[Secure-testing-commits] r6522 - data/CVE

fw at alioth.debian.org fw at alioth.debian.org
Thu Sep 6 17:25:08 UTC 2007 

Author: fw
Date: 2007-09-06 17:25:07 +0000 (Thu, 06 Sep 2007)
New Revision: 6522

Modified:
   data/CVE/list
Log:
some fixed linux-2.6 bugs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-09-06 12:45:21 UTC (rev 6521)
+++ data/CVE/list	2007-09-06 17:25:07 UTC (rev 6522)
@@ -2548,7 +2548,9 @@
 	NOT-FOR-US: Apple Safari
 CVE-2007-3513 (The lcd_write function in drivers/usb/misc/usblcd.c in the Linux ...)
 	{DSA-1356-1}
-	- linux-2.6 <unfixed>
+	- linux-2.6 2.6.22-1
+	NOTE: Fixed in commit 5afeb104e7901168b21aad0437fb51dc620dfdd3
+	NOTE: in Linus' tree.
 CVE-2007-3512 (Stack-based buffer overflow in Lhaca File Archiver before 1.22 allows ...)
 	NOT-FOR-US: Lhaca
 CVE-2007-3511 (The focus handling for the onkeydown event in Mozilla Firefox 1.5.0.12 ...)
@@ -3542,8 +3544,10 @@
 	[etch] - openssl <no-dsa> (Not exploitable in a real-world scenario)
 	[etch] - openssl097 <no-dsa> (Not exploitable in a real-world scenario)
 CVE-2007-3107 (The signal handling in the Linux kernel 2.6.2 and later, when run on ...)
-	- linux-2.6 <unfixed> (unimportant)
+	- linux-2.6 2.6.22-1 (unimportant)
 	NOTE: Not reproducibly reliably by an attacker, mostly a bug
+	NOTE: This is fixed by 9a08e732533b940d2d31f4e9999dfee5e1ca3914
+	NOTE: in Linus' tree.
 CVE-2007-3106 (libvorbis 1.1.2, and possibly other versions before 1.2.0, allows ...)
 	- libvorbis 1.2.0.dfsg-1 (medium)
 CVE-2007-3105 (Stack-based buffer overflow in the random number generator (RNG) ...)
@@ -4879,7 +4883,9 @@
 	NOT-FOR-US: VNC Viewer ActiveX control
 CVE-2007-2525 (Memory leak in the PPP over Ethernet (PPPoE) socket implementation in ...)
 	{DSA-1356-1}
-	- linux-2.6 <unfixed>
+	- linux-2.6 2.6.22-1
+	NOTE: Fixed in commit 202a03acf9994076055df40ae093a5c5474ad0bd in
+	NOTE: Linus' tree.
 CVE-2007-2524 (Cross-site scripting (XSS) vulnerability in index.pl in OTRS (Open ...)
 	{DSA-1298-1}
 	- otrs2 2.1.1-1 (bug #423524)
@@ -5561,7 +5567,7 @@
 	[sarge] - openssh <no-dsa> (Minor issue)
 CVE-2007-2242 (The IPv6 protocol allows remote attackers to cause a denial of service ...)
 	{DSA-1356-1}
-	- linux-2.6 <unfixed> (low; bug #421595)
+	- linux-2.6 2.6.21-1 (low; bug #421595)
 	- kfreebsd-5 <unfixed> (low)
 	[etch] - kfreebsd-5 <no-dsa> (No security support for KFreeBSD)
 	NOTE: This should be off by default, tweakable by a simple knob.

More information about the Secure-testing-commits mailing list