[Secure-testing-commits] r15340 - data/CVE

Michael Gilbert gilbert-guest at alioth.debian.org
Fri Sep 17 01:15:48 UTC 2010 

Author: gilbert-guest
Date: 2010-09-17 01:15:36 +0000 (Fri, 17 Sep 2010)
New Revision: 15340

Modified:
   data/CVE/list
Log:
kernel updates

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-09-16 23:58:08 UTC (rev 15339)
+++ data/CVE/list	2010-09-17 01:15:36 UTC (rev 15340)
@@ -211,9 +211,7 @@
 	RESERVED
 CVE-2010-3301 [IA32 System Call Entry Point Vulnerability]
 	RESERVED
-	- linux-2.6 <unfixed>
-	NOTE: see RH's bugzilla
-	TODO: check
+	- linux-2.6 2.6.32-23 
 CVE-2010-3300
 	RESERVED
 CVE-2010-3299 [ruby on rails: padding oracle attack]
@@ -233,8 +231,11 @@
 	RESERVED
 	- linux-2.6 <unfixed>
 	NOTE: see RH's bugzilla
-CVE-2010-3295
+CVE-2010-3295 [drivers/net/tulip/de4x5.c: reading uninitialized stack memory]
 	RESERVED
+	NOTE: assigned to linux-2.6, but claimed not a problem: http://www.openwall.com/lists/oss-security/2010/09/15/2
+	NOTE: will probably get rejected
+	TODO: check
 CVE-2010-3291
 	RESERVED
 CVE-2010-3290
@@ -821,8 +822,6 @@
 CVE-2010-3084 [kernel: niu buffer overflow for ETHTOOL_GRXCLSRLALL]
 	RESERVED
 	- linux-2.6 <unfixed>
-	TODO: check
-	NOTE: see RH's bugzilla
 CVE-2010-3083
 	RESERVED
 CVE-2010-3082 (Cross-site scripting (XSS) vulnerability in Django 1.2.x before 1.2.2 ...)
@@ -830,7 +829,7 @@
 	NOTE: http://www.djangoproject.com/weblog/2010/sep/08/security-release/
 CVE-2010-3081 [64-bit Compatibility Mode Stack Pointer Underflow]
 	RESERVED
-	- linux-2.6 <unfixed> (high)
+	- linux-2.6 2.6.32-23 (high)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-3081
 CVE-2010-3080
 	RESERVED
@@ -1113,7 +1112,7 @@
 CVE-2010-2961 (mountall.c in mountall before 2.15.2 uses 0666 permissions for the ...)
 	TODO: check
 CVE-2010-2960 (The keyctl_session_to_parent function in security/keys/keyctl.c in the ...)
-	- linux-2.6 <unfixed>
+	- linux-2.6 2.6.32-23 
 	[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.32)
 CVE-2010-2959 (Integer overflow in net/can/bcm.c in the Controller Area Network (CAN) ...)
 	{DSA-2094-1}
@@ -1129,7 +1128,7 @@
 	[lenny] - sudo <not-affected> (Only affects 1.7.x)
 	NOTE: http://www.sudo.ws/sudo/alerts/runas_group.html
 CVE-2010-2955 (The cfg80211_wext_giwessid function in net/wireless/wext-compat.c in ...)
-	- linux-2.6 <unfixed>
+	- linux-2.6 2.6.32-23
 CVE-2010-2954 (The irda_bind function in net/irda/af_irda.c in the Linux kernel ...)
 	- linux-2.6 2.6.32-22
 CVE-2010-2953 (Untrusted search path vulnerability in a certain Debian GNU/Linux ...)
@@ -2419,7 +2418,7 @@
 CVE-2010-2493 (The default configuration of the deployment descriptor (aka web.xml) ...)
 	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
 CVE-2010-2492 (Buffer overflow in the ecryptfs_uid_hash macro in ...)
-	- linux-2.6 <unfixed>
+	- linux-2.6 2.6.32-19 
 CVE-2010-2491 [roundup XSS]
 	RESERVED
 	- roundup 1.4.13-3.1 (bug #590769)

More information about the Secure-testing-commits mailing list