[Secure-testing-commits] r13859 - data/CVE
Raphael Geissert
geissert at alioth.debian.org
Wed Jan 20 08:16:36 UTC 2010
Author: geissert
Date: 2010-01-20 08:16:35 +0000 (Wed, 20 Jan 2010)
New Revision: 13859
Modified:
data/CVE/list
Log:
two new kernel issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-01-20 01:40:49 UTC (rev 13858)
+++ data/CVE/list 2010-01-20 08:16:35 UTC (rev 13859)
@@ -1585,8 +1585,13 @@
RESERVED
CVE-2009-4273
RESERVED
-CVE-2009-4272
+CVE-2009-4272 [linux deadlock or null pointer dereference via routing hash table's emergency route flush]
RESERVED
+ - linux-2.6 <unfixed> (medium)
+ [lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.27)
+ [etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.27)
+ - linux-2.6.24 <not-affected> (vulnerable code introduced in 2.6.27)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=545411
CVE-2009-4271
RESERVED
CVE-2009-4270 (Stack-based buffer overflow in the errprintf function in base/gsmisc.c ...)
@@ -3703,8 +3708,11 @@
CVE-2009-3557 (The tempnam function in ext/standard/file.c in PHP before 5.2.12 and ...)
- php5 5.2.12.dfsg.1-1 (unimportant)
NOTE: safe_mode bypass
-CVE-2009-3556
+CVE-2009-3556 [world-writable vport_(create|delete) in the qla2xxx driver]
RESERVED
+ TODO: check
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-3556
+ NOTE: said to be RH-specific
CVE-2009-3555 (The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as ...)
{DSA-1934-1}
NOTE: See separate CVE-2009-3555 file in SVN
More information about the Secure-testing-commits
mailing list