[Secure-testing-commits] r11828 - data/CVE

Joey Hess joeyh at alioth.debian.org
Thu May 7 09:14:15 UTC 2009 

Author: joeyh
Date: 2009-05-07 09:14:15 +0000 (Thu, 07 May 2009)
New Revision: 11828

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-05-07 08:56:26 UTC (rev 11827)
+++ data/CVE/list	2009-05-07 09:14:15 UTC (rev 11828)
@@ -338,7 +338,7 @@
 CVE-2009-1441
 	RESERVED
 CVE-2009-1439 (Buffer overflow in fs/cifs/connect.c in CIFS in the Linux kernel ...)
-	{DSA-1787-1}
+	{DSA-1794-1 DSA-1787-1}
 	- linux-2.6 <unfixed>
 	- linux-2.6.24 <removed>
 CVE-2009-1438 (Integer overflow in the CSoundFile::ReadMed function ...)
@@ -631,10 +631,11 @@
 	- linux-2.6 <unfixed>
 	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
 CVE-2009-1337 (The exit_notify function in kernel/exit.c in the Linux kernel before ...)
-	{DSA-1787-1}
+	{DSA-1794-1 DSA-1787-1}
 	- linux-2.6 <unfixed>
 	- linux-2.6.24 <removed>
 CVE-2009-1336 (fs/nfs/client.c in the Linux kernel before 2.6.23 does not properly ...)
+	{DSA-1794-1}
 	- linux-2.6 2.6.23-1
 	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
 CVE-2009-1335 (Microsoft Internet Explorer 7 and 8 on Windows XP and Vista allows ...)
@@ -926,7 +927,7 @@
 CVE-2009-1266 (Unspecified vulnerability in Wireshark before 1.0.7-0.1-1 has unknown ...)
 	NOTE: Dupe of CVE-2009-1210
 CVE-2009-1265 (Integer overflow in rose_sendmsg (sys/net/af_rose.c) in the Linux ...)
-	{DSA-1787-1}
+	{DSA-1794-1 DSA-1787-1}
 	- linux-2.6 2.6.29-4
 	- linux-2.6.24 <unfixed>
 CVE-2009-1264 (Frontend User Registration (sr_feuser_register) extension 2.5.20 and ...)
@@ -1339,7 +1340,7 @@
 CVE-2009-1193
 	RESERVED
 CVE-2009-1192 (drivers/char/agp/generic.c in the agp subsystem in the Linux kernel ...)
-	{DSA-1787-1}
+	{DSA-1794-1 DSA-1787-1}
 	- linux-2.6 <unfixed>
 	- linux-2.6.24 <removed>
 CVE-2009-1191 (mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server ...)
@@ -1587,6 +1588,7 @@
 CVE-2009-1108
 	RESERVED
 CVE-2009-1086 (Heap-based buffer overflow in the ldns_rr_new_frm_str_internal ...)
+	{DSA-1795-1}
 	- ldns 1.5.1-1
 CVE-2008-6560 (Buffer overflow in CMAN - The Cluster Manager before 2.03.09-1 on ...)
 	- redhat-cluster <unfixed>
@@ -2399,7 +2401,7 @@
 CVE-2009-0860 (Cross-site scripting (XSS) vulnerability in the web user interface in ...)
 	NOT-FOR-US: NetMRI
 CVE-2009-0859 (The shm_get_stat function in ipc/shm.c in the shm subsystem in the ...)
-	{DSA-1787-1}
+	{DSA-1794-1 DSA-1787-1}
 	- linux-2.6 2.6.29-1 (unimportant)
 	NOTE: All Debian kernels set CONFIG_SHMEM, so this is moot except
 	NOTE: for locally modified configs and even for that I fail to
@@ -2533,7 +2535,7 @@
 	- linux-2.6.24 <unfixed> (unimportant)
 	NOTE: CONFIG_SECCOMP has only been enabled in 2.6.26
 CVE-2009-0834 (The audit_syscall_entry function in the Linux kernel 2.6.28.7 and ...)
-	{DSA-1787-1}
+	{DSA-1794-1 DSA-1787-1}
 	- linux-2.6 <unfixed> (low)
 	- linux-2.6.24 <unfixed> (low)
 CVE-2009-0833 (Heap-based buffer overflow in gen_msn.dll in the gen_msn plugin 0.31 ...)
@@ -3187,7 +3189,7 @@
 CVE-2009-0677 (avatarlist.php in the Your Account module, reached through ...)
 	NOT-FOR-US: RavenNuke
 CVE-2009-0676 (The sock_getsockopt function in net/core/sock.c in the Linux kernel ...)
-	{DSA-1787-1 DSA-1749-1}
+	{DSA-1794-1 DSA-1787-1 DSA-1749-1}
 	- linux-2.6 2.6.29-1 (low)
 	- linux-2.6.24 <unfixed> (low)
 	NOTE: Original fix was incomplete/risky, see:
@@ -3195,7 +3197,7 @@
 	NOTE: Reproducer in <https://bugzilla.redhat.com/show_bug.cgi?id=486305>
 	NOTE: lacks initialzer for len.  Leak confirmed with fixed reproducer.
 CVE-2009-0675 (The skfp_ioctl function in drivers/net/skfp/skfddi.c in the Linux ...)
-	{DSA-1787-1 DSA-1749-1}
+	{DSA-1794-1 DSA-1787-1 DSA-1749-1}
 	- linux-2.6 2.6.29-1 (low)
 	- linux-2.6.24 <removed> (low)
 CVE-2009-0674 (images/captcha.php in Raven Web Services RavenNuke 2.30, when ...)
@@ -4666,7 +4668,7 @@
 CVE-2009-0324 (Multiple SQL injection vulnerabilities in BibCiter 1.4 allow remote ...)
 	NOT-FOR-US: BibCiter
 CVE-2009-0322 (drivers/firmware/dell_rbu.c in the Linux kernel before 2.6.27.13, and ...)
-	{DSA-1787-1 DSA-1749-1}
+	{DSA-1794-1 DSA-1787-1 DSA-1749-1}
 	- linux-2.6 2.6.29-1 (low)
 	- linux-2.6.24 <removed>
 CVE-2009-0321 (Apple Safari 3.2.1 (aka AppVer 3.525.27.1) on Windows allows remote ...)
@@ -5570,7 +5572,7 @@
 CVE-2009-0066 (Multiple unspecified vulnerabilities in Intel system software for ...)
 	TODO: will be presented at Black Hat
 CVE-2009-0065 (Buffer overflow in net/sctp/sm_statefuns.c in the Stream Control ...)
-	{DSA-1787-1 DSA-1749-1}
+	{DSA-1794-1 DSA-1787-1 DSA-1749-1}
 	- linux-2.6 2.6.29-1
 	- linux-2.6.24 <removed>
 CVE-2009-0064 (Multiple unspecified vulnerabilities in the Control Center in Symantec ...)
@@ -5962,6 +5964,7 @@
 	- kvm 82-1 (low; bug #509997)
 	[lenny] - kvm <no-dsa> (Minor issue)
 CVE-2008-5713 (The __qdisc_run function in net/sched/sch_generic.c in the Linux ...)
+	{DSA-1794-1}
 	- linux-2.6 2.6.25-1
 	- linux-2.6.24 <removed>
 CVE-2008-5712 (The HTML parser in KDE Konqueror 3.5.9 allows remote attackers to ...)
@@ -5986,11 +5989,11 @@
 	[etch] - gpsdrive <no-dsa> (Minor issue)
 	[lenny] - gpsdrive 2.10~pre4-6.dfsg-1+lenny1
 CVE-2008-5702 (Buffer underflow in the ibwdt_ioctl function in ...)
-	{DSA-1787-1}
+	{DSA-1794-1 DSA-1787-1}
 	- linux-2.6 2.6.26-13
 	- linux-2.6.24 <removed>
 CVE-2008-5701 (Array index error in arch/mips/kernel/scall64-o32.S in the Linux ...)
-	{DSA-1787-1}
+	{DSA-1794-1 DSA-1787-1}
 	- linux-2.6 2.6.26-13
 	- linux-2.6.24 <removed>
 CVE-2008-5700 (libata in the Linux kernel before 2.6.27.9 does not set minimum ...)
@@ -6253,17 +6256,17 @@
 CVE-2009-0032 (CUPS on Mandriva Linux 2008.0, 2008.1, 2009.0, Corporate Server (CS) ...)
 	NOT-FOR-US: issue affects pdfdistiller
 CVE-2009-0031 (Memory leak in the keyctl_join_session_keyring function ...)
-	{DSA-1787-1 DSA-1749-1}
+	{DSA-1794-1 DSA-1787-1 DSA-1749-1}
 	- linux-2.6 2.6.29-1 (low)
 	- linux-2.6.24 <removed>
 CVE-2009-0030 (A certain Red Hat patch for SquirrelMail 1.4.8 sets the same SQMSESSID ...)
 	- squirrelmail <not-affected> (RedHat-specific regression)
 CVE-2009-0029 (The ABI in the Linux kernel 2.6.28 and earlier on s390, powerpc, ...)
-	{DSA-1787-1 DSA-1749-1}
+	{DSA-1794-1 DSA-1787-1 DSA-1749-1}
 	- linux-2.6 <unfixed> (medium)
 	- linux-2.6.24 <removed>
 CVE-2009-0028 (The clone system call in the Linux kernel 2.6.28 and earlier allows ...)
-	{DSA-1787-1}
+	{DSA-1794-1 DSA-1787-1}
 	- linux-2.6 2.6.29-1
 	- linux-2.6.24 <removed>
 CVE-2009-0027 (The request handler in JBossWS in JBoss Enterprise Application ...)
@@ -6805,7 +6808,7 @@
 	{DSA-1699-1}
 	- zaptel 1:1.4.11~dfsg-3
 CVE-2008-5395 (The parisc_show_stack function in arch/parisc/kernel/traps.c in the ...)
-	{DSA-1787-1}
+	{DSA-1794-1 DSA-1787-1}
 	- linux-2.6 2.6.26-13
 	- linux-2.6.24 <removed>
 CVE-2008-5393 (UPR-Kernel in Ubuntu Privacy Remix (UPR) before 8.04_r1 includes ...)
@@ -9508,7 +9511,7 @@
 CVE-2008-4308 (The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 ...)
 	- tomcat5.5 5.5.23-1 (low)
 CVE-2008-4307 (Race condition in the do_setlk function in fs/nfs/file.c in the Linux ...)
-	{DSA-1787-1}
+	{DSA-1794-1 DSA-1787-1}
 	- linux-2.6 2.6.26-1
 	- linux-2.6.24 <removed>
 CVE-2008-4306 (Buffer overflow in enscript before 1.6.4 has unknown impact and attack ...)

More information about the Secure-testing-commits mailing list