[Secure-testing-commits] r2558 - data/CVE

Micah Anderson micah at costa.debian.org
Mon Oct 24 17:09:24 UTC 2005 

Author: micah
Date: 2005-10-24 17:09:18 +0000 (Mon, 24 Oct 2005)
New Revision: 2558

Modified:
   data/CVE/list
Log:
Updated kernel CVEs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2005-10-24 15:34:14 UTC (rev 2557)
+++ data/CVE/list	2005-10-24 17:09:18 UTC (rev 2558)
@@ -59,16 +59,24 @@
 	NOTE: see http://www.apsis.ch/pound/pound_list/archive/2005/2005-10/1129827166000/index_html?fullMode=1#1129827166000
 CVE-2005-3276 (The sys_get_thread_area function in process.c in Linux 2.6 before ...)
 	- linux-2.6 2.6.12-2
+	- kernel-source-2.6.8 2.6.8-16sarge1
 CVE-2005-3275 (The NAT code (1) ip_nat_proto_tcp.c and (2) ip_nat_proto_udp.c in ...)
 	- linux-2.6 2.6.13-1
+	- kernel-source-2.6.8 2.6.8-16sarge1
+	- kernel-source-2.4.27 2.4.27-10sarge1
 CVE-2005-3274 (Race condition in ip_vs_conn_flush in Linux 2.6 before 2.6.13 and 2.4 ...)
 	- linux-2.6 2.6.13-1
+	- kernel-source-2.6.8 2.6.8-16sarge1
+	- kernel-source-2.4.27 2.4.27-10sarge1
 CVE-2005-3273 (The rose_rt_ioctl function in rose_route.c for ROSE in Linux 2.6 ...)
 	- linux-2.6 2.6.12-1
+	- kernel-source-2.6.8 2.6.8-16sarge1
 CVE-2005-3272 (Linux kernel before 2.6.12 allows remote attackers to poison the ...)
 	- linux-2.6 2.6.12-1
+	- kernel-source-2.6.8 2.6.8-16sarge1
 CVE-2005-3271 (Exec in Linux kernel 2.6 does not properly clear posix-timers in ...)
 	- linux-2.6 <not-affected> (Fixed before linux-2.6 was introduced)
+	- kernel-source-2.6.8 2.6.8-16sarge1
 CVE-2005-3270 (Untrusted search path vulnerability in DiskMountNotify for Symantec ...)
 	NOT-FOR-US: Symantec Antivirus
 CVE-2005-3269 (Unspecified &quot;security exposure&quot; in the HTTP Admin interface for Sun ...)
@@ -1506,8 +1514,9 @@
 	{DSA-793-1}
 	- courier 0.47-8 (medium; bug #325631)
 CVE-2005-2801 (xattr.c in the ext2 and ext3 file system code for Linux kernel 2.6 ...)
-	- kernel-source-2.4.27 2.4.27-11 (medium)
-	TODO: check what version of linux-2.6 fixed this. (See bug #328395)
+	- kernel-source-2.6.8 2.6.8-16sarge1 (medium)
+	- kernel-source-2.4.27 2.4.27-10sarge1
+	NOTE: this was fixed upstream in 2.6.11 (See bug #328395)
 	NOTE: http://lists.debian.org/debian-kernel/2005/08/msg00238.html
 CVE-2005-2873 (The ipt_recent kernel module (ipt_recent.c) in Linux kernel 2.6.12 and ...)
 	- kernel-source-2.4.27 <unfixed> (bug #332228; low)
@@ -2242,7 +2251,7 @@
 CVE-2005-2554 (The web server for Network Associates ePolicy Orchestrator Agent 3.5.0 ...)
 	NOT-FOR-US: Network Associated ePolicy Orchestrator Agent
 CVE-2005-2553 (The find_target function in ptrace32.c in the Linux kernel 2.4.x ...)
-	- kernel-source-2.4.27 2.4.27-10sarge2 (bug #323363; medium)
+	- kernel-source-2.4.27 2.4.27-10sarge1 (bug #323363; medium)
 	- kernel-source-2.4.27 2.4.27-12 (medium)
 CVE-2005-2552 (Unknown vulnerability in HP ProLiant DL585 servers running Integrated ...)
 	NOT-FOR-US: Integrated Light Out in HP servers

More information about the Secure-testing-commits mailing list