[Secure-testing-commits] r10085 - data/CVE

dannf at alioth.debian.org dannf at alioth.debian.org
Tue Oct 14 16:07:46 UTC 2008 

Author: dannf
Date: 2008-10-14 16:07:45 +0000 (Tue, 14 Oct 2008)
New Revision: 10085

Modified:
   data/CVE/list
Log:
various linux kernel updates

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-10-14 15:57:10 UTC (rev 10084)
+++ data/CVE/list	2008-10-14 16:07:45 UTC (rev 10085)
@@ -181,6 +181,8 @@
 	NOT-FOR-US: Nucleus EUC-JP 
 CVE-2008-4445 (The sctp_auth_ep_set_hmacs function in net/sctp/auth.c in the Stream ...)
 	- linux-2.6 2.6.26-5
+	- linux-2.6.24 <unfixed>
+	[etch] - linux-2.6 <not-affected> (vulnerable code not present)
 CVE-2008-4444
 	RESERVED
 CVE-2008-4443
@@ -251,6 +253,8 @@
 	RESERVED
 CVE-2008-4410 (The vmi_write_ldt_entry function in arch/x86/kernel/vmi_32.c in the ...)
 	- linux-2.6 2.6.26-8
+	- linux-2.6.24 <not-affected> (Vulnerable code not present)
+	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
 CVE-2008-4409 (libxml2 2.7.0 and 2.7.1 does not properly handle &quot;predefined entities ...)
 	- libxml2 <not-affected> (Vulnerable code not present, introduced in 2.7.0)
 	TODO: check again if >= 2.7 gets uploaded
@@ -559,6 +563,7 @@
 CVE-2008-4302 (fs/splice.c in the splice subsystem in the Linux kernel before ...)
 	{DSA-1653-1}
 	- linux-2.6 2.6.22-4 (low)
+	- linux-2.6.24 <not-affected> (Vulnerable code not present)
 CVE-2008-4301 (** DISPUTED ** ...)
 	NOT-FOR-US: Microsoft
 CVE-2008-4300 (A certain ActiveX control in adsiis.dll in Microsoft Internet ...)
@@ -742,6 +747,7 @@
 CVE-2008-4210 (fs/open.c in the Linux kernel before 2.6.22 does not properly strip ...)
 	{DSA-1653-1}
 	- linux-2.6 2.6.22-1
+	- linux-2.6.24 <not-affected> (Vulnerable code not prsent)
 	NOTE: easily exploitable but of limited use as the attacker already needs access to a
 	NOTE: directory that is setgid to the group he wants to get privileges for
 CVE-2008-4209
@@ -1456,6 +1462,7 @@
 CVE-2007-6716 (fs/direct-io.c in the dio subsystem in the Linux kernel before 2.6.23 ...)
 	{DSA-1653-1}
 	- linux-2.6 2.6.23-1
+	- linux-2.6.24 <not-affected> (Vulnerable code not present)
 CVE-2008-3962 (The from_format function in ssmtp.c in ssmtp 2.61 and 2.62, in certain ...)
 	- ssmtp 2.62-1.1 (low; bug #498366)
 	[etch] - ssmtp <no-dsa> (Minor issue, only affects rare corner cases)
@@ -1683,6 +1690,7 @@
 	- linux-2.6.24 <not-affected> (Fixed in upstream before 2.6.24)
 CVE-2008-3832 (A certain Fedora patch for the utrace subsystem in the Linux kernel ...)
 	- linux-2.6 <not-affected> (Fedora-specific patch)
+	- linux-2.6.24 <not-affected> (Fedora-specific patch)
 CVE-2008-3831
 	RESERVED
 CVE-2008-3830 (Condor before 7.0.5 does not properly handle when the configuration ...)

More information about the Secure-testing-commits mailing list