[Secure-testing-commits] r3677 - data/CVE

Fri Mar 24 09:08:31 UTC 2006

Author: jmm-guest
Date: 2006-03-24 09:08:25 +0000 (Fri, 24 Mar 2006)
New Revision: 3677

Modified:
   data/CVE/list
Log:
update information for 2.4.27 from patch tracker


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2006-03-24 08:12:39 UTC (rev 3676)
+++ data/CVE/list	2006-03-24 09:08:25 UTC (rev 3677)
@@ -5040,7 +5040,7 @@
 	NOT-FOR-US: Ebuild IndeX
 CVE-2005-3784 (The auto-reap of child processes in Linux kernel 2.6 before 2.6.15 ...)
 	- linux-2.6 <unfixed> (medium)
-	- kernel-source-2.4.27 <unfixed> (medium)
+	- kernel-source-2.4.27 <not-affected>
 CVE-2005-3783 (The ptrace functionality (ptrace.c) in Linux kernel 2.6 before ...)
 	- linux-2.6 2.6.14-3 (medium)
 CVE-2005-3782
@@ -7132,7 +7132,6 @@
 	- php4 4:4.4.0-3 (low)
 CVE-2005-3180 (The Orinoco driver (orinoco.c) in Linux kernel 2.6.13 and earlier does ...)
 	- linux-2.6 2.6.13+2.6.14-rc4-0experimental.1 (medium)
-	- kernel-source-2.4.27 2.4.27-12 (medium)
 CVE-2005-3119 (Memory leak in the request_key_auth_destroy function in ...)
 	- linux-2.6 2.6.13-2 (low)
 	- kernel-source-2.4.27 <not-affected>
@@ -7301,7 +7300,7 @@
 CVE-2005-3109 (The HFS and HFS+ (hfsplus) modules in Linux 2.6 allow attackers to ...)
 	{DSA-922-1}
 	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.12)
-	- kernel-source-2.4.27 <unfixed> (low)
+	- kernel-source-2.4.27 <not-affected>
 CVE-2005-3108 (mm/ioremap.c in Linux 2.6 on 64-bit x86 systems allows local users to ...)
 	{DSA-922-1}
 	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.12)
@@ -7315,7 +7314,8 @@
 	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11)
 CVE-2005-3105 (The mprotect code (mprotect.c) in Linux 2.6 on Itanium IA64 Montecito ...)
 	{DSA-922-1}
-	- kernel-source-2.4.27 <unfixed> (bug #332569; medium)
+	- kernel-source-2.4.27 <unfixed> (bug #332569; unimportant)
+	NOTE: Montecito CPUs are not available on the market yet
 	- linux-2.6 2.6.12-1
 CVE-2005-XXXX [Minor local DoS as libldap]
 	- openldap <unfixed> (bug #253838; low)
@@ -8396,7 +8396,7 @@
 	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11)
 	TODO: When was this fixed in sid for 2.4?
 CVE-2005-2873 (The ipt_recent kernel module (ipt_recent.c) in Linux kernel 2.6.12 and ...)
-	- kernel-source-2.4.27 <unfixed> (bug #332228; low)
+	[sarge] - kernel-source-2.4.27 <no-dsa> (Unfixable design issues)
 	- kernel-source-2.6.8 <unfixed> (bug #332231; low)
 	- linux-2.6 <unfixed> (bug #332381; low)
 	NOTE: Dave Miller didn't like the proposed fix and considers a complete rewrite
@@ -18308,8 +18308,7 @@
 	- kdenetwork 4:3.1.6
 CVE-2005-0204 (Linux kernel before 2.6.9, when running on the AMD64 and Intel EM64T ...)
 	- linux-2.6 <not-affected> (Fixed before upload into archive)
-	TODO: Check, which version fixed this
-	- kernel-source-2.4.27 2.4.27-12 (bug #296700; high)
+	- kernel-source-2.4.27 2.4.27-9 (bug #296700; high)
 CVE-2005-0203
 	REJECTED
 CVE-2005-0202 (Directory traversal vulnerability in the true_path function in ...)
@@ -19702,8 +19701,7 @@
 	- linux-2.6 <not-affected> (2.4 specific vulnerability)
 CVE-2004-1016 (The scm_send function in the scm layer for Linux kernel 2.4.x up to ...)
 	- linux-2.6 <not-affected> (Fixed before upload into archive)
-	TODO: Check which version fixed this
-	- kernel-source-2.4.27 <unfixed>
+	- kernel-source-2.4.27 2.4.27-7
 CVE-2004-1015 (Buffer overflow in proxyd for Cyrus IMAP Server 2.2.9 and earlier, ...)
 	- cyrus-imapd <not-affected> (cyrus-imapd not vulnerable)
 	- cyrus21-imapd <not-affected> (cyrus21-imapd not vulnerable)


