[Secure-testing-commits] r14166 - data/CVE

Joey Hess joeyh at alioth.debian.org
Mon Mar 1 09:14:32 UTC 2010 

Author: joeyh
Date: 2010-03-01 09:14:28 +0000 (Mon, 01 Mar 2010)
New Revision: 14166

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-03-01 03:54:32 UTC (rev 14165)
+++ data/CVE/list	2010-03-01 09:14:28 UTC (rev 14166)
@@ -423,7 +423,7 @@
 	[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.28)
 	- linux-2.6.24 <not-affected> (vulnerable code introduced in 2.6.28)
 CVE-2010-0622 (The wake_futex_pi function in kernel/futex.c in the Linux kernel ...)
-	{DSA-2003-1}
+	{DSA-2004-1 DSA-2003-1}
 	- linux-2.6 2.6.32-9 
 	- linux-2.6.24 <removed>
 CVE-2010-0564 (Buffer overflow in Trend Micro URL Filtering Engine (TMUFE) in ...)
@@ -533,6 +533,7 @@
 CVE-2010-0548 (Multiple unspecified vulnerabilities in the Network Controller and Web ...)
 	NOT-FOR-US: Xerox WorkCentre
 CVE-2010-0547 (client/mount.cifs.c in mount.cifs in smbfs in Samba 3.4.5 and earlier ...)
+	{DSA-2004-1}
 	- samba 2:3.4.5~dfsg-2 (bug #568942; medium)
 CVE-2010-0546
 	RESERVED
@@ -822,7 +823,7 @@
 CVE-2010-0416 (Buffer overflow in the Unescape function in common/util/hxurl.cpp and ...)
 	TODO: check
 CVE-2010-0415 (The do_pages_move function in mm/migrate.c in the Linux kernel before ...)
-	{DSA-2003-1 DSA-1996-1}
+	{DSA-2004-1 DSA-2003-1 DSA-1996-1}
 	- linux-2.6 2.6.32-8
 	- linux-2.6.24 <removed>
 CVE-2010-0414 (gnome-screensaver before 2.28.2 allows physically proximate attackers ...)
@@ -839,7 +840,7 @@
 	[etch] - systemtap <no-dsa> (Minor issue)
 	NOTE: http://sourceware.org/bugzilla/show_bug.cgi?id=11234 and RH
 CVE-2010-0410 (drivers/connector/connector.c in the Linux kernel before 2.6.32.8 ...)
-	{DSA-2003-1 DSA-1996-1}
+	{DSA-2004-1 DSA-2003-1 DSA-1996-1}
 	- linux-2.6 2.6.32-8 
 	- linux-2.6.24 <removed>
 	NOTE: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=f98bfbd78c37c5946cc53089da32a5f741efdeb7
@@ -1276,7 +1277,7 @@
 	{DSA-1992-1}
 	- chrony 1.23-7 (medium)
 CVE-2010-0291 (The Linux kernel before 2.6.32.4 allows local users to gain privileges ...)
-	{DSA-1996-1}
+	{DSA-2004-1 DSA-1996-1}
 	- linux-2.6 2.6.32-6
 CVE-2010-0290 (Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before ...)
 	- bind9 <unfixed>
@@ -1857,7 +1858,7 @@
 CVE-2010-0096
 	RESERVED
 CVE-2009-4538 (drivers/net/e1000e/netdev.c in the e1000e driver in the Linux kernel ...)
-	{DSA-1996-1}
+	{DSA-2004-1 DSA-1996-1}
 	- linux-2.6 2.6.32-6 (low; bug #564114)
 	[etch] - linux-2.6 <not-affected> (does not have e1000e driver)
 	- linux-2.6.24 <removed> (low)
@@ -1866,7 +1867,7 @@
 	- linux-2.6 <unfixed> (medium; bug #564110)
 	- linux-2.6.24 <removed> (medium)
 CVE-2009-4536 (drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel ...)
-	{DSA-2003-1 DSA-1996-1}
+	{DSA-2004-1 DSA-2003-1 DSA-1996-1}
 	- linux-2.6 2.6.32-6 (low; bug #564114)
 	- linux-2.6.24 <removed> (low)
 CVE-2009-4535 (Mongoose 2.8.0 and earlier allows remote attackers to obtain the ...)
@@ -2577,7 +2578,7 @@
 CVE-2010-0008
 	RESERVED
 CVE-2010-0007 (net/bridge/netfilter/ebtables.c in the ebtables module in the ...)
-	{DSA-2003-1 DSA-1996-1}
+	{DSA-2004-1 DSA-2003-1 DSA-1996-1}
 	- linux-2.6 2.6.32-6
 	- linux-2.6.24 <removed>
 CVE-2010-0006 (The ipv6_hop_jumbo function in net/ipv6/exthdrs.c in the Linux kernel ...)
@@ -2592,7 +2593,7 @@
 	- viewvc <unfixed>
 	TODO: check
 CVE-2010-0003 (The print_fatal_signal function in kernel/signal.c in the Linux kernel ...)
-	{DSA-1996-1}
+	{DSA-2004-1 DSA-1996-1}
 	- linux-2.6 2.6.32-6
 	[etch] - linux-2.6 <not-affected> (does not have print-fatal-signals)
 	- linux-2.6.24 <removed>
@@ -2634,6 +2635,7 @@
 CVE-2009-4309 (Heap-based buffer overflow in the Intel Indeo41 codec for Windows ...)
 	NOT-FOR-US: Microsoft
 CVE-2009-4308 (The ext4_decode_error function in fs/ext4/super.c in the ext4 ...)
+	{DSA-2004-1}
 	- linux-2.6 2.6.32-1 (medium)
 	[etch] - linux-2.6 <not-affected> (ext4 introduced in 2.6.19)
 	[lenny] - linux-2.6 2.6.26-21
@@ -3070,6 +3072,7 @@
 CVE-2009-4139
 	RESERVED
 CVE-2009-4138 (drivers/firewire/ohci.c in the Linux kernel before 2.6.32-git9, when ...)
+	{DSA-2004-1}
 	- linux-2.6 2.6.32-3 (medium)
 	[etch] - linux-2.6 <not-affected> (ohci introduced in 2.6.22)
 	[lenny] - linux-2.6 2.6.26-21
@@ -3401,7 +3404,7 @@
 	NOTE: Only affects installations with trust anchors, but then the
 	NOTE: consequences are quite severe.
 CVE-2009-4020 (Stack-based buffer overflow in the hfs subsystem in the Linux kernel ...)
-	{DSA-2003-1}
+	{DSA-2004-1 DSA-2003-1}
 	- linux-2.6 2.6.32-3 (medium)
 	[lenny] - linux-2.6 2.6.26-21
 	- linux-2.6.24 <removed> (medium)
@@ -3456,7 +3459,7 @@
 CVE-2009-4006 (Stack-based buffer overflow in the TEA decoding algorithm in RhinoSoft ...)
 	NOT-FOR-US: Serv-U FTP server
 CVE-2009-4005 (The collect_rx_frame function in drivers/isdn/hisax/hfc_usb.c in the ...)
-	{DSA-2003-1}
+	{DSA-2004-1 DSA-2003-1}
 	- linux-2.6 2.6.32-1 (low)
 	[lenny] - linux-2.6 2.6.26-21
 	- linux-2.6.24 <removed> (low)
@@ -3581,13 +3584,13 @@
 	NOTE: workarounds include using 5.3.1 or php5-suhosin
 	NOTE: 4B068517.802 at acunetix.com on bugtraq explains it
 CVE-2009-3080 (Array index error in the gdth_read_event function in ...)
-	{DSA-2003-1}
+	{DSA-2004-1 DSA-2003-1}
 	- linux-2.6 2.6.32-1 (medium)
 	[lenny] - linux-2.6 2.6.26-21
 	- linux-2.6.24 <removed> (medium)
 	NOTE: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=690e744869f3262855b83b4fb59199cf142765b0
 CVE-2009-4021 (The fuse_direct_io function in fs/fuse/file.c in the fuse subsystem in ...)
-	{DSA-2003-1}
+	{DSA-2004-1 DSA-2003-1}
 	- linux-2.6 2.6.32-1 (low)
 	[lenny] - linux-2.6 2.6.26-21
 	- linux-2.6.24 <removed> (low)
@@ -3765,6 +3768,7 @@
 	[etch] - wordpress <not-affected> (Vulnerable code not present)
 	[lenny] - wordpress <not-affected> (Vulnerable code not present)
 CVE-2009-3889 (The dbg_lvl file for the megaraid_sas driver in the Linux kernel ...)
+	{DSA-2004-1}
 	- linux-2.6 2.6.27-1 (low)
 	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
 	[lenny] - linux-2.6 2.6.26-21
@@ -4274,7 +4278,7 @@
 	[lenny] - asterisk <no-dsa> (Minor issue)
 	[etch] - asterisk <end-of-life> (Etch Packages no longer covered by security support)
 CVE-2009-3726 (The nfs4_proc_lock function in fs/nfs/nfs4proc.c in the NFSv4 client ...)
-	{DSA-2003-1}
+	{DSA-2004-1 DSA-2003-1}
 	- linux-2.6 2.6.31-1 (medium)
 	[lenny] - linux-2.6 2.6.26-21
 	- linux-2.6.24 <removed> (medium)
@@ -5509,7 +5513,7 @@
 	NOTE: http://mahara.org/interaction/forum/topic.php?id=1169
 CVE-2009-3297 [mount race conditions]
 	RESERVED
-	{DSA-1989-1}
+	{DSA-2004-1 DSA-1989-1}
 	- fuse 2.8.1-1.2 (bug #567633)
 	- samba 2:3.4.5~dfsg-2 (bug #567554)
 	NOTE: https://bugzilla.samba.org/show_bug.cgi?id=6853
@@ -7900,7 +7904,7 @@
 CVE-2009-2696
 	RESERVED
 CVE-2009-2695 (The Linux kernel before 2.6.31-rc7 does not properly prevent mmap ...)
-	{DSA-1915-1}
+	{DSA-2004-1 DSA-1915-1}
 	- linux-2.6 2.6.31-1 (medium)
 	[etch] - linux-2.6 <not-affected> (2.6.18 does not have mmap_min_addr)
 	- linux-2.6.24 <removed> (medium)
@@ -7919,6 +7923,7 @@
 	- linux-2.6 2.6.30-6 (high; bug #541403)
 	- linux-2.6.24 <removed>
 CVE-2009-2691 (The mm_for_maps function in fs/proc/base.c in the Linux kernel ...)
+	{DSA-2004-1}
 	- linux-2.6 2.6.30-7 (low)
 	[lenny] - linux-2.6 2.6.26-21
 	- linux-2.6.24 <removed>

More information about the Secure-testing-commits mailing list