[Secure-testing-commits] r12283 - data/CVE

Michael Gilbert gilbert-guest at alioth.debian.org
Mon Jul 6 01:39:58 UTC 2009 

Author: gilbert-guest
Date: 2009-07-06 01:39:56 +0000 (Mon, 06 Jul 2009)
New Revision: 12283

Modified:
   data/CVE/list
Log:
unstable kernel issue triage


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-07-05 23:54:05 UTC (rev 12282)
+++ data/CVE/list	2009-07-06 01:39:56 UTC (rev 12283)
@@ -1719,6 +1719,7 @@
 CVE-2009-1633 (Multiple buffer overflows in the cifs subsystem in the Linux kernel ...)
 	{DSA-1809-1}
 	- linux-2.6 <unfixed>
+	NOTE: 2.6.30-1 appears to be fixed, but there has been a lot of refactoring; making it hard to confirm
 	[squeeze] - linux-2.6 2.6.26-17
 	- linux-2.6.24 <removed>
 CVE-2009-1632 (Multiple memory leaks in Ipsec-tools before 0.7.2 allow remote ...)
@@ -1731,7 +1732,7 @@
 	NOTE: it can be fixed along
 CVE-2009-1630 (The nfs_permission function in fs/nfs/dir.c in the NFS client ...)
 	{DSA-1809-1}
-	- linux-2.6 <unfixed>
+	- linux-2.6 2.6.30-1 
 	[squeeze] - linux-2.6 2.6.26-17
 	- linux-2.6.24 <removed>
 CVE-2009-1629 (ajaxterm.js in AjaxTerm 0.10 and earlier generates session IDs with ...)
@@ -2636,7 +2637,7 @@
 	NOTE: We should probably request removal from unstable, replaced by foswiki
 CVE-2009-1338 (The kill_something_info function in kernel/signal.c in the Linux ...)
 	{DSA-1800-1 DSA-1787-1}
-	- linux-2.6 <unfixed>
+	- linux-2.6 2.6.30-1 
 	[squeeze] - linux-2.6 2.6.26-17
 	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
 CVE-2009-1337 (The exit_notify function in kernel/exit.c in the Linux kernel before ...)
@@ -3082,7 +3083,7 @@
 	- linux-2.6.24 <not-affected> (Issue was introduced after 2.6.27 release)
 CVE-2009-1242 (The vmx_set_msr function in arch/x86/kvm/vmx.c in the VMX ...)
 	{DSA-1800-1 DSA-1787-1}
-	- linux-2.6 <unfixed>
+	- linux-2.6 2.6.30-1 
 	[squeeze] - linux-2.6 2.6.26-17
 	[etch] - linux-2.6 <not-affected> (Doesn't include KVM yet)
 	- linux-2.6.24 <removed>
@@ -4608,16 +4609,17 @@
 	- dash <not-affected> (Debian uses upstream's patch to implement -l)
 CVE-2009-0835 (The __secure_computing function in kernel/seccomp.c in the seccomp ...)
 	{DSA-1800-1}
-	- linux-2.6 <unfixed> (low)
+	- linux-2.6 2.6.30-1 (low)
 	[squeeze] - linux-2.6 2.6.26-17
 	[etch] - linux-2.6 <not-affected> (Not enabled in 2.6.18)
-	- linux-2.6.24 <unfixed> (unimportant)
+	- linux-2.6.24 <removed>
+	[etch] - linux-2.6.24 <no-dsa> (unimportant)
 	NOTE: CONFIG_SECCOMP has only been enabled in 2.6.26
 CVE-2009-0834 (The audit_syscall_entry function in the Linux kernel 2.6.28.7 and ...)
 	{DSA-1800-1 DSA-1794-1 DSA-1787-1}
-	- linux-2.6 <unfixed> (low)
+	- linux-2.6 2.6.30-1 (low)
 	[squeeze] - linux-2.6 2.6.26-17
-	- linux-2.6.24 <unfixed> (low)
+	- linux-2.6.24 <removed>
 CVE-2009-0833 (Heap-based buffer overflow in gen_msn.dll in the gen_msn plugin 0.31 ...)
 	NOT-FOR-US: Winamp
 CVE-2009-0832 (SQL injection vulnerability in items.php in the E-Cart module 1.3 for ...)

More information about the Secure-testing-commits mailing list