[Secure-testing-commits] r9931 - data/CVE

Thu Oct 2 05:34:22 UTC 2008

Author: dannf
Date: 2008-10-02 05:34:20 +0000 (Thu, 02 Oct 2008)
New Revision: 9931

Modified:
   data/CVE/list
Log:
linux kernel updates

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2008-10-01 21:35:38 UTC (rev 9930)
+++ data/CVE/list	2008-10-02 05:34:20 UTC (rev 9931)
@@ -978,6 +978,7 @@
 CVE-2008-3915 (Buffer overflow in nfsd in the Linux kernel before 2.6.26.4, when ...)
 	{DSA-1636-1}
 	- linux-2.6 2.6.26-5
+	- linux-2.6.24 2.6.24-6~etchnhalf.5
 	[etch] - linux-2.6 <not-affected> (Vulnerable code was introduced in 2.6.19)
 CVE-2008-3911 (The proc_do_xprt function in net/sunrpc/sysctl.c in the Linux kernel ...)
 	- linux-2.6 2.6.26-5
@@ -1294,6 +1295,7 @@
 	RESERVED
 CVE-2008-3792 (net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) ...)
 	{DSA-1636-1}
+	- linux-2.6.24 2.6.24-6~etchnhalf.5
 	- linux-2.6 2.6.26-4
 	[etch] - linux-2.6 <not-affected>
 CVE-2008-3788 (Multiple SQL injection vulnerabilities in PICTURESPRO Photo Cart 3.9, ...)
@@ -1978,12 +1980,12 @@
 CVE-2008-3535 (Off-by-one error in the iov_iter_advance function in mm/filemap.c in ...)
 	{DSA-1636-1}
 	- linux-2.6 2.6.26-2
-	- linux-2.6.24 <unfixed>
+	- linux-2.6.24 2.6.24-6~etchnhalf.5
 	NOTE: 94ad374a0751f40d25e22e036c37f7263569d24c
 	NOTE: Fixed in 2.6.25.14 and 2.6.26.1
 CVE-2008-3534 (The shmem_delete_inode function in mm/shmem.c in the tmpfs ...)
 	{DSA-1636-1}
-	- linux-2.6.24 <unfixed>
+	- linux-2.6.24 2.6.24-6~etchnhalf.5
 	- linux-2.6 2.6.26-2
 	NOTE: 14fcc23fdc78e9d32372553ccf21758a9bd56fa1
 	NOTE: Fixed in 2.6.25.14 and 2.6.26.1
@@ -2005,6 +2007,7 @@
 CVE-2008-3526 (Integer overflow in the sctp_setsockopt_auth_key function in ...)
 	{DSA-1636-1}
 	- linux-2.6 2.6.26-4
+	- linux-2.6.24 2.6.24-6~etchnhalf.5
 	[etch] - linux-2.6 <not-affected>
 CVE-2008-3525 (The sbni_ioctl function in drivers/net/wan/sbni.c in the wan subsystem ...)
 	- linux-2.6 2.6.26-7
@@ -2547,11 +2550,12 @@
 CVE-2008-3276 (Integer overflow in the dccp_setsockopt_change function in ...)
 	{DSA-1636-1}
 	- linux-2.6 2.6.26-4
+	- linux-2.6.24 2.6.24-6~etchnhalf.5
 	[etch] - linux-2.6 <unfixed>
 CVE-2008-3275 (The (1) real_lookup and (2) __lookup_hash functions in fs/namei.c in ...)
 	{DSA-1636-1 DSA-1630-1}
-	- linux-2.6.24 <unfixed>
-	- linux-2.6 <unfixed>
+	- linux-2.6.24 2.6.24-6~etchnhalf.5
+	- linux-2.6 2.6.26-2
 	NOTE: d70b67c8bc72ee23b55381bd6a884f4796692f77        
 CVE-2008-3274 (The default configuration of Red Hat Enterprise IPA 1.0.0 and FreeIPA ...)
 	NOT-FOR-US: FreeIPA
@@ -2559,8 +2563,8 @@
 	NOT-FOR-US: JBoss
 CVE-2008-3272 (The snd_seq_oss_synth_make_info function in ...)
 	{DSA-1636-1 DSA-1630-1}
-	- linux-2.6.24 <unfixed>
-	- linux-2.6 <unfixed>
+	- linux-2.6.24 2.6.24-6~etchnhalf.5
+	- linux-2.6 2.6.26-2
 	NOTE: 82e68f7ffec3800425f2391c8c86277606860442
 CVE-2008-3271
 	RESERVED
@@ -3293,7 +3297,7 @@
 CVE-2008-2945 (Sun Java System Access Manager 6.3 through 7.1 and Sun Java System ...)
 	NOT-FOR-US: Sun Java System Access Manager
 CVE-2008-2944 (Double free vulnerability in the utrace support in the Linux kernel, ...)
-	- linux-2.6 <unfixed>
+	- linux-2.6 <not-affected>
 	[etch] - linux-2.6 <not-affected>
 	- linux-2.6.24 <not-affected>
 CVE-2008-2943 (Double free vulnerability in IBM Tivoli Directory Server (TDS) 6.1.0.0 ...)
@@ -4640,7 +4644,7 @@
 CVE-2008-2373
 	RESERVED
 CVE-2008-2372 (The Linux kernel 2.6.24 and 2.6.25 before 2.6.25.9 allows local users ...)
-	- linux-2.6 2.6.26
+	- linux-2.6 2.6.26-1
 	[etch] - linux-2.6 <not-affected> (Introduced between 2.6.23 and 2.6.24)
 	- linux-2.6.24 2.6.24-6~etchnhalf.4
 	NOTE: IMO this is a lack of optimisation, not a security issue? - jmm
@@ -6154,7 +6158,7 @@
 CVE-2007-6712 (Integer overflow in the hrtimer_forward function (hrtimer.c) in Linux ...)
 	{DSA-1588-1}
 	- linux-2.6 2.6.26-1
-	- linux-2.6.24 <unfixed>
+	- linux-2.6.24 <not-affected>
 	NOTE: upstream commit 13788ccc41ceea5893f9c747c59bc0b28f2416c2, not present in 2.6.25.x,
 	NOTE: but fixed in git, so marking as fixed in 2.6.26-1
 CVE-2008-1887 (Python 2.5.2 and earlier allows context-dependent attackers to execute ...)


