.8-14
 	TODO: 2.4.27 seems to be unaffected, check back with kernel patch tracker
 	TODO: check, when this was fixed in 2.6
-CVE-2005-0528
+CVE-2005-0528 [mremap kernel issue]
 	RESERVED
+	TODO: Fixed for Woody, check 2.4 and 2.6
 CVE-2005-0527 (Firefox 1.0 allows remote attackers to execute arbitrary code via ...)
 	- mozilla-firefox 1.0.1
 	NOTE: didn't other with YA mozilla-browser bug, it has enough for 1.7.6 already..

More information about the Secure-testing-commits mailing list