[Secure-testing-commits] r10085 - data/CVE
dannf at alioth.debian.org
dannf at alioth.debian.org
Tue Oct 14 16:07:46 UTC 2008
Author: dannf
Date: 2008-10-14 16:07:45 +0000 (Tue, 14 Oct 2008)
New Revision: 10085
Modified:
data/CVE/list
Log:
various linux kernel updates
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-10-14 15:57:10 UTC (rev 10084)
+++ data/CVE/list 2008-10-14 16:07:45 UTC (rev 10085)
@@ -181,6 +181,8 @@
NOT-FOR-US: Nucleus EUC-JP
CVE-2008-4445 (The sctp_auth_ep_set_hmacs function in net/sctp/auth.c in the Stream ...)
- linux-2.6 2.6.26-5
+ - linux-2.6.24 <unfixed>
+ [etch] - linux-2.6 <not-affected> (vulnerable code not present)
CVE-2008-4444
RESERVED
CVE-2008-4443
@@ -251,6 +253,8 @@
RESERVED
CVE-2008-4410 (The vmi_write_ldt_entry function in arch/x86/kernel/vmi_32.c in the ...)
- linux-2.6 2.6.26-8
+ - linux-2.6.24 <not-affected> (Vulnerable code not present)
+ [etch] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2008-4409 (libxml2 2.7.0 and 2.7.1 does not properly handle "predefined entities ...)
- libxml2 <not-affected> (Vulnerable code not present, introduced in 2.7.0)
TODO: check again if >= 2.7 gets uploaded
@@ -559,6 +563,7 @@
CVE-2008-4302 (fs/splice.c in the splice subsystem in the Linux kernel before ...)
{DSA-1653-1}
- linux-2.6 2.6.22-4 (low)
+ - linux-2.6.24 <not-affected> (Vulnerable code not present)
CVE-2008-4301 (** DISPUTED ** ...)
NOT-FOR-US: Microsoft
CVE-2008-4300 (A certain ActiveX control in adsiis.dll in Microsoft Internet ...)
@@ -742,6 +747,7 @@
CVE-2008-4210 (fs/open.c in the Linux kernel before 2.6.22 does not properly strip ...)
{DSA-1653-1}
- linux-2.6 2.6.22-1
+ - linux-2.6.24 <not-affected> (Vulnerable code not prsent)
NOTE: easily exploitable but of limited use as the attacker already needs access to a
NOTE: directory that is setgid to the group he wants to get privileges for
CVE-2008-4209
@@ -1456,6 +1462,7 @@
CVE-2007-6716 (fs/direct-io.c in the dio subsystem in the Linux kernel before 2.6.23 ...)
{DSA-1653-1}
- linux-2.6 2.6.23-1
+ - linux-2.6.24 <not-affected> (Vulnerable code not present)
CVE-2008-3962 (The from_format function in ssmtp.c in ssmtp 2.61 and 2.62, in certain ...)
- ssmtp 2.62-1.1 (low; bug #498366)
[etch] - ssmtp <no-dsa> (Minor issue, only affects rare corner cases)
@@ -1683,6 +1690,7 @@
- linux-2.6.24 <not-affected> (Fixed in upstream before 2.6.24)
CVE-2008-3832 (A certain Fedora patch for the utrace subsystem in the Linux kernel ...)
- linux-2.6 <not-affected> (Fedora-specific patch)
+ - linux-2.6.24 <not-affected> (Fedora-specific patch)
CVE-2008-3831
RESERVED
CVE-2008-3830 (Condor before 7.0.5 does not properly handle when the configuration ...)
More information about the Secure-testing-commits
mailing list