[Secure-testing-commits] r12100 - data/CVE

Michael Gilbert gilbert-guest at alioth.debian.org
Wed Jun 10 23:00:52 UTC 2009 

Author: gilbert-guest
Date: 2009-06-10 23:00:51 +0000 (Wed, 10 Jun 2009)
New Revision: 12100

Modified:
   data/CVE/list
Log:
kernel issue triage


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-06-10 22:27:51 UTC (rev 12099)
+++ data/CVE/list	2009-06-10 23:00:51 UTC (rev 12100)
@@ -219,7 +219,7 @@
 CVE-2009-1915 (Stack-based buffer overflow in the URL Search Hook (ICQToolBar.dll) in ...)
 	NOT-FOR-US: ICQ
 CVE-2009-1914 (The pci_register_iommu_region function in ...)
-	- linux-2.6 <unfixed>
+	- linux-2.6 <unfixed> (low; bug #532722)
 	- linux-2.6.24 <removed>
 CVE-2009-1913 (SQL injection vulnerability in manager.php in LuxBum 0.5.5, when ...)
 	NOT-FOR-US: LuxBum
@@ -1562,8 +1562,11 @@
 	RESERVED
 CVE-2009-1390
 	RESERVED
-CVE-2009-1389
+CVE-2009-1389 [linux-2.6: packet overflow]
 	RESERVED
+	- linux-2.6 <unfixed> (high; bug #532376)
+	- linux-2.6.24 <removed>
+	NOTE: potential for kernel memory corruption by remote attacker
 CVE-2009-1388
 	RESERVED
 CVE-2009-1387 (The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in ...)
@@ -1573,7 +1576,7 @@
 	- openssl 0.9.8k-1 (low; bug #532037)
 	- openssl097 <not-affected> (DTLS support was introduced in 0.9.8)
 CVE-2009-1385 (Integer underflow in the e1000_clean_rx_irq function in ...)
-	- linux-2.6 <unfixed>
+	- linux-2.6 <unfixed> (low; bug #532721)
 	- linux-2.6.24 <removed>
 CVE-2009-1384 (pam_krb5 2.2.14 through 2.3.4, as used in Red Hat Enterprise Linux ...)
 	NOT-FOR-US: Different code base than Debian's libpam-krb5
@@ -2511,7 +2514,9 @@
 CVE-2009-1190 (Algorithmic complexity vulnerability in the ...)
 	NOT-FOR-US: Spring Framework
 CVE-2009-1189 (The _dbus_validate_signature_with_reason function ...)
-	- dbus 1.2.14-1
+	- dbus 1.2.14-1 (high; bug #532720)
+	NOTE: remote signature spoofing possible, and this was supposed to be
+	NOTE: originally fixed with the updates for CVE-2008-3834
 CVE-2009-1188 (Integer overflow in the JBIG2 decoding feature in Poppler before ...)
 	- poppler 0.10.6-1 (medium; bug #524806)
 	[lenny] - poppler 0.8.7-2

More information about the Secure-testing-commits mailing list