[Secure-testing-commits] r5770 - data/CVE

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Wed May 2 20:17:55 UTC 2007 

Author: jmm-guest
Date: 2007-05-02 20:17:52 +0000 (Wed, 02 May 2007)
New Revision: 5770

Modified:
   data/CVE/list
Log:
one kernel issue fixed in 2.6.18
two kernel issues not affecting Etch


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-05-02 20:12:46 UTC (rev 5769)
+++ data/CVE/list	2007-05-02 20:17:52 UTC (rev 5770)
@@ -1498,6 +1498,7 @@
 	NOT-FOR-US: Corel WordPerfect
 CVE-2007-1734 (The DCCP support in the do_dccp_getsockopt function in ...)
 	- linux-2.6 <unfixed> (medium; bug #420875)
+	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
 CVE-2007-1733 (Buffer overflow in InterVations NaviCOPA HTTP Server 2.01 allows ...)
 	NOT-FOR-US: NaviCOPA HTTP Server
 CVE-2007-1732 (** DISPUTED ** ...)
@@ -1506,6 +1507,7 @@
 	NOT-FOR-US: hpaftpd
 CVE-2007-1730 (Integer signedness error in the DCCP support in the do_dccp_getsockopt ...)
 	- linux-2.6 <unfixed> (medium)
+	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
 CVE-2007-1729 (SQL injection vulnerability in includes/start.php in Flexbb 1.0.0 ...)
 	NOT-FOR-US: Flexbb
 CVE-2007-1728 (The Remote Play feature in Sony Playstation 3 (PS3) 1.60 and ...)
@@ -8910,18 +8912,7 @@
 	{DSA-1237 DSA-1233}
 	- linux-2.6 2.6.18-4
 CVE-2006-5648 (Ubuntu Linux 6.10 for the PowerPC (PPC) allows local users to cause a ...)
-	- linux-2.6 <unfixed> (low)
-	NOTE: A few futex-related system calls need arch-specific support
-	NOTE: routines, or they can lead to unkillable userspace processes.
-	NOTE: The following git commits add futex_atomic_cmpxchg_inatomic
-	NOTE: implementations.  The initial implementation contained code
-	NOTE: for amd64 and i386.  Other implementations were added here:
-	NOTE: c7fed9d75074f7c243ec8ff2c55d04de2839a6f6 (sparc64, before 2.6.19)
-	NOTE: 69588298188b40ed7f75c98a6fd328d82f23ca21 (powerpc, before 2.6.18)
-	NOTE: a192dc16000241dc02990a36b6830839b73c44de (ia64, before 2.6.19)
-	NOTE: 342a0497c23c278633f8674ab62f71e5049b7080 (parisc, before 2.6.19)
-	NOTE: Expoitability depends on whether the syscall is actually wired,
-	NOTE: which seems to be the case for everything but ia64 and maybe arm.
+	- linux-2.6 2.6.18-1 (low)
 CVE-2006-5647 (Sophos Anti-Virus and Endpoint Security before 6.0.5, Anti-Virus for ...)
 	NOT-FOR-US: Sophos
 CVE-2006-5646 (Heap-based buffer overflow in Sophos Anti-Virus and Endpoint Security ...)

More information about the Secure-testing-commits mailing list