[Secure-testing-commits] r12926 - data/CVE

[Moritz Muehlenhoff]

Author: jmm-guest
Date: 2009-10-03 10:49:02 +0000 (Sat, 03 Oct 2009)
New Revision: 12926

Modified:
   data/CVE/list
Log:
kernel updates


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-10-03 10:21:56 UTC (rev 12925)
+++ data/CVE/list	2009-10-03 10:49:02 UTC (rev 12926)
@@ -542,11 +542,10 @@
 CVE-2009-3281
 	RESERVED
 CVE-2009-3280 (Integer signedness error in the find_ie function in ...)
-	- linux-2.6 <unfixed> (medium)
-	- linux-2.6.24 <removed>
+	- linux-2.6 2.6.31-1 (medium)
+	- linux-2.6.24 <not-affected> (vulnerable code not present)
 	[etch] - linux-2.6 <not-affected> (vulnerable code not present)
 	[lenny] - linux-2.6 <not-affected> (vulnerable code not present)
-	[etch] - linux-2.6.24 <not-affected> (vulnerable code not present)
 CVE-2009-3279 (The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 ...)
 	NOT-FOR-US: QNAP TS-239 Pro and TS-639
 CVE-2009-3278 (The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 ...)
@@ -572,7 +571,7 @@
 	- linux-2.6.24 <not-affected> (introduced in 2.6.25)
 	- kvm <unfixed> (high; bug #548975)
 CVE-2009-3288 (The sg_build_indirect function in drivers/scsi/sg.c in Linux kernel ...)
-	- linux-2.6 <unfixed> (medium)
+	- linux-2.6 2.6.31-1 (low)
 	[etch] - linux-2.6 <not-affected> (introduced in 2.6.28)
 	[lenny] - linux-2.6 <not-affected> (introduced in 2.6.28)
 	- linux-2.6.24 <not-affected> (introduced in 2.6.28)
@@ -1315,7 +1314,7 @@
 CVE-2009-3044 (Opera before 10.00 does not properly handle a (1) '\0' character or ...)
 	NOT-FOR-US: Opera
 CVE-2009-3043 (The tty_ldisc_hangup function in drivers/char/tty_ldisc.c in the Linux ...)
-	- linux-2.6 <unfixed> (medium)
+	- linux-2.6 2.6.31-1 (medium)
 	[etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.31)
 	[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.31)
 	- linux-2.6.24 <not-affected> (vulnerable code introduced in 2.6.31)