[Secure-testing-commits] r12488 - data/CVE

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Wed Aug 5 19:18:04 UTC 2009 

Author: jmm-guest
Date: 2009-08-05 19:17:53 +0000 (Wed, 05 Aug 2009)
New Revision: 12488

Modified:
   data/CVE/list
Log:
- new minor DoS issue, maintainer has been notified about spu
- adapt flash entry to the tracking we applied so far
- mark 2.6.24 as also not-affected


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-08-05 13:18:57 UTC (rev 12487)
+++ data/CVE/list	2009-08-05 19:17:53 UTC (rev 12488)
@@ -64,7 +64,7 @@
 CVE-2009-2650 (Heap-based buffer overflow in Sorcerer Software MultiMedia Jukebox 4.0 ...)
 	NOT-FOR-US: Sorcerer Software MultiMedia Jukebox
 CVE-2009-2649 (The IATA (ata) driver in FreeBSD 6.0 and 8.0, when read access to /dev ...)
-	NOT-FOR-US: FreeBSD
+	TODO: Check, this might affect KFreeBSD
 CVE-2009-2648 (FlashDen Guestbook allows remote attackers to obtain configuration ...)
 	NOT-FOR-US: FlashDen Guestbook
 CVE-2009-2647 (Unspecified vulnerability in Kaspersky Anti-Virus 2010 and Kaspersky ...)
@@ -93,6 +93,10 @@
 	NOTE: CVE id request on oss-sec
 CVE-2009-2643 (Multiple unspecified vulnerabilities in the PDF distiller in the ...)
 	NOT-FOR-US: BlackBerry Products
+CVE-2009-XXXX [ser2net DoS]
+	- set2net <unfixed> (low; bug #535159)
+	[etch] - ser2net <no-dsa> (Minor issue)
+	[lenny] - ser2net <no-dsa> (Minor issue)
 CVE-2009-2642 (index.php in Desi Short URL Script 1.0 allows remote attackers to ...)
 	NOT-FOR-US: Desi Short URL
 CVE-2009-2641 (PHP remote file inclusion vulnerability in ...)
@@ -702,11 +706,13 @@
 	{DSA-1845-1 DSA-1844-1}
 	- linux-2.6 2.6.30-5 (medium)
 	[etch] - linux-2.6 <not-affected> (ecryptfs code introduced after 2.6.18)
+	[etch] - linux-2.6 <not-affected> (ecryptfs not yet present)
 	- linux-2.6.24 <removed>
 CVE-2009-2406 (Stack-based buffer overflow in the parse_tag_11_packet function in ...)
 	{DSA-1845-1 DSA-1844-1}
 	- linux-2.6 2.6.30-5 (medium)
 	[etch] - linux-2.6 <not-affected> (ecryptfs code introduced after 2.6.18)
+	[etch] - linux-2.6 <not-affected> (ecryptfs not yet present)
 	- linux-2.6.24 <removed>
 CVE-2009-2405
 	RESERVED
@@ -2098,7 +2104,7 @@
 CVE-2009-1863 (Unspecified vulnerability in Adobe Flash Player before 9.0.246.0 and ...)
 	TODO: check
 CVE-2009-1862 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x through ...)
-	- flashplugin-nonfree <unfixed> (bug #538240)
+	NOT-FOR-US: Adobe Flash Player
 CVE-2009-1861 (Multiple heap-based buffer overflows in Adobe Reader 7 and Acrobat 7 ...)
 	NOT-FOR-US: Adobe Reader
 CVE-2009-1860 (Unspecified vulnerability in Adobe Shockwave Player before 11.5.0.600 ...)
@@ -3427,7 +3433,7 @@
 	NOTE: potential for kernel memory corruption by remote attacker
 CVE-2009-1388 (The ptrace_start function in kernel/ptrace.c in the Linux kernel ...)
 	- linux-2.6 <not-affected> (problem in redhat-specific kernel patches)
-	- linux-2.6.24 <removed>
+	- linux-2.6.24 <not-affected> (problem in redhat-specific kernel patches)
 	NOTE: i can't find the ptrace_start() code in any of the debian kernels,
 	NOTE: so my best guess is that this is a problem in a redhat-specific patch
 	NOTE: see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-1388

More information about the Secure-testing-commits mailing list