[Secure-testing-commits] r7643 - data/CVE

nion at alioth.debian.org nion at alioth.debian.org
Mon Dec 17 21:11:43 UTC 2007 

Author: nion
Date: 2007-12-17 21:11:43 +0000 (Mon, 17 Dec 2007)
New Revision: 7643

Modified:
   data/CVE/list
Log:
incorporating fixed linux-2.6 versions reported by Maximilian Attems


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-12-17 20:44:24 UTC (rev 7642)
+++ data/CVE/list	2007-12-17 21:11:43 UTC (rev 7643)
@@ -641,7 +641,7 @@
 CVE-2007-6064
 	RESERVED
 CVE-2007-6063 (Buffer overflow in the isdn_net_setcfg function in isdn_net.c in Linux ...)
-	- linux-2.6 <unfixed>
+	- linux-2.6 2.6.23-2
 	NOTE: kernel-sec is aware of this
 CVE-2007-6062 (irc-channel.c in ngIRCd before 0.10.3 allows remote attackers to cause ...)
 	- ngircd 0.10.3-1 (bug #451875)
@@ -2664,7 +2664,7 @@
 	NOTE: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=96a2d41a3e495734b63bff4e5dd0112741b93b38
 CVE-2007-5500 (The wait_task_stopped function in the Linux kernel before 2.6.23.8 ...)
 	{DSA-1428-1}
-	- linux-2.6 2.6.23-1
+	- linux-2.6 2.6.23-2
 	NOTE: kernel-sec is already tracking this
 CVE-2007-5499
 	REJECTED
@@ -4130,7 +4130,7 @@
 	RESERVED
 CVE-2007-4997 (Integer underflow in the ieee80211_rx function in ...)
 	{DSA-1428-1}
-	- linux-2.6 <unfixed>
+	- linux-2.6 2.6.23-1
 CVE-2007-4996 (libpurple in Pidgin before 2.2.1 does not properly handle MSN nudge ...)
 	- pidgin 2.2.1-1 (medium)
 	NOTE: Gaim not affected, vulnerable code was introduced in 2.2.0
@@ -7068,7 +7068,7 @@
 	- linux-2.6 <unfixed>
 CVE-2007-3739 (mm/mmap.c in the hugetlb kernel, when run on PowerPC systems, does not ...)
 	{DSA-1378-2 DSA-1378-1}
-	- linux-2.6 <unfixed>
+	- linux-2.6 2.6.20-1
 CVE-2007-3738 (Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.5 ...)
 	{DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1}
 	- iceape 1.1.3-1 (medium)
@@ -10108,7 +10108,7 @@
 	NOTE: could just as well hang-up
 	NOTE: http://ftp.digium.com/pub/asa/ASA-2007-013.html
 CVE-2007-2480 (The _udp_lib_get_port function in net/ipv4/udp.c in Linux kernel ...)
-	- linux-2.6 <unfixed> (medium)
+	- linux-2.6 2.6.22-1 (medium)
 CVE-2007-2479 (Cerulean Studios Trillian Pro before 3.1.5.1 allows remote attackers ...)
 	NOT-FOR-US: Cerulean Trillian
 CVE-2007-2478 (Multiple heap-based buffer overflows in the IRC component in Cerulean ...)
@@ -11862,7 +11862,7 @@
 CVE-2007-1731 (Multiple stack-based buffer overflows in High Performance Anonymous ...)
 	NOT-FOR-US: hpaftpd
 CVE-2007-1730 (Integer signedness error in the DCCP support in the do_dccp_getsockopt ...)
-	- linux-2.6 <unfixed> (medium)
+	- linux-2.6 2.6.21-1 (medium)
 	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
 CVE-2007-1729 (SQL injection vulnerability in includes/start.php in Flexbb 1.0.0 ...)
 	NOT-FOR-US: Flexbb
@@ -12454,7 +12454,7 @@
 	- linux-2.6 2.6.20-1 (medium)
 CVE-2007-1496 (nfnetlink_log in netfilter in the Linux kernel before 2.6.20.3 allows ...)
 	{DSA-1289-1}
-	- linux-2.6 <unfixed> (medium)
+	- linux-2.6 2.6.21-1 (medium)
 CVE-2007-1495 (The \Device\SymEvent driver in Symantec Norton Personal Firewall 2006 ...)
 	NOT-FOR-US: Symantec Norton Personal Firewall
 CVE-2007-1494 (Cross-site scripting (XSS) vulnerability in NukeSentinel before 2.5.06 ...)
@@ -12822,7 +12822,7 @@
 	NOT-FOR-US: JBoss Application Server
 CVE-2007-1353 (The setsockopt function in the L2CAP and HCI Bluetooth support in the ...)
 	{DSA-1356-1}
-	- linux-2.6 <unfixed> (low)
+	- linux-2.6 2.6.22-1 (low)
 CVE-2007-1352 (Integer overflow in the FontFileInitTable function in X.Org libXfont ...)
 	{DSA-1294-1}
 	- libxfont 1:1.2.2-2 (medium)
@@ -17889,7 +17889,7 @@
 CVE-2006-6334 (Heap-based buffer overflow in the SendChannelData function in wfica.ocx in ...)
 	NOT-FOR-US: Citrix Presentation Server Client
 CVE-2006-6333 (The tr_rx function in ibmtr.c for Linux kernel 2.6.19 assigns the ...)
-	- linux-2.6 <unfixed>
+	- linux-2.6 2.6.20-1
 	[etch] - linux-2.6 <not-affected> (Only affects 2.6.19, introduced after 2.6.18)
 CVE-2006-6332 (Stack-based buffer overflow in net80211/ieee80211_wireless.c in ...)
 	- madwifi 1:0.9.2+r1842.20061207-2 (high; bug #402836; bug #402111)
@@ -19153,7 +19153,7 @@
 	- linux-2.6 <not-affected> (Fixed before initial upload; 2.6.10)
 CVE-2006-5753 (Unspecified vulnerability in the listxattr system call in Linux ...)
 	{DSA-1356-1 DSA-1304}
-	- linux-2.6 <unfixed>
+	- linux-2.6 2.6.20-1
 CVE-2006-5752 (Cross-site scripting (XSS) vulnerability in mod_status.c in the ...)
 	- apache2 2.2.4-2 (low)
 	[sarge] - apache2 2.0.54-5sarge2

More information about the Secure-testing-commits mailing list