[Secure-testing-commits] r12225 - data/CVE

Michael Gilbert gilbert-guest at alioth.debian.org
Mon Jun 29 17:42:53 UTC 2009 

Author: gilbert-guest
Date: 2009-06-29 17:42:52 +0000 (Mon, 29 Jun 2009)
New Revision: 12225

Modified:
   data/CVE/list
Log:
lenny's point release kernel is now in squeeze


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-06-29 17:20:46 UTC (rev 12224)
+++ data/CVE/list	2009-06-29 17:42:52 UTC (rev 12225)
@@ -1148,6 +1148,7 @@
 CVE-2009-1758 (The hypervisor_callback function in Xen, possibly before 3.4.0, as ...)
 	{DSA-1809-1}
 	- linux-2.6 <unfixed>
+	[squeeze] - linux-2.6 2.6.26-17
 	- linux-2.6.24 <removed>
 CVE-2009-1757 (Cross-site request forgery (CSRF) vulnerability in Transmission 1.5 ...)
 	- transmission 1.61-1 (low)
@@ -1449,6 +1450,7 @@
 CVE-2009-1633 (Multiple buffer overflows in the cifs subsystem in the Linux kernel ...)
 	{DSA-1809-1}
 	- linux-2.6 <unfixed>
+	[squeeze] - linux-2.6 2.6.26-17
 	- linux-2.6.24 <removed>
 CVE-2009-1632 (Multiple memory leaks in Ipsec-tools before 0.7.2 allow remote ...)
 	{DSA-1804-1}
@@ -1461,6 +1463,7 @@
 CVE-2009-1630 (The nfs_permission function in fs/nfs/dir.c in the NFS client ...)
 	{DSA-1809-1}
 	- linux-2.6 <unfixed>
+	[squeeze] - linux-2.6 2.6.26-17
 	- linux-2.6.24 <removed>
 CVE-2009-1629 (ajaxterm.js in AjaxTerm 0.10 and earlier generates session IDs with ...)
 	- ajaxterm <unfixed> (medium; bug #528938) 
@@ -2030,6 +2033,7 @@
 CVE-2009-1439 (Buffer overflow in fs/cifs/connect.c in CIFS in the Linux kernel ...)
 	{DSA-1800-1 DSA-1794-1 DSA-1787-1}
 	- linux-2.6 2.6.29-2 (bug #523365)
+	[squeeze] - linux-2.6 2.6.26-17
 	- linux-2.6.24 <removed>
 CVE-2009-1438 (Integer overflow in the CSoundFile::ReadMed function ...)
 	- libmodplug 1:0.8.7-1 (low; bug #526657; bug #527076)
@@ -2358,10 +2362,12 @@
 CVE-2009-1338 (The kill_something_info function in kernel/signal.c in the Linux ...)
 	{DSA-1800-1 DSA-1787-1}
 	- linux-2.6 <unfixed>
+	[squeeze] - linux-2.6 2.6.26-17
 	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
 CVE-2009-1337 (The exit_notify function in kernel/exit.c in the Linux kernel before ...)
 	{DSA-1800-1 DSA-1794-1 DSA-1787-1}
 	- linux-2.6 2.6.29-5
+	[squeeze] - linux-2.6 2.6.26-17
 	- linux-2.6.24 <removed>
 CVE-2009-1336 (fs/nfs/client.c in the Linux kernel before 2.6.23 does not properly ...)
 	{DSA-1794-1}
@@ -2676,6 +2682,7 @@
 CVE-2009-1265 (Integer overflow in rose_sendmsg (sys/net/af_rose.c) in the Linux ...)
 	{DSA-1800-1 DSA-1794-1 DSA-1787-1}
 	- linux-2.6 2.6.29-4
+	[squeeze] - linux-2.6 2.6.26-17
 	- linux-2.6.24 <removed>
 CVE-2009-1264 (Frontend User Registration (sr_feuser_register) extension 2.5.20 and ...)
 	NOT-FOR-US: Frontend User Registration (sr_feuser_register) extension
@@ -2798,6 +2805,7 @@
 CVE-2009-1242 (The vmx_set_msr function in arch/x86/kvm/vmx.c in the VMX ...)
 	{DSA-1800-1 DSA-1787-1}
 	- linux-2.6 <unfixed>
+	[squeeze] - linux-2.6 2.6.26-17
 	[etch] - linux-2.6 <not-affected> (Doesn't include KVM yet)
 	- linux-2.6.24 <removed>
 CVE-2008-6656 (Multiple SQL injection vulnerabilities in Open Auto Classifieds 1.4.3b ...)
@@ -3100,6 +3108,7 @@
 CVE-2009-1192 (The (1) agp_generic_alloc_page and (2) agp_generic_alloc_pages ...)
 	{DSA-1800-1 DSA-1794-1 DSA-1787-1}
 	- linux-2.6 <unfixed>
+	[squeeze] - linux-2.6 2.6.26-17
 	- linux-2.6.24 <removed>
 CVE-2009-1191 (mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server ...)
 	- apache2 2.2.11-4 (low)
@@ -3126,6 +3135,7 @@
 CVE-2009-1184 (The selinux_ip_postroute_iptables_compat function in ...)
 	{DSA-1809-1 DSA-1800-1}
 	- linux-2.6 2.6.29-5
+	[squeeze] - linux-2.6 2.6.26-17
 	[etch] - linux-2.6 <not-affected> (Issue was introduced after 2.6.24 release)
 	- linux-2.6.24 <not-affected> (Issue was introduced after 2.6.24 release)
 CVE-2009-1183 (The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and ...)
@@ -3592,6 +3602,7 @@
 CVE-2009-1072 (nfsd in the Linux kernel before 2.6.28.9 does not drop the CAP_MKNOD ...)
 	{DSA-1800-1}
 	- linux-2.6 2.6.29-1
+	[squeeze] - linux-2.6 2.6.26-17
 	[etch] - linux-2.6 <not-affected> (Issue was introduced after 2.6.24 release)
 	- linux-2.6.24 <not-affected> (Issue was introduced after 2.6.24 release)
 CVE-2009-0934 (Cross-site scripting (XSS) vulnerability in ejabberd before 2.0.4 ...)
@@ -3660,6 +3671,7 @@
 CVE-2009-1046 (The console selection feature in the Linux kernel 2.6.28 before ...)
 	{DSA-1800-1 DSA-1787-1}
 	- linux-2.6 2.6.29-1
+	[squeeze] - linux-2.6 2.6.26-17
 	- linux-2.6.24 <removed>
 	[etch] - linux-2.6 <not-affected> (Introduced in 2.6.23-rc1)
 CVE-2009-1045 (requests/status.xml in VLC 0.9.8a allows remote attackers to cause a ...)
@@ -4317,12 +4329,14 @@
 CVE-2009-0835 (The __secure_computing function in kernel/seccomp.c in the seccomp ...)
 	{DSA-1800-1}
 	- linux-2.6 <unfixed> (low)
+	[squeeze] - linux-2.6 2.6.26-17
 	[etch] - linux-2.6 <not-affected> (Not enabled in 2.6.18)
 	- linux-2.6.24 <unfixed> (unimportant)
 	NOTE: CONFIG_SECCOMP has only been enabled in 2.6.26
 CVE-2009-0834 (The audit_syscall_entry function in the Linux kernel 2.6.28.7 and ...)
 	{DSA-1800-1 DSA-1794-1 DSA-1787-1}
 	- linux-2.6 <unfixed> (low)
+	[squeeze] - linux-2.6 2.6.26-17
 	- linux-2.6.24 <unfixed> (low)
 CVE-2009-0833 (Heap-based buffer overflow in gen_msn.dll in the gen_msn plugin 0.31 ...)
 	NOT-FOR-US: Winamp

More information about the Secure-testing-commits mailing list