[Secure-testing-commits] r16828 - data/CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Tue Jun 21 16:12:40 UTC 2011 

Author: jmm
Date: 2011-06-21 16:12:40 +0000 (Tue, 21 Jun 2011)
New Revision: 16828

Modified:
   data/CVE/list
Log:
- new rampart issue (front desk, please create ticket/file bug)
- one issue was splitt off of CVE-2010-4251 and is now tracked as CVE-2010-4805


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2011-06-21 16:12:07 UTC (rev 16827)
+++ data/CVE/list	2011-06-21 16:12:40 UTC (rev 16828)
@@ -372,7 +372,7 @@
 CVE-2011-2333
 	RESERVED
 CVE-2011-2329 (The rampart_timestamp_token_validate function in ...)
-	TODO: check
+	- rampart <unfixed> 
 CVE-2011-2327
 	RESERVED
 CVE-2011-2326
@@ -642,7 +642,7 @@
 CVE-2011-2166 (script-login in Dovecot 2.0.x before 2.0.13 does not follow the user ...)
 	TODO: check
 CVE-2010-4805 (The socket implementation in net/core/sock.c in the Linux kernel ...)
-	TODO: check
+	- linux-2.6 2.6.34-1
 CVE-2009-5077 (CRE Loaded before 6.2.14 allows remote attackers to bypass ...)
 	TODO: check
 CVE-2009-5076 (CRE Loaded before 6.2.14, and possibly other versions before 6.3.x, ...)
@@ -4530,8 +4530,8 @@
 CVE-2011-0868 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
 	[lenny] - sun-java6 <no-dsa> (non-free not supported)
 	[squeeze] - sun-java6 <no-dsa> (non-free not supported)
-	- sun-java6 <undetermined>
-	- openjdk-6 <undetermined>
+	- sun-java6 6.26-1 (bug #629852)
+	- openjdk-6 <undetermined> (bug #629852)
 CVE-2011-0867 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
 	[lenny] - sun-java6 <no-dsa> (non-free not supported)
 	[squeeze] - sun-java6 <no-dsa> (non-free not supported)
@@ -8207,7 +8207,7 @@
 	- openssl <not-affected> (configured with -DOPENSSL_NO_JPAKE; bug #606902)
 	NOTE: http://www.openssl.org/news/secadv_20101202.txt
 CVE-2010-4251 (The socket implementation in net/core/sock.c in the Linux kernel ...)
-	- linux-2.6 <not-affected> (introduced after 2.6.32; fixed in 2.6.37)
+	- linux-2.6 2.6.35-1
 CVE-2010-4250 [linux inotify memory leak]
 	RESERVED
 	- linux-2.6 2.6.37-1

More information about the Secure-testing-commits mailing list