[Secure-testing-commits] r11917 - data/CVE

Michael Gilbert gilbert-guest at alioth.debian.org
Mon May 18 20:10:36 UTC 2009 

Author: gilbert-guest
Date: 2009-05-18 20:10:36 +0000 (Mon, 18 May 2009)
New Revision: 11917

Modified:
   data/CVE/list
Log:
kernel issue triage


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-05-18 18:50:49 UTC (rev 11916)
+++ data/CVE/list	2009-05-18 20:10:36 UTC (rev 11917)
@@ -297,6 +297,9 @@
 	RESERVED
 CVE-2009-1527 (Race condition in the ptrace_attach function in kernel/ptrace.c in the ...)
 	- linux-2.6 <unfixed> (high)
+	[etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.29)
+	[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.29)
+	NOTE: vulnerability introduced in commit d84f4f99, which has only been included in the kernel since 2.6.29
 	NOTE: it has been confirmed that an exploit in the wild is making use of this vulnerability
 CVE-2009-1526 (JBMC Software DirectAdmin before 1.334 allows local users to create or ...)
 	NOT-FOR-US: Directadmin
@@ -738,8 +741,9 @@
 CVE-2009-1363
 	RESERVED
 CVE-2009-1360 (The __inet6_check_established function in net/ipv6/inet6_hashtables.c ...)
-	- linux-2.6 2.6.29-1
+	- linux-2.6 2.6.29-1 (low; bug #529342)
 	[etch] - linux-2.6 <not-affected> (Introduced in 2.6.27)
+	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.27)
 	- linux-2.6.24 <not-affected> (Introduced in 2.6.27)
 CVE-2009-1411 (SQL injection vulnerability in events/inc/events.inc.php in the Events ...)
 	NOT-FOR-US: Seditio CMS
@@ -2964,9 +2968,10 @@
 CVE-2009-0788
 	RESERVED
 CVE-2009-0787 (The ecryptfs_write_metadata_to_contents function in the eCryptfs ...)
-	- linux-2.6 2.6.29-1
+	- linux-2.6 2.6.29-1 (medium; bug #529326)
 	[etch] - linux-2.6 <not-affected> (ecryptfs was merged in 2.6.19)
-	- linux-2.6.24 <not-affected> (Only affects 2.6.28)
+	[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.28)
+	- linux-2.6.24 <not-affected> (vulnerabile code introduced in 2.6.28)
 CVE-2009-0786
 	RESERVED
 CVE-2009-0785
@@ -20508,10 +20513,10 @@
 CVE-2007-6508 (Directory traversal vulnerability in view.php in xeCMS 1.0 allows ...)
 	NOT-FOR-US: xeCMS
 CVE-2007-6514 (Apache HTTP Server, when running on Linux with a document root on a ...)
-	- linux-2.6 <unfixed>
+	- linux-2.6 <unfixed> (low; bug #529318)
 	NOTE: While labeled as an Apache flaw, this needs to be fixed in smbfs
-	NOTE: This is likely already fixed in recent kernels, but we need to pin point
-	NOTE: a fixed version
+	NOTE: This is likely already fixed in recent kernels, but we need to pin point a fixed version
+	NOTE: Low urgency since the worst that can happen is exposure of php (or other script) code that was intended to be kept secret from remote http users
 CVE-2007-XXXX [venkman preinst symlink dos]
 	- venkman 0.9.87.2-1 (bug #456520)
 	[lenny] - venkman <not-affected> (Vulnerable code not present)

More information about the Secure-testing-commits mailing list