[Secure-testing-commits] r16780 - data/CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Mon Jun 6 15:05:33 UTC 2011 

Author: jmm
Date: 2011-06-06 15:05:33 +0000 (Mon, 06 Jun 2011)
New Revision: 16780

Modified:
   data/CVE/list
Log:
new kernel issues
new nfs-utils and glibc issues
NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2011-06-06 04:49:59 UTC (rev 16779)
+++ data/CVE/list	2011-06-06 15:05:33 UTC (rev 16780)
@@ -1,3 +1,10 @@
+CVE-2011-2184 [race condition in KSM]
+	- linux-2.6 <unfixed>
+	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.39)
+	[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.39)
+CVE-2011-2183 [race condition in KSM]
+	- linux-2.6 <unfixed>
+	[lenny] - linux-2.6 <not-affected> (Vulnerable code not present)
 CVE-2011-XXXX [login: tty hijacking possible in "su" via TIOCSTI ioctl]
 	- shadow <unfixed> (bug #628843)
 	NOTE: CVE requested http://www.openwall.com/lists/oss-security/2011/06/02/3
@@ -1139,7 +1146,9 @@
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=698906
 CVE-2011-1749 [nfs-utils: mount.nfs fails to anticipate RLIMIT_FSIZE]
 	RESERVED
-	TODO: check
+	- nfs-utils <unfixed> (low; bug #629420)
+	[squeeze] - nfs-utils <no-dsa> (Minor issue)
+	[lenny] - nfs-utils <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=697975
 CVE-2011-1748 (The raw_release function in net/can/raw.c in the Linux kernel before ...)
 	- linux-2.6 <unfixed>
@@ -1192,9 +1201,9 @@
 CVE-2011-1724 (Unspecified vulnerability in HP Virtual Server Environment before 6.3 ...)
 	NOT-FOR-US: HP Virtual Server Environment
 CVE-2011-1723 (Cross-site scripting (XSS) vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: WEC Discussion Forum
 CVE-2011-1722 (Multiple SQL injection vulnerabilities in WEC Discussion Forum ...)
-	TODO: check
+	NOT-FOR-US: WEC Discussion Forum
 CVE-2011-1721 (Cross-site request forgery (CSRF) vulnerability in ...)
 	NOT-FOR-US: WebJaxe
 CVE-2011-1720 (The SMTP server in Postfix before 2.5.13, 2.6.x before 2.6.10, 2.7.x ...)
@@ -1344,7 +1353,9 @@
 CVE-2011-1660 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
 	NOT-FOR-US: GrapeCity Data Dynamics Reports
 CVE-2011-1659 (Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or ...)
-	TODO: check
+	- eglibc <unfixed>
+	- glibc <removed>
+	NOTE: http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=8126d90480fa
 CVE-2011-1658 (ld.so in the GNU C Library (aka glibc or libc6) 2.13 and earlier ...)
 	TODO: check
 CVE-2011-1657
@@ -1720,7 +1731,6 @@
 	- dtc-xen <unfixed> (bug #611680)
 	[squeeze] - dtc-xen <no-dsa> (minor issue)
 	[lenny] - dtc-xen <no-dsa> (minor issue)
-	TODO: request CVE id
 	NOTE: maintainer claims you shouldn't grant access to the SOAP daemon to a user you do not trust.
 CVE-2011-1517
 	RESERVED

More information about the Secure-testing-commits mailing list