[Secure-testing-commits] r9150 - data/CVE

jmm-guest at alioth.debian.org jmm-guest at alioth.debian.org
Wed Jun 25 21:07:19 UTC 2008 

Author: jmm-guest
Date: 2008-06-25 21:07:18 +0000 (Wed, 25 Jun 2008)
New Revision: 9150

Modified:
   data/CVE/list
Log:
- track etch'n'half kernel as linux-2.6.24
- mark all issues fixed after initial 2.6.24 release as
  unfixed, they can be fixed one by one after verification
  for the 2.6.24 status.


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-06-25 20:59:08 UTC (rev 9149)
+++ data/CVE/list	2008-06-25 21:07:18 UTC (rev 9150)
@@ -1022,6 +1022,7 @@
 CVE-2008-2358 (The Datagram Congestion Control Protocol (DCCP) subsystem in the Linux ...)
 	{DSA-1592-1}
 	- linux-2.6 2.6.25-4
+        TODO: 2.6.24 status
 	NOTE: this version casts sizeof to int. This is a module, not a compiled in feature in Debian
 CVE-2008-2357 (Stack-based buffer overflow in the split_redraw function in split.c in ...)
 	{DSA-1587-1}
@@ -1467,6 +1468,7 @@
 CVE-2008-2148 (The utimensat system call (sys_utimensat) in Linux kernel 2.6.22 and ...)
 	- linux-2.6 2.6.25-3 (bug #481195)
 	[etch] - linux-2.6 <not-affected> (vulnerable code not present)
+        [etch] - linux-2.6.24 2.6.24-6~etchnhalf.3
 	NOTE: utimensat() was introduced in 2.6.22 and sched_slice() in 2.6.24
 CVE-2008-2145 (Stack-based buffer overflow in Novell Client 4.91 SP4 and earlier ...)
 	NOT-FOR-US: Novell Client 4.91 SP4
@@ -1485,10 +1487,12 @@
 CVE-2008-2137 (The (1) sparc_mmap_check function in arch/sparc/kernel/sys_sparc.c and ...)
 	{DSA-1588-1}
 	- linux-2.6 <unfixed>
+        [etch] - linux-2.6.24 2.6.24-6~etchnhalf.3
 	NOTE: Upstream commit: 5816339310b2d9623cf413d33e538b45e815da5d
 CVE-2008-2136 (Memory leak in the ipip6_rcv function in net/ipv6/sit.c in the Linux ...)
 	{DSA-1588-1}
 	- linux-2.6 <unfixed>
+        [etch] - linux-2.6.24 2.6.24-6~etchnhalf.3
 	NOTE: Upstream commit: 36ca34cc3b8335eb1fe8bd9a1d0a2592980c3f02
 CVE-2008-2135 (Multiple SQL injection vulnerabilities in VisualShapers ezContents ...)
 	NOT-FOR-US: VisualShapers ezContents
@@ -2473,6 +2477,7 @@
 CVE-2007-6712 (Integer overflow in the hrtimer_forward function (hrtimer.c) in Linux ...)
 	{DSA-1588-1}
 	- linux-2.6 <unfixed> (medium)
+        - linux-2.6.24 <unfixed>
 CVE-2008-1887 (Python 2.5.2 and earlier allows context-dependent attackers to execute ...)
 	{DSA-1551-1}
 	- python2.4 2.4.5-2
@@ -2570,12 +2575,14 @@
 CVE-2008-1675 (The bdx_ioctl_priv function in the tehuti driver (tehuti.c) in Linux ...)
 	- linux-2.6 2.6.25-2 (low)
 	[etch] - linux-2.6 <not-affected> (Tehuti driver not in 2.6.18)
+	- linux-2.6.24 <unfixed>
 	NOTE: the cve id description states that 2.6.25 is fixed, this is wrong, it's fixed in 2.6.25.1
 CVE-2008-1674
 	RESERVED
 CVE-2008-1673 (The asn1 implementation in (a) the Linux kernel 2.4 before 2.4.36.6 ...)
 	{DSA-1592-1}
 	- linux-2.6 2.6.25-5 (bug #485944)
+	- linux-2.6.24 <unfixed>
 CVE-2008-1672 (OpenSSL 0.9.8f and 0.9.8g allows remote attackers to cause a denial of ...)
 	{DTSA-136-1}
 	- openssl 0.9.8g-10.1 (bug #483379)
@@ -2589,6 +2596,7 @@
 CVE-2008-1669 (Linux kernel before 2.6.25.2 does not apply a certain protection ...)
 	{DSA-1575-1}
 	- linux-2.6 2.6.25-2 (low)
+	- linux-2.6.24 <unfixed>
 	NOTE: 0b2bac2f1ea0d33a3621b27ca68b9ae760fca2e9
 CVE-2008-1668
 	RESERVED
@@ -2704,6 +2712,7 @@
 CVE-2008-1615 (Linux kernel 2.6.18, and possibly other versions, when running on ...)
 	{DSA-1588-1}
 	- linux-2.6 2.6.25-1 (medium; bug #480390)
+	- linux-2.6.24 <unfixed>
 CVE-2008-1614 (suPHP before 0.6.3 allows local users to gain privileges via (1) a ...)
 	{DSA-1550-1 DTSA-124-1}
 	- suphp 0.6.2-2.1 (low; bug #475431)
@@ -3270,6 +3279,7 @@
 CVE-2008-1375 (Race condition in the directory notification subsystem (dnotify) in ...)
 	{DSA-1565-1}
 	- linux-2.6 2.6.25-2 (low)
+	- linux-2.6.24 <unfixed>
 CVE-2008-1374 (Integer overflow in pdftops filter in CUPS in Red Hat Enterprise Linux ...)
 	- cupsys <not-affected> (Redhat-specific incomplete patch, upstream patch is complete)
 	- cups <not-affected> (Redhat-specific incomplete patch, upstream patch is complete)
@@ -5075,6 +5085,7 @@
 CVE-2008-0600 (The vmsplice_to_pipe function in Linux kernel 2.6.17 through 2.6.24.1 ...)
 	{DSA-1494-1 DTSA-113-1}
 	- linux-2.6 2.6.24-4 (high)
+	- linux-2.6.24 <unfixed>
 CVE-2008-0599 (The init_request_info function in sapi/cgi/cgi_main.c in PHP before ...)
 	{DTSA-135-1}
 	- php5 5.2.6-1
@@ -5567,6 +5578,7 @@
 CVE-2007-6694 (The chrp_show_cpuinfo function (chrp/setup.c) in Linux kernel 2.4.21 ...)
 	{DSA-1565-1 DSA-1503-2 DSA-1504-1 DSA-1503-1}
 	- linux-2.6 <unfixed>
+	- linux-2.6.24 <unfixed>
 CVE-2008-XXXX [exempi buffer overflow in GIF ReadHeader() function]
 	- exempi 1.99.7-1 (bug #454297)
 CVE-2008-0544 (Heap-based buffer overflow in the IMG_LoadLBM_RW function in IMG_lbm.c ...)
@@ -7446,6 +7458,7 @@
 	- bind9 <not-affected> (On Debian this file is rw for user bind and just readable for group bind)
 CVE-2007-6282 (The IPsec implementation in Linux kernel before 2.6.25 allows remote ...)
 	- linux-2.6 2.6.25-1
+	- linux-2.6.24 <unfixed>
 CVE-2007-6281 (Heap-based buffer overflow in Open File Manager service (ofmnt.exe) in ...)
 	NOT-FOR-US: St. Bernard Open File Manager
 CVE-2007-6304 (The federated engine in MySQL 5.0.x before 5.0.51a, 5.1.x before ...)
@@ -7620,15 +7633,18 @@
 	NOT-FOR-US: KML share
 CVE-2008-0010 (The copy_from_user_mmap_sem function in fs/splice.c in the Linux ...)
 	- linux-2.6 2.6.24-4
+	- linux-2.6.24 <unfixed>
 	[etch] - linux-2.6 <not-affected> (vulnerable code not present)
 CVE-2008-0009 (The vmsplice_to_user function in fs/splice.c in the Linux kernel ...)
 	- linux-2.6 2.6.24-4
+	- linux-2.6.24 <unfixed>
 	[etch] - linux-2.6 <not-affected> (vulnerable code not present)
 CVE-2008-0008 (The pa_drop_root function in PulseAudio 0.9.8, and a certain 0.9.9 ...)
 	{DSA-1476-1}
 	- pulseaudio 0.9.9-1
 CVE-2008-0007 (Linux kernel before 2.6.22.17, when using certain drivers that ...)
 	{DSA-1565-1 DSA-1503-2 DSA-1504-1 DSA-1503-1}
+	- linux-2.6.24 <unfixed>
 	- linux-2.6 2.6.24-4
 CVE-2008-0006 (Buffer overflow in (1) X.Org Xserver before 1.4.1, and (2) the libfont ...)
 	{DSA-1466-2 DTSA-110-1}
@@ -7650,11 +7666,13 @@
 CVE-2008-0001 (VFS in the Linux kernel before 2.6.22.16, and 2.6.23.x before ...)
 	{DSA-1479-1}
 	- linux-2.6 2.6.24-1
+	- linux-2.6.24 <unfixed>
 CVE-2007-6207 (Xen 3.x, possibly before 3.1.2, when running on IA64 systems, does not ...)
 	- xen-3 3.1.2-1
 CVE-2007-6206 (The do_coredump function in fs/exec.c in Linux kernel 2.4.x and 2.6.x ...)
 	{DSA-1503-2 DSA-1504-1 DSA-1503-1 DSA-1436-1}
 	- linux-2.6 2.6.24-1
+	- linux-2.6.24 <unfixed>
 CVE-2007-6205 (Cross-site scripting (XSS) vulnerability in the remote RSS sidebar ...)
 	{DSA-1528-1}
 	- serendipity 1.2.1-1 (low)
@@ -8460,6 +8478,7 @@
 CVE-2007-5904 (Multiple buffer overflows in CIFS VFS in Linux kernel 2.6.23 and ...)
 	{DSA-1428-1}
 	- linux-2.6 <unfixed>
+	- linux-2.6.24 <unfixed>
 CVE-2007-5903
 	RESERVED
 CVE-2007-5902 (Integer overflow in the svcauth_gss_get_principal function in ...)

More information about the Secure-testing-commits mailing list