[Secure-testing-commits] r15832 - data/CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Wed Jan 12 18:14:56 UTC 2011 

Author: jmm
Date: 2011-01-12 18:14:49 +0000 (Wed, 12 Jan 2011)
New Revision: 15832

Modified:
   data/CVE/list
Log:
update glibc fixed
xen fixed
-30 kernel package uploaded


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2011-01-11 21:16:08 UTC (rev 15831)
+++ data/CVE/list	2011-01-12 18:14:49 UTC (rev 15832)
@@ -1940,7 +1940,7 @@
 	- linux-2.6 <unfixed>
 CVE-2010-4255 [linux: Xen direct pv guest access crash]
 	RESERVED
-	- xen <unfixed> (bug #609531)
+	- xen 4.0.1-2 (bug #609531)
 CVE-2010-4254 (Mono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10 is ...)
 	- moon <not-affected> (Debian's version of Moonlight is not affected, see #608288)
 CVE-2010-4253
@@ -1955,7 +1955,7 @@
 	RESERVED
 	- linux-2.6 <unfixed>
 CVE-2010-4249 (The wait_for_unix_gc function in net/unix/garbage.c in the Linux ...)
-	- linux-2.6 <unfixed>
+	- linux-2.6 2.6.32-30
 CVE-2010-4248 (Race condition in the __exit_signal function in kernel/exit.c in the ...)
 	- linux-2.6 2.6.32-29 
 CVE-2010-4247 (The do_block_io_op function in (1) drivers/xen/blkback/blkback.c and ...)
@@ -1970,7 +1970,7 @@
 	RESERVED
 CVE-2010-4243 [linux: mem allocated invisible to oom_kill() when not attached to any threads]
 	RESERVED
-	- linux-2.6 <unfixed>
+	- linux-2.6 2.6.32-30
 CVE-2010-4242 (The hci_uart_tty_open function in the HCI UART driver ...)
 	- linux-2.6 2.6.32-28 
 CVE-2010-4241
@@ -2923,10 +2923,11 @@
 	- linux-2.6 2.6.32-28
 CVE-2010-3847 (elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6) ...)
 	{DSA-2122-2 DSA-2122-1}
-	- eglibc 2.11.2-7 (bug #600667)
+	- eglibc 2.11.2-8 (bug #600667)
 	- glibc <removed>
 	[squeeze] - eglibc 2.11.2-6+squeeze1
 	NOTE: http://sourceware.org/ml/libc-hacker/2010-10/msg00007.html
+	NOTE: Initial -7 fix was incomplete
 CVE-2010-3846 (Array index error in the apply_rcs_change function in rcs.c in CVS ...)
 	- cvs <not-affected> (vulnerable code not present)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-3852

More information about the Secure-testing-commits mailing list