[Secure-testing-commits] r17172 - data/CVE

Michael Gilbert gilbert-guest at alioth.debian.org
Mon Sep 5 19:54:45 UTC 2011 

Author: gilbert-guest
Date: 2011-09-05 19:54:45 +0000 (Mon, 05 Sep 2011)
New Revision: 17172

Modified:
   data/CVE/list
Log:
kernel-sec sync

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2011-09-05 09:14:19 UTC (rev 17171)
+++ data/CVE/list	2011-09-05 19:54:45 UTC (rev 17172)
@@ -1088,6 +1088,7 @@
 CVE-2011-2898
 	RESERVED
 	- linux-2.6 3.0.0-1
+	[lenny] - linux-2.6 <not-affected> (introduced in 2.6.27)
 CVE-2011-2897
 	RESERVED
 CVE-2011-2896 (The LZW decompressor in the LWZReadByte function in giftoppm.c in the ...)
@@ -1648,6 +1649,8 @@
 	- libpng 1.2.46-1 (high; bug #633871)
 CVE-2011-2689 (The gfs2_fallocate function in fs/gfs2/file.c in the Linux kernel ...)
 	- linux-2.6 3.0.0-1
+	[squeeze] - linux-2.6 <not-affected> (gfs didn't have fallocate support until 2.6.37)
+	[lenny] - linux-2.6 <not-affected> (gfs didn't have fallocate support until 2.6.37)
 CVE-2011-2688 (SQL injection vulnerability in mysql/mysql-auth.pl in the ...)
 	{DSA-2279-1}
 	- libapache2-mod-authnz-external 3.2.4-2.1 (medium; bug #633637)
@@ -2152,6 +2155,8 @@
 CVE-2011-2498
 	RESERVED
 	- linux-2.6 2.6.39-1 (low)
+	[squeeze] - linux-2.6 <not-affected> (introduced in 2.6.36)
+	[lenny] - linux-2.6 <not-affected> (introduced in 2.6.36)
 CVE-2011-2497 (Integer underflow in the l2cap_config_req function in ...)
 	- linux-2.6 2.6.39-3
 CVE-2011-2496
@@ -2166,6 +2171,8 @@
 CVE-2011-2493
 	RESERVED
 	- linux-2.6 2.6.39-1 (low)
+	[squeeze] - linux-2.6 <not-affected> (sbi->s_err-report didn't exist yet)
+	[lenny] - linux-2.6 <not-affected> (sbi->s_err-report didn't exist yet)
 CVE-2011-2492 (The bluetooth subsystem in the Linux kernel before 3.0-rc4 does not ...)
 	- linux-2.6 3.0.0-1 (low)
 CVE-2011-2491
@@ -3011,6 +3018,7 @@
 	RESERVED
 	{DSA-2264-1}
 	- linux-2.6 2.6.39-2
+	[squeeze] - linux-2.6 2.6.32-35
 CVE-2011-2179 (Multiple cross-site scripting (XSS) vulnerabilities in config.c in ...)
 	- nagios3 3.2.3-3 (bug #629127)
 	[lenny] - nagios3 <not-affected> (Affected feature got introduced in 3.2.2)
@@ -4115,6 +4123,8 @@
 CVE-2011-1768
 	RESERVED
 	{DSA-2264-1}
+	- linux-2.6 2.6.34-1
+	[squeeze] - linux-2.6 2.6.32-35
 CVE-2011-1767
 	RESERVED
 	{DSA-2264-1 DSA-2240-1}
@@ -4177,7 +4187,7 @@
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=697975
 CVE-2011-1748 (The raw_release function in net/can/raw.c in the Linux kernel before ...)
 	{DSA-2264-1 DSA-2240-1}
-	- linux-2.6 <unfixed>
+	- linux-2.6 2.6.39-1 
 CVE-2011-1747 (The agp subsystem in the Linux kernel 2.6.38.5 and earlier does not ...)
 	- linux-2.6 <unfixed> (low)
 CVE-2011-1746 (Multiple integer overflows in the (1) agp_allocate_memory and (2) ...)
@@ -4585,6 +4595,7 @@
 CVE-2011-1577 (Heap-based buffer overflow in the is_gpt_valid function in ...)
 	{DSA-2264-1}
 	- linux-2.6 2.6.39-3 (low)
+	[squeeze] - linux-2.6 2.6.32-35
 CVE-2011-1576
 	RESERVED
 CVE-2011-1575 (The STARTTLS implementation in ftp_parser.c in Pure-FTPd before 1.0.30 ...)

More information about the Secure-testing-commits mailing list