[Secure-testing-commits] r9954 - data/CVE

nion at alioth.debian.org nion at alioth.debian.org
Thu Oct 2 13:59:24 UTC 2008


Author: nion
Date: 2008-10-02 13:59:22 +0000 (Thu, 02 Oct 2008)
New Revision: 9954

Modified:
   data/CVE/list
Log:
CVE-2008-4302 fixed in linux-2.6 2.6.22-4
CVE-2008-4210 fixed in linux-2.6 2.6.22-1


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-10-02 13:46:23 UTC (rev 9953)
+++ data/CVE/list	2008-10-02 13:59:22 UTC (rev 9954)
@@ -149,7 +149,7 @@
 CVE-2008-4303
 	RESERVED
 CVE-2008-4302 (fs/splice.c in the splice subsystem in the Linux kernel before ...)
-	TODO: check
+	- linux-2.6 2.6.22-4 (low)
 CVE-2008-4301 (A certain ActiveX control in iisext.dll in Microsoft Internet ...)
 	NOT-FOR-US: Microsoft
 CVE-2008-4300 (A certain ActiveX control in adsiis.dll in Microsoft Internet ...)
@@ -330,7 +330,9 @@
 CVE-2008-4211
 	RESERVED
 CVE-2008-4210 (fs/open.c in the Linux kernel before 2.6.22 does not properly strip ...)
-	TODO: check
+	- linux-2.6 2.6.22-1
+	NOTE: easily exploitable but of limited use as the attacker already needs access to a
+	NOTE: directory that is setgid to the group he wants to get privileges for
 CVE-2008-4209
 	RESERVED
 CVE-2008-4208 (Unspecified vulnerability in OSADS Alliance Database before 2.1 has ...)




More information about the Secure-testing-commits mailing list