[Secure-testing-commits] r2100 - data/CAN
Moritz Muehlenhoff
jmm-guest at costa.debian.org
Thu Sep 22 20:42:07 UTC 2005
Author: jmm-guest
Date: 2005-09-22 20:42:03 +0000 (Thu, 22 Sep 2005)
New Revision: 2100
Modified:
data/CAN/list
Log:
map some more 2.6 kernel issues onto linux-2.6
Modified: data/CAN/list
===================================================================
--- data/CAN/list 2005-09-22 19:32:07 UTC (rev 2099)
+++ data/CAN/list 2005-09-22 20:42:03 UTC (rev 2100)
@@ -1555,7 +1555,7 @@
- ssh (unfixed; bug #314645; low)
CAN-2005-2548 (vlan_dev.c in Linux kernel 2.6.8 allows remote attackers to cause a ...)
{DTSA-16-1}
- NOTE: Will appear in next kernel DSA, fixed in 2.6 since 2.6.9
+ NOTE: Will appear in next kernel DSA, fixed in 2.6 since 2.6.9-rc2
- kernel-image-2.6.8-i386 (unfixed; bug #309308; low)
NOTE: 2.6.12-1 contained a partially broken fix
- linux-2.6 2.6.12-6 (low)
@@ -9675,8 +9675,11 @@
NOTE: not-for-us (Sami HTTP Server)
CAN-2005-0449 (The netfilter/iptables module in Linux before 2.6.8.1 allows remote ...)
NOTE: According to Herbert Xu, 2.4 is not vulnerable : http://oss.sgi.com/archives/netdev/2005-01/msg01107.html
- NOTE: Seems to be stuck with the ABI bump / debian-installer problem
+ NOTE: The vulnerable code has been removed from the kernel in favor of a better
+ NOTE: fix between 2.6.11 and 2.6.12, see
+ NOTE: http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1e01441051dda3bb01c455b6e20bce6d00563d82"
- kernel-source-2.6.8 (unfixed; bug #295949; high)
+ - linux-2.6 not-affected
TODO: verify if it's fixed in linux-2.6
CAN-2005-0448 (Race condition in the rmtree function in File::Path.pm in Perl before ...)
{DSA-696-1}
More information about the Secure-testing-commits
mailing list