[Secure-testing-commits] r12079 - data/CVE
Michael Gilbert
gilbert-guest at alioth.debian.org
Mon Jun 8 20:56:42 UTC 2009
Author: gilbert-guest
Date: 2009-06-08 20:56:42 +0000 (Mon, 08 Jun 2009)
New Revision: 12079
Modified:
data/CVE/list
Log:
add squeeze tags for kernel issues since the stable kernel was migrated to testing
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-06-08 19:23:53 UTC (rev 12078)
+++ data/CVE/list 2009-06-08 20:56:42 UTC (rev 12079)
@@ -982,8 +982,9 @@
- linux-2.6 2.6.29-5 (high)
[etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.29)
[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.29)
+ [squeeze] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.29)
NOTE: vulnerability introduced in commit d84f4f99, which has only been included in the kernel since 2.6.29
- NOTE: However, d84f4f99 was introduced on 13th Nov 2008, so must've been included in 2.6.28 at least?
+ NOTE: i had checked 2.6.28, 2.6.26, 2.6.24, and 2.6.18 and have now rechecked. the vulnerable code is not present until 2.6.29
CVE-2009-1526 (JBMC Software DirectAdmin before 1.334 allows local users to create or ...)
NOT-FOR-US: Directadmin
CVE-2009-1525 (CMD_DB in JBMC Software DirectAdmin before 1.334 allows remote ...)
@@ -1444,6 +1445,7 @@
- linux-2.6 2.6.29-1 (low; bug #529342)
[etch] - linux-2.6 <not-affected> (Introduced in 2.6.27)
[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.27)
+ [squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.27)
- linux-2.6.24 <not-affected> (Introduced in 2.6.27)
CVE-2009-1411 (SQL injection vulnerability in events/inc/events.inc.php in the Events ...)
NOT-FOR-US: Seditio CMS
@@ -3167,6 +3169,7 @@
- linux-2.6 <unfixed> (low)
[etch] - linux-2.6 <not-affected> (Vulnerability was introduced in 2.6.27-rc9)
[lenny] - linux-2.6 <not-affected> (Vulnerability was introduced in 2.6.27-rc9)
+ [squeeze] - linux-2.6 <not-affected> (Vulnerability was introduced in 2.6.27-rc9)
- linux-2.6.24 <not-affected> (Vulnerability was introduced in 2.6.27-rc9)
CVE-2009-0933 (Cross-site scripting (XSS) vulnerability in the administrative ...)
NOT-FOR-US: Dotclear
@@ -3915,24 +3918,28 @@
- linux-2.6 2.6.29-1 (low)
[etch] - linux-2.6 <not-affected> (ext4 not yet present)
- linux-2.6.24 <unfixed> (low)
+ [squeeze] - linux-2.6 2.6.26-13lenny2
NOTE: Since the feature is experimental until 2.6.27, I don't think we need to fix this
CVE-2009-0747 (The ext4_isize function in fs/ext4/ext4.h in the Linux kernel 2.6.27 ...)
{DSA-1749-1}
- linux-2.6 2.6.28-2 (low)
[etch] - linux-2.6 <not-affected> (ext4 not yet present)
- linux-2.6.24 <unfixed> (low)
+ [squeeze] - linux-2.6 2.6.26-13lenny2
NOTE: Since the feature is experimental until 2.6.27, I don't think we need to fix this
CVE-2009-0746 (The make_indexed_dir function in fs/ext4/namei.c in the Linux kernel ...)
{DSA-1749-1}
- linux-2.6 2.6.28-1 (low)
[etch] - linux-2.6 <not-affected> (ext4 not yet present)
- linux-2.6.24 <unfixed> (low)
+ [squeeze] - linux-2.6 2.6.26-13lenny2
NOTE: Since the feature is experimental until 2.6.27, I don't think we need to fix this
CVE-2009-0745 (The ext4_group_add function in fs/ext4/resize.c in the Linux kernel ...)
{DSA-1787-1 DSA-1749-1}
- linux-2.6 2.6.29-1 (low)
[etch] - linux-2.6 <not-affected> (ext4 not yet present)
- linux-2.6.24 <unfixed> (low)
+ [squeeze] - linux-2.6 2.6.26-13lenny2
NOTE: Since the feature is experimental until 2.6.27, I don't think we need to fix this
CVE-2009-0744 (Apple Safari 4 Beta build 528.16 allows remote attackers to cause a ...)
NOT-FOR-US: Apple Safari
@@ -4199,6 +4206,7 @@
{DSA-1794-1 DSA-1787-1 DSA-1749-1}
- linux-2.6 2.6.29-1 (low)
- linux-2.6.24 <unfixed> (low)
+ [squeeze] - linux-2.6 2.6.26-13lenny1
NOTE: Original fix was incomplete/risky, see:
NOTE: <http://marc.info/?l=linux-kernel&m=123540732700371&w=2>
NOTE: Reproducer in <https://bugzilla.redhat.com/show_bug.cgi?id=486305>
@@ -4207,6 +4215,7 @@
{DSA-1794-1 DSA-1787-1 DSA-1749-1}
- linux-2.6 2.6.29-1 (low)
- linux-2.6.24 <removed> (low)
+ [squeeze] - linux-2.6 2.6.26-13lenny2
CVE-2009-0674 (images/captcha.php in Raven Web Services RavenNuke 2.30, when ...)
NOT-FOR-US: RavenNuke
CVE-2009-0673 (Eval injection vulnerability in the Custom Fields feature in the Your ...)
@@ -5684,6 +5693,7 @@
{DSA-1794-1 DSA-1787-1 DSA-1749-1}
- linux-2.6 2.6.29-1 (low)
- linux-2.6.24 <removed>
+ [squeeze] - linux-2.6 2.6.26-13lenny1
CVE-2009-0321 (Apple Safari 3.2.1 (aka AppVer 3.525.27.1) on Windows allows remote ...)
NOT-FOR-US: Apple Safari on Windows
CVE-2009-0320 (Microsoft Windows XP, Server 2003 and 2008, and Vista exposes I/O ...)
@@ -5869,6 +5879,7 @@
{DSA-1787-1 DSA-1749-1}
- linux-2.6 2.6.29-1
[etch] - linux-2.6 <not-affected> (ecryptfs was merged in 2.6.19)
+ [squeeze] - linux-2.6 2.6.26-13lenny1
- linux-2.6.24 <removed>
CVE-2009-0265 (Internet Systems Consortium (ISC) BIND 9.6.0 and earlier does not ...)
- bind9 <not-affected> (vulnerable code not present, introduced in 9.6.x)
@@ -6598,6 +6609,7 @@
{DSA-1794-1 DSA-1787-1 DSA-1749-1}
- linux-2.6 2.6.29-1
- linux-2.6.24 <removed>
+ [squeeze] - linux-2.6 2.6.26-13lenny1
CVE-2009-0064 (Multiple unspecified vulnerabilities in the Control Center in Symantec ...)
NOT-FOR-US: Symantec Brightmail Gateway Appliance
CVE-2009-0063 (Cross-site scripting (XSS) vulnerability in the Control Center in ...)
@@ -7281,12 +7293,14 @@
{DSA-1794-1 DSA-1787-1 DSA-1749-1}
- linux-2.6 2.6.29-1 (low)
- linux-2.6.24 <removed>
+ [squeeze] - linux-2.6 2.6.26-13lenny1
CVE-2009-0030 (A certain Red Hat patch for SquirrelMail 1.4.8 sets the same SQMSESSID ...)
- squirrelmail <not-affected> (RedHat-specific regression)
CVE-2009-0029 (The ABI in the Linux kernel 2.6.28 and earlier on s390, powerpc, ...)
{DSA-1794-1 DSA-1787-1 DSA-1749-1}
- linux-2.6 <unfixed> (medium)
- linux-2.6.24 <removed>
+ [squeeze] - linux-2.6 2.6.26-13lenny1
CVE-2009-0028 (The clone system call in the Linux kernel 2.6.28 and earlier allows ...)
{DSA-1800-1 DSA-1794-1 DSA-1787-1}
- linux-2.6 2.6.29-1
More information about the Secure-testing-commits
mailing list