[Secure-testing-commits] r4393 - data/CVE

Stefan Fritsch stef-guest at costa.debian.org
Sat Jul 15 11:11:16 UTC 2006 

Author: stef-guest
Date: 2006-07-15 11:11:13 +0000 (Sat, 15 Jul 2006)
New Revision: 4393

Modified:
   data/CVE/list
Log:
- start tracking linux-2.6.16;
- cleanup linux issues fixed some time ago:
CVE-2006-0557
CVE-2006-0457
CVE-2006-0095
CVE-2005-3805
CVE-2005-3784



Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-07-15 10:36:44 UTC (rev 4392)
+++ data/CVE/list	2006-07-15 11:11:13 UTC (rev 4393)
@@ -1355,6 +1355,7 @@
 	TODO: check
 CVE-2006-2934 (SCTP conntrack (ip_conntrack_proto_sctp.c) in netfilter for Linux ...)
 	- linux-2.6 2.6.17-3
+	- linux-2.6.16 <unfixed>
 CVE-2006-2933
 	RESERVED
 CVE-2006-2932
@@ -2089,6 +2090,7 @@
 	NOT-FOR-US: Symantec
 CVE-2006-2629 (Race condition in Linux kernel 2.6.15 to 2.6.17, when running on SMP ...)
 	- linux-2.6 <unfixed> (low)
+	- linux-2.6.16 <unfixed> (low)
 CVE-2006-2628
 	RESERVED
 CVE-2006-2627
@@ -3855,8 +3857,10 @@
 	- freetype 2.2.1-1
 CVE-2006-1860 (lease_init in fs/locks.c in Linux kernel before 2.6.16.16 allows ...)
 	- linux-2.6 2.6.16-14
+	- linux-2.6.16 2.6.16-14
 CVE-2006-1859 (Memory leak in __setlease in fs/locks.c in Linux kernel before ...)
-	- linux-2.6 <unfixed>
+	- linux-2.6 2.6.16-14
+	- linux-2.6.16 2.6.16-14
 CVE-2006-1858 (SCTP in Linux kernel before 2.6.16.17 allows remote attackers to cause ...)
 	{DSA-1103 DSA-1097-1}
 	- linux-2.6 2.6.16-14
@@ -5236,6 +5240,7 @@
 	- linux-2.6 2.6.16-15
 CVE-2006-1342 (net/ipv4/af_inet.c in Linux kernel 2.4 does not clear ...)
 	- linux-2.6 <unfixed>
+	- linux-2.6.16 <unfixed>
 	NOTE: Possibly not-affected, needs further checking
 CVE-2003-1298 (Multiple directory traversal vulnerabilities in siteman.php3 in ...)
 	NOT-FOR-US: Veritas Backup
@@ -7029,9 +7034,10 @@
 CVE-2006-0558 (perfmon (perfmon.c) in Linux kernel on IA64 architectures allows local ...)
 	{DSA-1103}
 	- linux-2.6 <unfixed> (bug #365375; low)
+	- linux-2.6.16 <unfixed> (bug #365375; low)
 CVE-2006-0557 (sys_mbind in mempolicy.c in Linux kernel 2.6.16 and earlier does not ...)
 	{DSA-1103}
-	- linux-2.6 <unfixed>
+	- linux-2.6 2.6.15-8
 CVE-2006-0556
 	RESERVED
 CVE-2006-0555 (The Linux Kernel before 2.6.15.5 allows local users to cause a denial ...)
@@ -7341,7 +7347,7 @@
 CVE-2006-0458 (The DCC ACCEPT command handler in irssi before ...)
 	- irssi-text <not-affected> (Only 0.8.10rc versions are affected)
 CVE-2006-0457 (Race condition in the (1) add_key, (2) request_key, and (3) keyctl ...)
-	- linux-2.6 <unfixed>
+	- linux-2.6 2.6.15-6
 CVE-2006-0456 (The strnlen_user function in Linux kernel before 2.6.16 on IBM S/390 ...)
 	{DSA-1103}
 	- linux-2.6 2.6.16-1
@@ -8269,7 +8275,7 @@
 	- kernel-source-2.4.27 2.4.27-8
 CVE-2006-0095 (dm-crypt in Linux kernel 2.6.15 and earlier does not clear a structure ...)
 	{DSA-1017-1}
-	- linux-2.6 <unfixed>
+	- linux-2.6 2.6.16-1
 	- kernel-source-2.4.27 <not-affected> (2.4 doesn't have dm-crypt)
 CVE-2006-0094 (PHP remote file include vulnerability in forum.php in oaBoard 1.0 ...)
 	NOT-FOR-US: oaBoard
@@ -9046,8 +9052,10 @@
 	NOT-FOR-US: toendaCMS
 CVE-2005-4352 (The securelevels implementation in NetBSD 2.1 and earlier, and Linux ...)
 	- linux-2.6 <unfixed>
+	- linux-2.6.16 <unfixed>
 CVE-2005-4351 (The securelevels implementation in FreeBSD 7.0 and earlier, OpenBSD up ...)
 	- linux-2.6 <unfixed>
+	- linux-2.6.16 <unfixed>
 CVE-2005-4350 (Unspecified vulnerability in WBEM Services A.01.x before A.01.05.12 ...)
 	NOT-FOR-US: WBEM Services
 CVE-2005-4349 (** DISPUTED ** ...)
@@ -10325,7 +10333,7 @@
 	{DSA-1018-1 DSA-1017-1}
 	- linux-2.6 2.6.14-1 (medium)
 CVE-2005-3805 (A locking problem in POSIX timer cleanup handling on exit in Linux ...)
-	- linux-2.6 <unfixed> (medium)
+	- linux-2.6 2.6.14-1 (medium)
 CVE-2005-3804 (Cisco IP Phone (VoIP) 7920 1.0(8) listens to UDP port 17185 to support ...)
 	NOT-FOR-US: Cisco hardware
 CVE-2005-3803 (Cisco IP Phone (VoIP) 7920 1.0(8) contains certain hard-coded ...)
@@ -10371,7 +10379,7 @@
 	NOT-FOR-US: Ebuild IndeX
 CVE-2005-3784 (The auto-reap of child processes in Linux kernel 2.6 before 2.6.15 ...)
 	{DSA-1017-1}
-	- linux-2.6 <unfixed> (medium)
+	- linux-2.6 2.6.15-1 (medium)
 	- kernel-source-2.4.27 <not-affected>
 CVE-2005-3783 (The ptrace functionality (ptrace.c) in Linux kernel 2.6 before ...)
 	{DSA-1018-1 DSA-1017-1}
@@ -10842,6 +10850,7 @@
 	NOT-FOR-US: Dell hardware issue
 CVE-2005-3660 (Linux kernel 2.4 and 2.6 allows attackers to cause a denial of service ...)
 	- linux-2.6 <unfixed> (low)
+	- linux-2.6.16 <unfixed> (low)
 	NOTE: Really hard to fix design limitation, no fix to be expected soon
 CVE-2005-3659 (nsrd.exe in EMC Legato NetWorker 7.1.x before 7.1.4 and 7.2.x before ...)
 	NOT-FOR-US: EMC Legato NetWorker
@@ -13754,6 +13763,7 @@
 	[sarge] - kernel-source-2.6.8 <no-dsa> (Unfixable design issues)
 	- kernel-source-2.6.8 <unfixed> (bug #332231; low)
 	- linux-2.6 <unfixed> (bug #332381; low)
+	- linux-2.6.16 <unfixed> (bug #332381; low)
 	NOTE: Dave Miller didn't like the proposed fix and considers a complete rewrite
 	NOTE: of ipt_recent the best solution, which seems to occur soon
 CVE-2005-2872 (The ipt_recent kernel module (ipt_recent.c) in Linux kernel before ...)

More information about the Secure-testing-commits mailing list