[Secure-testing-commits] r14612 - data/CVE

[Michael Gilbert]

Author: gilbert-guest
Date: 2010-05-06 03:24:51 +0000 (Thu, 06 May 2010)
New Revision: 14612

Modified:
   data/CVE/list
Log:
kernel updates

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-05-06 01:12:31 UTC (rev 14611)
+++ data/CVE/list	2010-05-06 03:24:51 UTC (rev 14612)
@@ -631,7 +631,7 @@
 CVE-2010-1489 (The XSS Filter in Microsoft Internet Explorer 8 does not properly ...)
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2010-1488 (The proc_oom_score function in fs/proc/base.c in the Linux kernel ...)
-	- linux-2.6 <unfixed>
+	- linux-2.6 2.6.32-12
 	[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.32)
 CVE-2010-1487 (IBM Lotus Notes 7.0, 8.0, and 8.5 stores administrative credentials in ...)
 	NOT-FOR-US: IBM Lotus Notes
@@ -1198,9 +1198,8 @@
 	TODO: check
 	NOTE: http://www.dovecot.org/list/dovecot-news/2010-March/000152.html
 CVE-2010-XXXX [Linux ThinkPad video output status local DoS]
-	- linux-2.6 <unfixed> (bug #565790)
+	- linux-2.6 2.6.32-12 (bug #565790)
 	NOTE: http://git.kernel.org/linus/b525c06cdbd8a3963f0173ccd23f9147d4c384b5
-	TODO: check affected/fixed versions, Moritz?
 CVE-2010-1159 [aircrack-ng EAPOL buffer overflow]
 	RESERVED
 	- aircrack-ng <unfixed> (low; bug #577758)
@@ -1993,9 +1992,7 @@
 CVE-2010-0747 [linux-2.6 drbd connector issue]
 	RESERVED
 	{DSA-2015-1}
-	- linux-2.6 <not-affected> (drbd introduced in 2.6.33, which is not yet in unstable)
-	NOTE: checked 2.6.33-1~experimental.3, and the fix is already applied
-	TODO: fix tracking once kernel >= 2.6.33 enters unstable
+	- linux-2.6 <not-affected> (drbd introduced for the first time in 2.6.32-12, which included the fix for this issue, so no supported debian kernel was ever affected)
 	- drbd8 2:8.3.7-1
 	[lenny] - drbd8 2:8.0.14-2+lenny1
 	NOTE: CVE requested at http://www.openwall.com/lists/oss-security/2010/03/11/9