[Secure-testing-commits] r13221 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Fri Nov 6 09:14:40 UTC 2009
Author: joeyh
Date: 2009-11-06 09:14:39 +0000 (Fri, 06 Nov 2009)
New Revision: 13221
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-11-06 00:54:30 UTC (rev 13220)
+++ data/CVE/list 2009-11-06 09:14:39 UTC (rev 13221)
@@ -615,11 +615,11 @@
[etch] - wordpress <no-dsa> (Minor issue)
NOTE: http://seclists.org/fulldisclosure/2009/Oct/263
CVE-2009-3621 (net/unix/af_unix.c in the Linux kernel 2.6.31.4 and earlier allows ...)
- {DSA-1927-1}
+ {DSA-1929-1 DSA-1928-1 DSA-1927-1}
- linux-2.6 <unfixed> (low)
- linux-2.6.24 <removed> (low)
CVE-2009-3620 (The ATI Rage 128 (aka r128) driver in the Linux kernel before ...)
- {DSA-1927-1}
+ {DSA-1928-1 DSA-1927-1}
- linux-2.6 <unfixed> (medium)
- linux-2.6.24 <removed> (medium)
CVE-2009-3619
@@ -643,12 +643,12 @@
[lenny] - liboping <not-affected> (doesn't have -f option yet)
[etch] - liboping <not-affected> (doesn't have -f option yet)
CVE-2009-3613 (The swiotlb functionality in the r8169 driver in drivers/net/r8169.c ...)
- {DSA-1915-1}
+ {DSA-1928-1 DSA-1915-1}
- linux-2.6 2.6.29-1 (medium)
- linux-2.6.24 <removed>
NOTE: http://www.openwall.com/lists/oss-security/2009/10/15/4
CVE-2009-3612 (The tcf_fill_node function in net/sched/cls_api.c in the netlink ...)
- {DSA-1927-1}
+ {DSA-1929-1 DSA-1928-1 DSA-1927-1}
- linux-2.6 <unfixed> (low)
- linux-2.6.24 <removed> (low)
NOTE: fixed in 2.6.32-rc5
@@ -817,7 +817,7 @@
CVE-2009-3548
RESERVED
CVE-2009-3547 (Multiple race conditions in fs/pipe.c in the Linux kernel before ...)
- {DSA-1927-1}
+ {DSA-1929-1 DSA-1928-1 DSA-1927-1}
- linux-2.6 <unfixed> (high)
- linux-2.6.24 <removed> (high)
NOTE: being exploited in the wild
@@ -1503,7 +1503,7 @@
[lenny] - linux-2.6 <not-affected> (introduced in 2.6.28)
- linux-2.6.24 <not-affected> (introduced in 2.6.28)
CVE-2009-3286 (NFSv4 in the Linux kernel 2.6.18, and possibly other versions, does ...)
- {DSA-1915-1}
+ {DSA-1929-1 DSA-1928-1 DSA-1915-1}
- linux-2.6 2.6.30-1 (low)
- linux-2.6.24 <removed>
CVE-2009-3270 (Microsoft Internet Explorer 7 through 7.0.6000.16711 allows remote ...)
@@ -1585,7 +1585,7 @@
- openoffice.org <not-affected>
NOTE: SUSE says that it is not a dup of CVE-2009-2139 and CVE-2009-2140...
CVE-2009-3238 (The get_random_int function in drivers/char/random.c in the Linux ...)
- {DSA-1927-1}
+ {DSA-1929-1 DSA-1928-1 DSA-1927-1}
- linux-2.6 2.6.30-1 (low)
- linux-2.6.24 <removed> (low)
CVE-2009-3237 (Multiple cross-site scripting (XSS) vulnerabilities in Horde ...)
@@ -1597,7 +1597,7 @@
- dovecot 1:1.2.1-1 (medium; bug #546656)
NOTE: This is a different vulnerability than CVE-2009-2632, it covers a few additional buffer overflows
CVE-2009-3228 (The tc_fill_tclass function in net/sched/sch_api.c in the tc subsystem ...)
- {DSA-1927-1}
+ {DSA-1929-1 DSA-1928-1 DSA-1927-1}
- linux-2.6 2.6.31-1 (low)
- linux-2.6.24 <removed> (low)
CVE-2005-4881 (The netlink subsystem in the Linux kernel 2.4.x before 2.4.37.6 and ...)
@@ -2404,12 +2404,12 @@
CVE-2009-3003 (Microsoft Internet Explorer 6 through 8 allows remote attackers to ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-3002 (The Linux kernel before 2.6.31-rc7 does not initialize certain data ...)
- {DSA-1915-1}
+ {DSA-1929-1 DSA-1928-1 DSA-1915-1}
- linux-2.6 2.6.30-7 (low)
- linux-2.6.24 <removed>
NOTE: minor info leaks
CVE-2009-3001 (The llc_ui_getname function in net/llc/af_llc.c in the Linux kernel ...)
- {DSA-1915-1}
+ {DSA-1929-1 DSA-1928-1 DSA-1915-1}
- linux-2.6 2.6.30-7 (low)
- linux-2.6.24 <removed>
NOTE: minor info leak
@@ -2874,15 +2874,15 @@
- systemtap 1.0-2 (bug #551918)
[lenny] - systemtap <not-affected> (Affected functionality only added in 1.0)
CVE-2009-2910 (arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.31.4 on the ...)
- {DSA-1915-1}
+ {DSA-1928-1 DSA-1915-1}
- linux-2.6 2.6.31-1 (medium)
- linux-2.6.24 <unfixed> (medium)
CVE-2009-2909 (Integer signedness error in the ax25_setsockopt function in ...)
- {DSA-1915-1}
+ {DSA-1929-1 DSA-1928-1 DSA-1915-1}
- linux-2.6 2.6.31-1 (medium)
- linux-2.6.24 <removed> (medium)
CVE-2009-2908 (The d_delete function in fs/ecryptfs/inode.c in eCryptfs in the Linux ...)
- {DSA-1915-1}
+ {DSA-1928-1 DSA-1915-1}
- linux-2.6 2.6.31-1 (medium)
[etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.19)
- linux-2.6.24 <removed> (medium)
@@ -2897,7 +2897,7 @@
CVE-2009-2904 (A certain Red Hat modification to the ChrootDirectory feature in ...)
- openssh <not-affected> (issue with homechroot patch specific to Red Hat)
CVE-2009-2903 (Memory leak in the appletalk subsystem in the Linux kernel 2.4.x ...)
- {DSA-1915-1}
+ {DSA-1928-1 DSA-1915-1}
- linux-2.6 2.6.31-1 (low)
- linux-2.6.24 <removed> (low)
CVE-2009-2902
@@ -3046,22 +3046,22 @@
CVE-2008-7004 (Buffer overflow in Electronic Logbook (ELOG) before 2.7.1 has unknown ...)
NOT-FOR-US: Electronic Logbook
CVE-2009-2849 (The md driver (drivers/md/md.c) in the Linux kernel before 2.6.30.2 ...)
- {DSA-1872-1}
+ {DSA-1928-1 DSA-1872-1}
- linux-2.6 2.6.30-4 (medium)
- linux-2.6.24 <removed>
[lenny] - linux-2.6 2.6.26-19 (medium)
CVE-2009-2848 (The execve function in the Linux kernel, possibly 2.6.30-rc6 and ...)
- {DSA-1872-1}
+ {DSA-1928-1 DSA-1872-1}
- linux-2.6 2.6.31-1 (low)
- linux-2.6.24 <removed>
[lenny] - linux-2.6 2.6.26-19 (low)
CVE-2009-2847 (The do_sigaltstack function in kernel/signal.c in Linux kernel 2.4 ...)
- {DSA-1872-1}
+ {DSA-1928-1 DSA-1872-1}
- linux-2.6 2.6.30-6 (low)
- linux-2.6.24 <removed>
[lenny] - linux-2.6 2.6.26-19 (low)
CVE-2009-2846 (The eisa_eeprom_read function in the parisc isa-eeprom component ...)
- {DSA-1872-1}
+ {DSA-1928-1 DSA-1872-1}
- linux-2.6 2.6.30-6 (low)
- linux-2.6.24 <removed>
[lenny] - linux-2.6 2.6.26-19 (low)
@@ -5976,6 +5976,7 @@
- libcompress-raw-bzip2-perl 2.018-1 (medium; bug #542777)
[lenny] - libcompress-raw-bzip2-perl 2.011-2lenny1
CVE-2009-1883 (The z90crypt_unlocked_ioctl function in the z90crypt driver in the ...)
+ {DSA-1929-1}
- linux-2.6 2.6.19-1 (unimportant)
- linux-2.6.24 <not-affected> (problem was fixed before first upload, 2.6.19)
NOTE: See Solar Designer's posting to oss-security
More information about the Secure-testing-commits
mailing list