[Secure-testing-commits] r15690 - data/CVE

Michael Gilbert gilbert-guest at alioth.debian.org
Mon Dec 13 00:02:17 UTC 2010 

Author: gilbert-guest
Date: 2010-12-13 00:02:04 +0000 (Mon, 13 Dec 2010)
New Revision: 15690

Modified:
   data/CVE/list
Log:
kernel-sec sync

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-12-12 23:11:34 UTC (rev 15689)
+++ data/CVE/list	2010-12-13 00:02:04 UTC (rev 15690)
@@ -760,7 +760,7 @@
 	- fontforge 0.0.20100501-4 (bug #605537)
 CVE-2010-4258 [linux failure to revert address limit override in OOPS error path]
 	RESERVED
-	- linux-2.6 <unfixed>
+	- linux-2.6 2.6.32-29
 CVE-2010-4257 (SQL injection vulnerability in the do_trackbacks function in ...)
 	NOTE: http://core.trac.wordpress.org/changeset/16625
 	- wordpress 3.0.2-1 (bug #605603)
@@ -787,7 +787,7 @@
 CVE-2010-4249 (The wait_for_unix_gc function in net/unix/garbage.c in the Linux ...)
 	- linux-2.6 <unfixed>
 CVE-2010-4248 (Race condition in the __exit_signal function in kernel/exit.c in the ...)
-	- linux-2.6 <unfixed>
+	- linux-2.6 2.6.32-29 
 CVE-2010-4247 [linux xen: request-processing loop is unbounded in blkback]
 	RESERVED
 	- linux-2.6 <unfixed>
@@ -804,7 +804,7 @@
 	- linux-2.6 <unfixed>
 CVE-2010-4242 [linux: missing tty ops write function presence check in hci_uart_tty_open()]
 	RESERVED
-	- linux-2.6 <unfixed>
+	- linux-2.6 2.6.32-28 
 CVE-2010-4241
 	RESERVED
 	NOT-FOR-US: TikiWiki
@@ -976,7 +976,7 @@
 	- dracut <not-affected> (vulnerable script not shipped)
 CVE-2010-4175 [linux: integer overflow in RDS]
 	RESERVED
-	- linux-2.6 <unfixed>
+	- linux-2.6 2.6.32-28 
 CVE-2010-4174
 	RESERVED
 CVE-2010-4173 (The default configuration of libsdp.conf in libsdp 1.1.104 and earlier ...)
@@ -1011,8 +1011,7 @@
 	- linux-2.6 2.6.32-29
 CVE-2010-4161 [linux deadlock]
 	RESERVED
-	- linux-2.6 <undetermined>
-	TODO: check
+	- linux-2.6 2.6.28-1 
 	NOTE: https://bugzilla.redhat.com/CVE-2010-4161
 CVE-2010-4159 (Untrusted search path vulnerability in metadata/loader.c in Mono 2.8 ...)
 	- mono <unfixed> (bug #605097)
@@ -1046,10 +1045,10 @@
 	- linux-2.6 <unfixed> (low)
 CVE-2010-4158
 	RESERVED
-	- linux-2.6 <unfixed> (low)
+	- linux-2.6 2.6.32-29 (low)
 CVE-2010-4157
 	RESERVED
-	- linux-2.6 <unfixed> (low)
+	- linux-2.6 2.6.32-28 (low)
 CVE-2010-4149 (Directory traversal vulnerability in FreshWebMaster Fresh FTP 5.36, ...)
 	NOT-FOR-US: FreshWebMaster Fresh FTP
 CVE-2010-4148 (Directory traversal vulnerability in AnyConnect 1.2.3.0, and possibly ...)
@@ -1187,7 +1186,7 @@
 	NOT-FOR-US: Adobe Shockwave Player
 CVE-2010-4083 (The copy_semid_to_user function in ipc/sem.c in the Linux kernel ...)
 	{DSA-2126-1}
-	- linux-2.6 <unfixed> (low)
+	- linux-2.6 2.6.32-29 (low)
 CVE-2010-4082 (The viafb_ioctl_get_viafb_info function in drivers/video/via/ioctl.c ...)
 	- linux-2.6 2.6.32-24 (low)
 	[lenny] - linux-2.6 <not-affected> (Vulnerable code not present)
@@ -1199,7 +1198,7 @@
 	- linux-2.6 2.6.32-27 (low)
 CVE-2010-4079 (The ivtvfb_ioctl function in drivers/media/video/ivtv/ivtvfb.c in the ...)
 	{DSA-2126-1}
-	- linux-2.6 <unfixed> (low)
+	- linux-2.6 2.6.32-29 (low)
 CVE-2010-4078 (The sisfb_ioctl function in drivers/video/sis/sis_main.c in the Linux ...)
 	{DSA-2126-1}
 	- linux-2.6 2.6.32-24 (low)
@@ -1214,10 +1213,10 @@
 	- linux-2.6 2.6.32-24 (low)
 CVE-2010-4073 (The ipc subsystem in the Linux kernel before 2.6.37-rc1 does not ...)
 	{DSA-2126-1}
-	- linux-2.6 <unfixed> (low)
+	- linux-2.6 2.6.32-29 (low)
 CVE-2010-4072 (The copy_shmid_to_user function in ipc/shm.c in the Linux kernel ...)
 	{DSA-2126-1}
-	- linux-2.6 <unfixed> (low)
+	- linux-2.6 2.6.32-29 (low)
 CVE-2010-4071
 	RESERVED
 	- otrs2 2.4.9+dfsg1-1
@@ -1728,6 +1727,7 @@
 CVE-2010-3859
 	RESERVED
 	{DSA-2126-1}
+	- linux-2.6 2.6.32-27
 CVE-2010-3858 (The setup_arg_pages function in fs/exec.c in the Linux kernel before ...)
 	{DSA-2126-1}
 	- linux-2.6 2.6.32-27
@@ -4273,7 +4273,9 @@
 	{DSA-2100-1}
 	- openssl 0.9.8o-2 (low; bug #594415)
 CVE-2010-2938 (arch/x86/hvm/vmx/vmcs.c in the virtual-machine control structure ...)
-	- linux-2.6 <unfixed>
+	- linux-2.6 <not-affected> (affected code not present in any of the released kernels; only affects xen package itself)
+	- xen 4.0.1-1
+	NOTE: probably fixed well before this version, but this is the one i checked and its fixed
 CVE-2010-2937 (The ReadMetaFromId3v2 function in taglib.cpp in the TagLib plugin in ...)
 	- vlc 1.1.3-1
 CVE-2010-2936 (Integer overflow in simpress.bin in the Impress module in ...)

More information about the Secure-testing-commits mailing list