[Secure-testing-commits] r11261 - data/CVE

Wed Feb 25 06:09:13 UTC 2009

Author: gilbert-guest
Date: 2009-02-25 06:09:12 +0000 (Wed, 25 Feb 2009)
New Revision: 11261

Modified:
   data/CVE/list
Log:
updating severities of latest kernel issues
- CVE-2007-6514: medium severity based on potential for accessing content
- CVE-2008-6107: low severity since issue is a local denial of service
- CVE-2009-0029: medium severity since it may be possible to gain priviledges
- CVE-2009-0031: low severity since issue is a local denial of service
- CVE-2009-0065: high severity since impact is unknown and nvd severity is rated as high
- CVE-2009-0269: medium severity since it is possible to cause memory corruption
- CVE-2009-0322: low severity since it is a local denial of service


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2009-02-25 05:46:32 UTC (rev 11260)
+++ data/CVE/list	2009-02-25 06:09:12 UTC (rev 11261)
@@ -534,8 +534,9 @@
 CVE-2008-6108 (Cross-site scripting (XSS) vulnerability in result.php in Galatolo ...)
 	NOT-FOR-US: Galatolo WebManager
 CVE-2008-6107 (The (1) sys32_mremap function in arch/sparc64/kernel/sys_sparc32.c, ...)
-	- linux-2.6 <unfixed>
+	- linux-2.6 <unfixed> (low)
 	- linux-2.6.24 <removed>
+        NOTE: should this be considered a problem in lenny/squeeze/sid since description says that the problem applies to kernels before 2.6.25.4?
 CVE-2008-6106 (Cross-site request forgery (CSRF) vulnerability in IBM Workplace for ...)
 	NOT-FOR-US: IBM Workplace for Business Controls
 CVE-2008-6105 (Cross-site scripting (XSS) vulnerability in IBM Workplace for Business ...)
@@ -1186,7 +1187,7 @@
 CVE-2009-0324 (Multiple SQL injection vulnerabilities in BibCiter 1.4 allow remote ...)
 	NOT-FOR-US: BibCiter
 CVE-2009-0322 (drivers/firmware/dell_rbu.c in the Linux kernel before 2.6.27.13, and ...)
-	- linux-2.6 <unfixed>
+	- linux-2.6 <unfixed> (low)
 	- linux-2.6.24 <removed>
 CVE-2009-0321 (Apple Safari 3.2.1 (aka AppVer 3.525.27.1) on Windows allows remote ...)
 	NOT-FOR-US: Apple Safari on Windows
@@ -1361,7 +1362,7 @@
 CVE-2009-0272 (Cross-site request forgery (CSRF) vulnerability in Novell GroupWise ...)
 	NOT-FOR-US: Novell GroupWise
 CVE-2009-0269 (fs/ecryptfs/inode.c in the eCryptfs subsystem in the Linux kernel ...)
-	- linux-2.6 <unfixed>
+	- linux-2.6 <unfixed> (medium)
 	[etch] - linux-2.6 <not-affected> (ecryptfs was merged in 2.6.19)
 	- linux-2.6.24 <removed>
 CVE-2009-0265 (Internet Systems Consortium (ISC) BIND 9.6.0 and earlier does not ...)
@@ -2057,7 +2058,7 @@
 CVE-2009-0066 (Multiple unspecified vulnerabilities in Intel system software for ...)
 	TODO: will be presented at Black Hat
 CVE-2009-0065 (Buffer overflow in net/sctp/sm_statefuns.c in the Stream Control ...)
-	- linux-2.6 2.6.26-14
+	- linux-2.6 2.6.26-14 (high)
 	- linux-2.6.24 <removed>
 CVE-2009-0064
 	RESERVED
@@ -2727,12 +2728,12 @@
 CVE-2009-0032 (CUPS on Mandriva Linux 2008.0, 2008.1, 2009.0, Corporate Server (CS) ...)
 	NOT-FOR-US: issue affects pdfdistiller
 CVE-2009-0031 (Memory leak in the keyctl_join_session_keyring function ...)
-	- linux-2.6 <unfixed>
+	- linux-2.6 <unfixed> (low)
 	- linux-2.6.24 <removed>
 CVE-2009-0030 (A certain Red Hat patch for SquirrelMail 1.4.8 sets the same SQMSESSID ...)
 	- squirrelmail <not-affected> (RedHat-specific regression)
 CVE-2009-0029 (The ABI in the Linux kernel 2.6.28 and earlier on s390, powerpc, ...)
-	- linux-2.6 <unfixed>
+	- linux-2.6 <unfixed> (medium)
 	- linux-2.6.24 <removed>
 CVE-2009-0028
 	RESERVED
@@ -16634,7 +16635,7 @@
 CVE-2007-6508 (Directory traversal vulnerability in view.php in xeCMS 1.0 allows ...)
 	NOT-FOR-US: xeCMS
 CVE-2007-6514 (Apache HTTP Server, when running on Linux with a document root on a ...)
-	- linux-2.6 <unfixed> 
+	- linux-2.6 <unfixed> (medium)
 	NOTE: While labeled as an Apache flaw, this needs to be fixed in smbfs
 	NOTE: This is likely already fixed in recent kernels, but we need to pin point
 	NOTE: a fixed version


