[Secure-testing-commits] r13195 - in data: . CVE

Michael Gilbert gilbert-guest at alioth.debian.org
Wed Nov 4 21:16:30 UTC 2009 

Author: gilbert-guest
Date: 2009-11-04 21:16:30 +0000 (Wed, 04 Nov 2009)
New Revision: 13195

Modified:
   data/CVE/list
   data/embedded-code-copies
Log:
some fixed kernel issues and more xulrunner embeds

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-11-04 21:16:19 UTC (rev 13194)
+++ data/CVE/list	2009-11-04 21:16:30 UTC (rev 13195)
@@ -2845,7 +2845,7 @@
 	[lenny] - systemtap <not-affected> (Affected functionality only added in 1.0)
 CVE-2009-2910 (arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.31.4 on the ...)
 	{DSA-1915-1}
-	- linux-2.6 <unfixed> (medium)
+	- linux-2.6 2.6.31-1 (medium)
 	- linux-2.6.24 <unfixed> (medium)
 CVE-2009-2909 (Integer signedness error in the ax25_setsockopt function in ...)
 	{DSA-1915-1}
@@ -2853,7 +2853,7 @@
 	- linux-2.6.24 <removed> (medium)
 CVE-2009-2908 (The d_delete function in fs/ecryptfs/inode.c in eCryptfs in the Linux ...)
 	{DSA-1915-1}
-	- linux-2.6 <unfixed> (medium)
+	- linux-2.6 2.6.31-1 (medium)
 	[etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.19)
 	- linux-2.6.24 <removed> (medium)
 CVE-2009-2907
@@ -15871,6 +15871,8 @@
 	NOTE: http://sam.zoy.org/blog/2007-01-16-exposing-file-parsing-vulnerabilities
 CVE-2008-4609 (The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, ...)
 	- linux-2.6 <unfixed> (low)
+	[etch] - linux-2.6 <no-dsa> (no upstream fix available)
+	[lenny] - linux-2.6 <no-dsa> (no upstream fix available)
 	- linux-2.6.24 <removed> (low)
 	NOTE: lots of speculation, nothing very definitive (but fixed recently my microsoft)
 CVE-2008-4608

Modified: data/embedded-code-copies
===================================================================
--- data/embedded-code-copies	2009-11-04 21:16:19 UTC (rev 13194)
+++ data/embedded-code-copies	2009-11-04 21:16:30 UTC (rev 13195)
@@ -917,13 +917,27 @@
 
 libvorbis
 	- iceweasel <not-affected> (uses xulrunner)
-	- xulrunner <not-affected> (introduced in 1.9.1)
-	TODO: recheck when xulrunner 1.9.1 enters unstable [- xulrunner <unfixed> (embed; bug #540959)]
+	- xulrunner <unfixed> (embed; bug #540949)
+	[etch] - xulrunner <not-affected> (introduced in firefox 3.5)
+	[lenny] - xulrunner <not-affected> (introduced in firefox 3.5)
 
 cairo
 	- iceweasel <not-affected> (uses xulrunner)
 	- xulrunner 1.8.0.15~pre080614i-0etch1 (embed)
 
+liboggz
+	- iceweasel <not-affected> (uses xulrunner)
+	- xulrunner <unfixed> (embed; bug #540949)
+	[etch] - xulrunner <not-affected> (introduced in firefox 3.5)
+	[lenny] - xulrunner <not-affected> (introduced in firefox 3.5)
+
+
+liboggplay
+	- iceweasel <not-affected> (uses xulrunner)
+	- xulrunner <unfixed> (embed; bug #540949)
+	[etch] - xulrunner <not-affected> (introduced in firefox 3.5)
+	[lenny] - xulrunner <not-affected> (introduced in firefox 3.5)
+
 php-net-dnsbl
 	- serendipity <unfixed> (embed)

More information about the Secure-testing-commits mailing list