[Secure-testing-commits] r12274 - data/CVE
Michael Gilbert
gilbert-guest at alioth.debian.org
Sun Jul 5 04:19:01 UTC 2009
Author: gilbert-guest
Date: 2009-07-05 04:19:00 +0000 (Sun, 05 Jul 2009)
New Revision: 12274
Modified:
data/CVE/list
Log:
new kernel issue triage and bug submitted for pidgin issue
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-07-05 03:30:28 UTC (rev 12273)
+++ data/CVE/list 2009-07-05 04:19:00 UTC (rev 12274)
@@ -52,7 +52,10 @@
CVE-2009-2289 (Cross-site scripting (XSS) vulnerability in index.php in Arcade Trade ...)
NOT-FOR-US: Arcade Trade Script
CVE-2009-2287 (The kvm_arch_vcpu_ioctl_set_sregs function in the KVM in Linux kernel ...)
- TODO: check
+ - linux-2.6 <unfixed> (low)
+ - linux-2.6.24 <removed>
+ NOTE: upstream 2.6.30 does not contain the patch for this issue
+ TODO: check 2.6.31 when it is released
CVE-2009-2285 (Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 ...)
- tiff 3.8.2-12 (low; bug #534137)
NOTE: this doesn't allow code execution, only a crash.
@@ -1017,7 +1020,7 @@
RESERVED
- apache2 <unfixed>
CVE-2009-1889 (The OSCAR protocol implementation in Pidgin before 2.5.8 misinterprets ...)
- - pidgin 2.5.8-1 (low)
+ - pidgin 2.5.8-1 (low; bug #535790)
NOTE: http://developer.pidgin.im/ticket/9483
NOTE: http://developer.pidgin.im/viewmtn/revision/info/9bac0a540156fb1848eedd61c8630737dee752c7
CVE-2009-1888 (The acl_group_override function in smbd/posix_acls.c in smbd in Samba ...)
@@ -2377,8 +2380,13 @@
- linux-2.6 2.6.26-16 (high; bug #532376)
- linux-2.6.24 <removed>
NOTE: potential for kernel memory corruption by remote attacker
-CVE-2009-1388
+CVE-2009-1388 [linux-2.6: deadlock between ptrace and coredump]
RESERVED
+ - linux-2.6 <not-affected> (problem in redhat-specific kernel patches)
+ - linux-2.6.24 <removed>
+ NOTE: i can't find the ptrace_start() code in any of the debian kernels,
+ NOTE: so my best guess is that this is a problem in a redhat-specific patch
+ NOTE: see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-1388
CVE-2009-1387 (The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in ...)
- openssl 0.9.8k-2 (low; bug #532037)
- openssl097 <not-affected> (DTLS support was introduced in 0.9.8)
More information about the Secure-testing-commits
mailing list