[Secure-testing-commits] r17782 - in data: . CVE

[Moritz Muehlenhoff]

Author: jmm
Date: 2011-12-13 10:21:45 +0000 (Tue, 13 Dec 2011)
New Revision: 17782

Modified:
   data/CVE/list
   data/spu-candidates.txt
Log:
putty issue just hardening, should be fixed in a point update
rocksndiamonds is contrib, likewise no-dsa
batman-adv has been merged into Linux mainline in 2.6.38
cifs-utils no-dsa


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2011-12-13 06:45:55 UTC (rev 17781)
+++ data/CVE/list	2011-12-13 10:21:45 UTC (rev 17782)
@@ -451,16 +451,21 @@
 	RESERVED
 CVE-2011-4607 [http://seclists.org/oss-sec/2011/q4/500]
 	RESERVED
-	- putty 0.62-1
+	- putty 0.62-1 (unimportant)
+	NOTE: Hardening measure, not a vulnerability
 CVE-2011-4606 [http://seclists.org/oss-sec/2011/q4/497]
 	RESERVED
 	- rocksndiamonds <unfixed> (bug #651620)
-	NOTE: contrib
+	[squeeze] - rocksndiamonds <no-dsa> (Contrib not supported)
+	[lenny] - rocksndiamonds <no-dsa> (Contrib not supported)
 CVE-2011-4605
 	RESERVED
 CVE-2011-4604 [http://seclists.org/oss-sec/2011/q4/496]
 	RESERVED
 	- batmand-adv-kernelland <unfixed>
+	- linux-2.6 <unfixed>
+	[squeeze] - linux-2.6 <not-affected> (Vulnerable code not present)
+	[lenny] - linux-2.6 <not-affected> (Vulnerable code not present)
 CVE-2011-4603
 	RESERVED
 CVE-2011-4602
@@ -5971,6 +5976,7 @@
 CVE-2011-2724 (The check_mtab function in client/mount.cifs.c in mount.cifs in smbfs ...)
 	- samba 2:3.4.7~dfsg-2 (low)
 	- cifs-utils 2:5.1-1 (low)
+	[squeeze] - cifs-utils <no-dsa> (Minor issue)
 	NOTE: cifs-utils was split off from the samba source package with 2:3.4.7~dfsg-2, so marking it as fixed
 	NOTE: http://git.samba.org/?p=cifs-utils.git;a=commit;h=1e7a32924b22d1f786b6f490ce8590656f578f91
 CVE-2011-2723 (The skb_gro_header_slow function in include/linux/netdevice.h in the ...)
@@ -8820,6 +8826,7 @@
 CVE-2011-1678 (smbfs in Samba 3.5.8 and earlier attempts to use (1) mount.cifs to ...)
 	- samba 2:3.4.7~dfsg-2 (low)
 	- cifs-utils 2:5.1-1 (low)
+	[squeeze] - cifs-utils <no-dsa> (Minor issue)
 	NOTE: cifs-utils was split off from the samba source package with 2:3.4.7~dfsg-2, so marking it as fixed
 	NOTE: http://git.samba.org/?p=cifs-utils.git;a=commitdiff;h=f6eae44a3d05b6515a59651e6bed8b6dde689aec
 CVE-2011-1677 (mount in util-linux 2.19 and earlier does not remove the /etc/mtab~ ...)

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt	2011-12-13 06:45:55 UTC (rev 17781)
+++ data/spu-candidates.txt	2011-12-13 10:21:45 UTC (rev 17782)
@@ -120,6 +120,11 @@
 
 --
 
+putty (CVE-2011-4607)
+Fixed in 0.62-1
+
+--
+
 prosody (CVE-2011-2531, CVE-2011-2532)
 Fixed in 0.8.1-1
 
@@ -147,6 +152,11 @@
 
 --
 
+rocksndiamonds (CVE-2011-4606)
+#651620
+
+--
+
 rsyslog (CVE-2011-1488, CVE-2011-1489, CVE-2011-1490)
 http://marc.info/?l=oss-security&m=130194141413125&w=2