[Secure-testing-commits] r12635 - data/CVE

[Michael Gilbert]

Author: gilbert-guest
Date: 2009-08-19 00:28:50 +0000 (Wed, 19 Aug 2009)
New Revision: 12635

Modified:
   data/CVE/list
Log:
cves were assigned for the latest round of kernel issues


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-08-18 22:06:44 UTC (rev 12634)
+++ data/CVE/list	2009-08-19 00:28:50 UTC (rev 12635)
@@ -1,3 +1,20 @@
+CVE-2009-2849 [linux-2.6: md raid null pointer dereference (when sysfs available)]
+	- linux-2.6 2.6.30-4 (medium)
+	- linux-2.6.24 <removed>
+CVE-2009-2848 [linux-2.6: execve must clear current->child_tid]
+	- linux-2.6 <unfixed> (low)
+	- linux-2.6.24 <removed>
+CVE-2009-2847 [linux-2.6: information disclosure to user space on 64-bit hosts]
+	- linux-2.6 2.6.30-6 (low)
+	- linux-2.6.24 <removed>
+CVE-2009-2846 [linux-2.6: parisc eisa underflow]
+	- linux-2.6 2.6.30-6 (low)
+	- linux-2.6.24 <removed>
+CVE-2009-2844 [linux-2.6: cfg80211 missing NULL ptr checks]
+	- linux-2.6 <unfixed> (medium)
+	[etch] - linux-2.6 <not-affected> (vulnerability introduced in 2.6.30)
+	[lenny] - linux-2.6 <not-affected> (vulnerability introduced in 2.6.30)
+	- linux-2.6.24 <not-affected> (vulnerability introduced in 2.6.30)
 CVE-2009-2843
 	RESERVED
 CVE-2009-2842
@@ -205,9 +222,15 @@
 CVE-2009-2769 (PHP remote file inclusion vulnerability in include/timesheet.php in ...)
 	NOT-FOR-US: Ultrize TimeSheet
 CVE-2009-2768 (The load_flat_shared_library function in fs/binfmt_flat.c in the flat ...)
-	TODO: check
+	- linux-2.6 2.6.30-6 (medium)
+	[etch] - linux-2.6 <not-affected> (kernel/cred.c introduced in 2.6.29)
+	[lenny] - linux-2.6 <not-affected> (kernel/cred.c introduced in 2.6.29)
+	- linux-2.6.24 <not-affected> (kernel/cred.c introduced in 2.6.29)
 CVE-2009-2767 (The init_posix_timers function in kernel/posix-timers.c in the Linux ...)
-	TODO: check
+	- linux-2.6 2.6.30-6 (medium)
+	[etch] - linux-2.6 <not-affected> (introduced in 2.6.28)
+	[lenny] - linux-2.6 <not-affected> (introduced in 2.6.28)
+	- linux-2.6.24 <not-affected> (introduced in 2.6.28)
 CVE-2009-2766 (httpd.c in httpd in the management GUI in DD-WRT 24 sp1 does not ...)
 	NOT-FOR-US: DD-WRT
 CVE-2009-2765 (httpd.c in httpd in the management GUI in DD-WRT 24 sp1, and other ...)
@@ -451,10 +474,6 @@
 	TODO: request cve it
 CVE-2009-XXXX [gri: insecure temp file generation]
 	- gri 2.12.18-1 (low)
-CVE-2009-XXXX [linux-2.6: parisc eisa underflow]
-	- linux-2.6 2.6.30-6 (low)
-	- linux-2.6.24 <removed>
-	NOTE: cve id already requested on oss-sec
 CVE-2009-2715 (Sun VirtualBox 2.2 through 3.0.2 r49928 allows guest OS users to cause ...)
 	- virtualbox-ose 3.0.4-dfsg-1 (medium)
 CVE-2009-2714 (Unspecified vulnerability in Sun VirtualBox 3.0.0 and 3.0.2 allows ...)
@@ -528,16 +547,6 @@
 CVE-2009-XXXX [php5: 'open_basedir' bypass]
 	- php5 <unfixed> (unimportant; bug #540606)
 	NOTE: only affects 5.3.0 in experimental, open_basedir unsupported
-CVE-2009-XXXX [linux-2.6: do_nanosleep() null pointer dereference]
-	- linux-2.6 <unfixed> (medium)
-	[etch] - linux-2.6 <not-affected> (introduced in 2.6.28)
-	[lenny] - linux-2.6 <not-affected> (introduced in 2.6.28)
-	[squeeze] - linux-2.6 <not-affected> (introduced in 2.6.28)
-	- linux-2.6.24 <not-affected> (introduced in 2.6.28)
-CVE-2009-XXXX [linux-2.6: md raid null pointer dereference (when sysfs available)]
-	- linux-2.6 <unfixed> (medium)
-	- linux-2.6.24 <removed>
-	NOTE: CVE id requested on oss-sec
 CVE-2009-2710
 	RESERVED
 CVE-2009-2709
@@ -734,12 +743,6 @@
 	NOT-FOR-US: MDaemon WorldClient
 CVE-2008-6892 (SQL injection vulnerability in lire/index.php in Peel 3.1 allows ...)
 	NOT-FOR-US: Peel
-CVE-2009-XXXX [linux-2.6: information disclosure to user space on 64-bit hosts]
-	- linux-2.6 <unfixed> (low)
-	- linux-2.6.24 <removed>
-CVE-2009-XXXX [linux-2.6: execve must clear current->child_tid]
-	- linux-2.6 <unfixed> (low)
-	- linux-2.6.24 <removed>
 CVE-2009-XXXX [VLC: integer underflow in Real RTSP]
 	- vlc 1.0.1-1
 	- mplayer <unfixed>