[Secure-testing-commits] r11562 - data/CVE

Sat Apr 4 09:57:17 UTC 2009

Author: jmm-guest
Date: 2009-04-04 09:57:16 +0000 (Sat, 04 Apr 2009)
New Revision: 11562

Modified:
   data/CVE/list
Log:
kernel fixes


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2009-04-03 23:01:04 UTC (rev 11561)
+++ data/CVE/list	2009-04-04 09:57:16 UTC (rev 11562)
@@ -1620,25 +1620,25 @@
 	NOT-FOR-US: Onguma Time Sheet component for Joomla!
 CVE-2009-0748 (The ext4_fill_super function in fs/ext4/super.c in the Linux kernel ...)
 	{DSA-1749-1}
-	- linux-2.6 <unfixed> (low)
+	- linux-2.6 2.6.29-1 (low)
 	[etch] - linux-2.6 <not-affected> (ext4 not yet present)
 	- linux-2.6.24 <unfixed> (low)
 	NOTE: Since the feature is experimental until 2.6.27, I don't think we need to fix this
 CVE-2009-0747 (The ext4_isize function in fs/ext4/ext4.h in the Linux kernel 2.6.27 ...)
 	{DSA-1749-1}
-	- linux-2.6 <unfixed> (low)
+	- linux-2.6 2.6.28-2 (low)
 	[etch] - linux-2.6 <not-affected> (ext4 not yet present)
 	- linux-2.6.24 <unfixed> (low)
 	NOTE: Since the feature is experimental until 2.6.27, I don't think we need to fix this
 CVE-2009-0746 (The make_indexed_dir function in fs/ext4/namei.c in the Linux kernel ...)
 	{DSA-1749-1}
-	- linux-2.6 <unfixed> (low)
+	- linux-2.6 2.6.28-1 (low)
 	[etch] - linux-2.6 <not-affected> (ext4 not yet present)
 	- linux-2.6.24 <unfixed> (low)
 	NOTE: Since the feature is experimental until 2.6.27, I don't think we need to fix this
 CVE-2009-0745 (The ext4_group_add function in fs/ext4/resize.c in the Linux kernel ...)
 	{DSA-1749-1}
-	- linux-2.6 <unfixed> (low)
+	- linux-2.6 2.6.29-1 (low)
 	[etch] - linux-2.6 <not-affected> (ext4 not yet present)
 	- linux-2.6.24 <unfixed> (low)
 	NOTE: Since the feature is experimental until 2.6.27, I don't think we need to fix this
@@ -1906,7 +1906,7 @@
 	NOT-FOR-US: RavenNuke
 CVE-2009-0676 (The sock_getsockopt function in net/core/sock.c in the Linux kernel ...)
 	{DSA-1749-1}
-	- linux-2.6 <unfixed> (low)
+	- linux-2.6 2.6.29-1 (low)
 	- linux-2.6.24 <unfixed> (low)
 	NOTE: Original fix was incomplete/risky, see:
 	NOTE: <http://marc.info/?l=linux-kernel&m=123540732700371&w=2>
@@ -1914,7 +1914,7 @@
 	NOTE: lacks initialzer for len.  Leak confirmed with fixed reproducer.
 CVE-2009-0675 (The skfp_ioctl function in drivers/net/skfp/skfddi.c in the Linux ...)
 	{DSA-1749-1}
-	- linux-2.6 <unfixed> (low)
+	- linux-2.6 2.6.29-1 (low)
 	- linux-2.6.24 <unfixed> (low)
 	NOTE: Didn't check 2.6.24 so far, only temporary for now
 CVE-2009-0674 (images/captcha.php in Raven Web Services RavenNuke 2.30, when ...)
@@ -3364,7 +3364,7 @@
 	NOT-FOR-US: BibCiter
 CVE-2009-0322 (drivers/firmware/dell_rbu.c in the Linux kernel before 2.6.27.13, and ...)
 	{DSA-1749-1}
-	- linux-2.6 <unfixed> (low)
+	- linux-2.6 2.6.29-1 (low)
 	- linux-2.6.24 <removed>
 CVE-2009-0321 (Apple Safari 3.2.1 (aka AppVer 3.525.27.1) on Windows allows remote ...)
 	NOT-FOR-US: Apple Safari on Windows
@@ -3542,7 +3542,7 @@
 	NOT-FOR-US: Novell GroupWise
 CVE-2009-0269 (fs/ecryptfs/inode.c in the eCryptfs subsystem in the Linux kernel ...)
 	{DSA-1749-1}
-	- linux-2.6 <unfixed>
+	- linux-2.6 2.6.29-1
 	[etch] - linux-2.6 <not-affected> (ecryptfs was merged in 2.6.19)
 	- linux-2.6.24 <removed>
 CVE-2009-0265 (Internet Systems Consortium (ISC) BIND 9.6.0 and earlier does not ...)
@@ -4238,7 +4238,7 @@
 	TODO: will be presented at Black Hat
 CVE-2009-0065 (Buffer overflow in net/sctp/sm_statefuns.c in the Stream Control ...)
 	{DSA-1749-1}
-	- linux-2.6 2.6.26-14
+	- linux-2.6 2.6.29-1
 	- linux-2.6.24 <removed>
 CVE-2009-0064
 	RESERVED
@@ -4915,7 +4915,7 @@
 	NOT-FOR-US: issue affects pdfdistiller
 CVE-2009-0031 (Memory leak in the keyctl_join_session_keyring function ...)
 	{DSA-1749-1}
-	- linux-2.6 <unfixed> (low)
+	- linux-2.6 2.6.29-1 (low)
 	- linux-2.6.24 <removed>
 CVE-2009-0030 (A certain Red Hat patch for SquirrelMail 1.4.8 sets the same SQMSESSID ...)
 	- squirrelmail <not-affected> (RedHat-specific regression)


