[Secure-testing-commits] r4565 - data/CVE

Moritz Muehlenhoff jmm-guest at costa.debian.org
Mon Aug 14 19:21:00 UTC 2006 

Author: jmm-guest
Date: 2006-08-14 19:20:58 +0000 (Mon, 14 Aug 2006)
New Revision: 4565

Modified:
   data/CVE/list
Log:
- multiple kernel fixes from the kernel-sec repo
- gforge fixed
- elmo fixed


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-08-14 17:11:54 UTC (rev 4564)
+++ data/CVE/list	2006-08-14 19:20:58 UTC (rev 4565)
@@ -1016,7 +1016,7 @@
 CVE-2006-3635
 	RESERVED
 CVE-2006-3634 (The (1) __futex_atomic_op and (2) futex_atomic_cmpxchg_inatomic ...)
-	- linux-2.6 <unfixed> (medium)
+	- linux-2.6 2.6.17-1 (medium)
 	- linux-2.6.16 <not-affected> (introduced in 2.6.17-rc4)
 CVE-2006-3633 (OSSP shiela 1.1.5 and earlier allows remote authenticated users to ...)
 	NOT-FOR-US: shiela
@@ -6435,9 +6435,8 @@
 	{DSA-1097-1}
 	- linux-2.6 2.6.16-15
 CVE-2006-1342 (net/ipv4/af_inet.c in Linux kernel 2.4 does not clear ...)
-	- linux-2.6 <unfixed>
-	- linux-2.6.16 <unfixed>
-	NOTE: Possibly not-affected, needs further checking
+	- linux-2.6 <not-affected> (Only affects 2.4 kernels)
+	- linux-2.6.16 <not-affected> (Only affects 2.4 kernels)
 CVE-2003-1298 (Multiple directory traversal vulnerabilities in siteman.php3 in ...)
 	NOT-FOR-US: Veritas Backup
 CVE-2000-1240 (Unspecified vulnerability in siteman.php3 in AnyPortal(php) before 22 ...)
@@ -8237,8 +8236,8 @@
 	NOT-FOR-US: McAfee WebShield
 CVE-2006-0558 (perfmon (perfmon.c) in Linux kernel on IA64 architectures allows local ...)
 	{DSA-1103}
-	- linux-2.6 <unfixed> (bug #365375; low)
-	- linux-2.6.16 <unfixed> (bug #365375; low)
+	- linux-2.6 2.6.16-1 (bug #365375; low)
+	- linux-2.6.16 2.6.16-1 (bug #365375; low)
 CVE-2006-0557 (sys_mbind in mempolicy.c in Linux kernel 2.6.16 and earlier does not ...)
 	{DSA-1103}
 	- linux-2.6 2.6.15-8
@@ -14968,7 +14967,7 @@
 	[sarge] - kernel-source-2.4.27 <no-dsa> (Unfixable design issues)
 	[sarge] - kernel-source-2.6.8 <no-dsa> (Unfixable design issues)
 	- kernel-source-2.6.8 <unfixed> (bug #332231; low)
-	- linux-2.6 <unfixed> (bug #332381; low)
+	- linux-2.6 2.6.18-1 (bug #332381; low)
 	- linux-2.6.16 <unfixed> (bug #332381; low)
 	NOTE: Dave Miller didn't like the proposed fix and considers a complete rewrite
 	NOTE: of ipt_recent the best solution, which seems to occur soon
@@ -16143,11 +16142,9 @@
 CVE-2005-2431 (The (1) lost password and (2) account pending features in GForge 4.5 ...)
 	- gforge (bug #328224; unimportant)
 	NOTE: Direct flooding is possible as well in most circumstances.
-	NOTE: maintainer lacks time for backport/investigation for GForge 3.1 in Debian
 CVE-2005-2430 (Multiple cross-site scripting (XSS) vulnerabilities in GForge 4.5 ...)
 	{DSA-1094-1}
-	- gforge (bug #328224; medium)
-	NOTE: maintainer lacks time for backport/investigation for GForge 3.1 in Debian
+	- gforge 4.5.14-9 (bug #328224; medium)
 CVE-2005-2429 (Firefox, when opening Microsoft Word documents, does not properly set ...)
 	- mozilla-firefox <not-affected> (Only affects Firefox on Windows platforms)
 CVE-2005-2428 (Lotus Domino R5 and R6 WebMail, with &quot;Generate HTML for all fields&quot; ...)
@@ -17165,8 +17162,7 @@
 	{DSA-761-2}
 	- heartbeat 1.2.3-12 (bug #318287; medium)
 CVE-2005-2230 (Electronic Mail Operator (elmo) 1.3.2-r1 and earlier creates the ...)
-	- elmo <unfixed> (bug #318291; medium)
-	NOTE: upload to unstable still hasn't occurred (2005-09-18)
+	- elmo 1.3.0-1.1 (bug #318291; low)
 CVE-2005-2229 (Blog Torrent 0.92 and earlier stores sensitive files under the web ...)
 	NOT-FOR-US: Blog Torrent
 CVE-2005-2228 (Web Wiz Forums 7.9 and 8.0 allows remote attackers to view message ...)

More information about the Secure-testing-commits mailing list