[Secure-testing-commits] r9638 - in data: . CVE

Sun Aug 24 21:10:15 UTC 2008

Author: jmm-guest
Date: 2008-08-24 21:10:13 +0000 (Sun, 24 Aug 2008)
New Revision: 9638

Modified:
   data/CVE/list
   data/spu-candidates.txt
Log:
new kernel issue
add entries for 2.6.24
no-dsas


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2008-08-24 14:57:04 UTC (rev 9637)
+++ data/CVE/list	2008-08-24 21:10:13 UTC (rev 9638)
@@ -111,7 +111,9 @@
 CVE-2008-3687 (Heap-based buffer overflow in the flask_security_label function in Xen ...)
 	- xen-3 <not-affected> (Not compiled with XSM:FLASK)
 CVE-2008-3686 (The rt6_fill_node function in Linux kernel 2.6.26-rc4, 2.6.26.2, and ...)
-	TODO: check
+	- linux-2.6.24 <not-affected> (Vulnerable code was introduced in 2.6.26)
+	- linux-2.6 <unfixed>
+	[etch] - linux-2.6 <not-affected> (Vulnerable code was introduced in 2.6.26)
 CVE-2008-3685
 	RESERVED
 CVE-2008-3684
@@ -229,6 +231,7 @@
 	NOTE: attacker needs to be authenticated, see https://bugzilla.redhat.com/show_bug.cgi?id=456660
 CVE-2008-3651 (Memory leak in racoon/proposal.c in the racoon daemon in ipsec-tools ...)
 	- ipsec-tools 1:0.7.1-1 (low)
+        [etch] - ipsec-tools <no-dsa> (Minor issue)
 CVE-2008-3650 (Multiple unspecified vulnerabilities in Horde Groupware Webmail before ...)
 	- horde3 3.2.1+debian0-1 (low; bug #495332)
 	- turba2 2.2.1-1
@@ -466,8 +469,14 @@
 	RESERVED
 CVE-2008-3535 (Off-by-one error in the iov_iter_advance function in mm/filemap.c in ...)
 	- linux-2.6 2.6.26-2
+	- linux-2.6.24 <unfixed>
+        NOTE: 94ad374a0751f40d25e22e036c37f7263569d24c
+        NOTE: Fixed in 2.6.25.14 and 2.6.26.1
 CVE-2008-3534 (The shmem_delete_inode function in mm/shmem.c in the tmpfs ...)
+	- linux-2.6.24 <unfixed>
 	- linux-2.6 2.6.26-2
+        NOTE: 14fcc23fdc78e9d32372553ccf21758a9bd56fa1
+        NOTE: Fixed in 2.6.25.14 and 2.6.26.1
 CVE-2008-3533 (Format string vulnerability in the window_error function in ...)
 	{DTSA-154-1}
 	- yelp 2.22.1-4 (low)
@@ -2413,6 +2422,7 @@
 	NOTE: I set this to medium
 CVE-2008-2696 (Exiv2 0.16 allows user-assisted remote attackers to cause a denial of ...)
 	- exiv2 0.17-1 (low; bug #486328)
+	[etch] - exiv2 <no-dsa> (Minor issue)
 	NOTE: http://dev.robotbattle.com/cgi-bin/viewvc.cgi/exiv2/trunk/src/nikonmn.cpp?r1=1473&r2=1499
 CVE-2008-2713 (libclamav/petite.c in ClamAV before 0.93.1 allows remote attackers to ...)
 	{DSA-1616-2 DTSA-138-1}

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt	2008-08-24 14:57:04 UTC (rev 9637)
+++ data/spu-candidates.txt	2008-08-24 21:10:13 UTC (rev 9638)
@@ -79,6 +79,11 @@
 
 --
 
+ipsec-tools (CVE-2008-3651)
++http://sourceforge.net/mailarchive/forum.php?thread_name=48a0c7a0.qPeWZAE0PY8bDDq%2B%25olel%40ans.pl&forum_name=ipsec-tools-dev+el
+
+--
+
 libapache2-mod-perl2 (CVE-2007-1349)
 http://svn.apache.org/viewvc?view=rev&revision=521584
 #433549


