[Secure-testing-commits] r13980 - data/CVE

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Sun Jan 31 11:21:14 UTC 2010 

Author: jmm-guest
Date: 2010-01-31 11:21:13 +0000 (Sun, 31 Jan 2010)
New Revision: 13980

Modified:
   data/CVE/list
Log:
mod-apache-perl fixed
record kernel fixes from latest stable point update
add bugnums


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-01-31 09:14:41 UTC (rev 13979)
+++ data/CVE/list	2010-01-31 11:21:13 UTC (rev 13980)
@@ -1686,6 +1686,7 @@
 CVE-2009-4308 (The ext4_decode_error function in fs/ext4/super.c in the ext4 ...)
 	- linux-2.6 2.6.32-1 (medium)
 	[etch] - linux-2.6 <not-affected> (ext4 introduced in 2.6.19)
+	[lenny] - linux-2.6 2.6.26-21
 	- linux-2.6.24 <removed> (medium)
 CVE-2009-4307 (The ext4_fill_flex_info function in fs/ext4/super.c in the Linux ...)
 	- linux-2.6 2.6.32-2 (low)
@@ -2113,6 +2114,7 @@
 CVE-2009-4138 (drivers/firewire/ohci.c in the Linux kernel before 2.6.32-git9, when ...)
 	- linux-2.6 2.6.32-3 (medium)
 	[etch] - linux-2.6 <not-affected> (ohci introduced in 2.6.22)
+	[lenny] - linux-2.6 2.6.26-21
 	- linux-2.6.24 <removed> (medium)
 CVE-2009-4137 (The loadContentFromCookie function in core/Cookie.php in Piwik before ...)
 	- piwik <itp> (bug #506933)
@@ -2385,6 +2387,7 @@
 CVE-2009-4031 (The do_insn_fetch function in arch/x86/kvm/emulate.c in the x86 ...)
 	{DSA-1962-1}
 	- linux-2.6 2.6.32-3 (low)
+	[lenny] - linux-2.6 2.6.26-21
 	[etch] - linux-2.6 <not-affected> (kvm introduced in 2.6.25)
 	- linux-2.6.24 <not-affected> (kvm introduced in 2.6.25)
 	- kvm <removed> (low; bug #562075)
@@ -2443,6 +2446,7 @@
 	NOTE: consequences are quite severe.
 CVE-2009-4020 (Stack-based buffer overflow in the hfs subsystem in the Linux kernel ...)
 	- linux-2.6 2.6.32-3 (medium)
+	[lenny] - linux-2.6 2.6.26-21
 	- linux-2.6.24 <removed> (medium)
 CVE-2009-4019 (mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not ...)
 	- mysql-dfsg-5.1 5.1.41-1
@@ -2500,6 +2504,7 @@
 	NOT-FOR-US: Serv-U FTP server
 CVE-2009-4005 (The collect_rx_frame function in drivers/isdn/hisax/hfc_usb.c in the ...)
 	- linux-2.6 2.6.32-1 (low)
+	[lenny] - linux-2.6 2.6.26-21
 	- linux-2.6.24 <removed> (low)
 CVE-2009-4003 (Multiple integer overflows in Adobe Shockwave Player before 11.5.6.606 ...)
 	NOT-FOR-US: Adobe Shockwave Player
@@ -2610,10 +2615,12 @@
 	NOTE: 4B068517.802 at acunetix.com on bugtraq explains it
 CVE-2009-3080 (Array index error in the gdth_read_event function in ...)
 	- linux-2.6 2.6.32-1 (medium)
+	[lenny] - linux-2.6 2.6.26-21
 	- linux-2.6.24 <removed> (medium)
 	NOTE: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=690e744869f3262855b83b4fb59199cf142765b0
 CVE-2009-4021 (The fuse_direct_io function in fs/fuse/file.c in the fuse subsystem in ...)
 	- linux-2.6 2.6.32-1 (low)
+	[lenny] - linux-2.6 2.6.26-21
 	- linux-2.6.24 <removed> (low)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=538734
 CVE-2009-3963 (Multiple unspecified vulnerabilities in XOOPS before 2.4.0 Final have ...)
@@ -2796,6 +2803,7 @@
 CVE-2009-3889 (The dbg_lvl file for the megaraid_sas driver in the Linux kernel ...)
 	- linux-2.6 2.6.27-1 (low)
 	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
+	[lenny] - linux-2.6 2.6.26-21
 	- linux-2.6.24 <removed> (low)
 CVE-2009-3888 (The do_mmap_pgoff function in mm/nommu.c in the Linux kernel before ...)
 	- linux-2.6 <unfixed> (unimportant)
@@ -2803,7 +2811,7 @@
 	NOTE: All Debian kernels have MMU support enabled
 CVE-2009-3887 [ytnef path traversal]
 	RESERVED
-	- ytnef <unfixed> (bug filed)
+	- ytnef <unfixed> (bug #567631)
 	[lenny] - ytnef <no-dsa> (Minor issue)
 	NOTE: http://www.ocert.org/advisories/ocert-2009-013.html
 	NOTE: This doesn't affect Evolution, the TNEF plugin is external
@@ -3305,6 +3313,7 @@
 	[etch] - asterisk <no-dsa> (Minor issue)
 CVE-2009-3726 (The nfs4_proc_lock function in fs/nfs/nfs4proc.c in the NFSv4 client ...)
 	- linux-2.6 2.6.31-1 (medium)
+	[lenny] - linux-2.6 2.6.26-21
 	- linux-2.6.24 <removed> (medium)
 CVE-2009-3725 (The connector layer in the Linux kernel before 2.6.31.5 does not ...)
 	- linux-2.6 2.6.31-1 (medium)
@@ -3329,7 +3338,7 @@
 	NOTE: http://git.kernel.org/linus/0a79b009525b160081d75cef5dbf45817956acf2
 CVE-2009-3721 [ytnef buffer overflow]
 	RESERVED
-	- ytnef <unfixed> (bug filed)
+	- ytnef <unfixed> (bug #567631)
 	[lenny] - ytnef <no-dsa> (Minor issue)
 	NOTE: http://www.ocert.org/advisories/ocert-2009-013.html
 	NOTE: This doesn't affect Evolution, the TNEF plugin is external
@@ -4538,7 +4547,7 @@
 	NOTE: http://mahara.org/interaction/forum/topic.php?id=1169
 CVE-2009-3297 [mount race conditions]
 	RESERVED
-	- fuse <unfixed> (bug filed)
+	- fuse <unfixed> (bug #567633)
 	- samba <unfixed> (bug #567554)
 	NOTE: https://bugzilla.samba.org/show_bug.cgi?id=6853
 CVE-2009-3296 (Multiple integer overflows in tiffread.c in CamlImages 2.2 might allow ...)
@@ -6943,6 +6952,7 @@
 	- linux-2.6.24 <removed>
 CVE-2009-2691 (The mm_for_maps function in fs/proc/base.c in the Linux kernel ...)
 	- linux-2.6 2.6.30-7 (low)
+	[lenny] - linux-2.6 2.6.26-21
 	- linux-2.6.24 <removed>
 CVE-2009-2690 (The encoder in Sun Java SE 6 before Update 15, and OpenJDK, grants ...)
 	- sun-java6 6-15-1
@@ -12972,7 +12982,7 @@
 CVE-2009-0797
 	RESERVED
 CVE-2009-0796 (Cross-site scripting (XSS) vulnerability in Status.pm in ...)
-	- libapache2-mod-perl2 <unfixed> (low; bug filed)
+	- libapache2-mod-perl2 2.0.4-6 (low; bug #567635)
 	[lenny] - libapache2-mod-perl2 <no-dsa> (Minor issue)
 	- apache <removed>
 	[etch] - apache <no-dsa> (minor issue)

More information about the Secure-testing-commits mailing list