[Secure-testing-commits] r451 - sarge-checks/CAN

Micah Anderson micah@costa.debian.org
Sat, 19 Feb 2005 18:11:02 +0100 

Author: micah
Date: 2005-02-19 18:10:59 +0100 (Sat, 19 Feb 2005)
New Revision: 451

Modified:
   sarge-checks/CAN/list
Log:
Resolved a few of the new kernel CANs


Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list	2005-02-19 11:38:01 UTC (rev 450)
+++ sarge-checks/CAN/list	2005-02-19 17:10:59 UTC (rev 451)
@@ -998,13 +998,22 @@
 	- kernel-source-2.6.10 2.6.10-4
 CAN-2005-0178 (Race condition in the setsid function in Linux before 2.6.8.1 has ...)
 	NOTE: see USN-82-1
-	NOTE: micah checking with kernel team
+	NOTE: <joshk> i don't know anything about the tty layer...but i can tell that this is just trying to prevent a possible race
+	NOTE: <joshk> i'm going to have to run this by alan cox
+	TODO: Re-check with kernel team later about 2.4.27
+	- kernel-source-2.6.8 2.6.8-14
+	- kernel-source-2.6.9 2.6.9-6
+	- kernel-source-2.6.10 2.6.10-6
 CAN-2005-0177 (nls_ascii.c in Linux before 2.6.8.1 uses an incorrect table size, ...)
+	NOTE: According to joshk, doesn't apply to 2.4.27
 	NOTE: see USN-82-1
-	NOTE: micah checking with kernel team
+	- kernel-source-2.6.8 2.6.8-14
+	- kernel-source-2.6.9 2.6.9-6
+	- kernel-source-2.6.10 2.6.10-6
 CAN-2005-0176 (The shmctl function in Linux before 2.6.8.1 allows local users to ...)
 	NOTE: see USN-82-1
-	NOTE: micah checking with kernel team
+	NOTE: only affects 2.6.9
+	- kernel-source-2.6.9 2.6.9-6
 CAN-2004-1392 (PHP 4.0 with cURL functions allows remote attackers to bypass the ...)
 	- php4 4:4.3.10-3
 CAN-2004-1391 (Untrusted execution path vulnerability in the PPPoE daemon (PPPoEd) in ...)
@@ -1537,7 +1546,8 @@
 	NOTE: Fixed in upstream 2.6.10
 	- kernel-source-2.6.8 2.6.8-11
 	- kernel-source-2.6.9 2.6.9-4
-	NOTE: micah checking with kernel team, what about 2.4?
+	- kernel-source-2.4.27 2.4.27-9
+	NOTE: will be fixed in 2.4.27-9
 CAN-2004-1332 (Stack-based buffer overflow in the FTP daemon in HP-UX 11.11i, with ...)
 	NOTE: not-for-us (hpux)
 CAN-2004-1331 (The execCommand method in Microsoft Internet Explorer 6.0 SP2 allows ...)