[Secure-testing-commits] r18876 - data/CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Sun Apr 8 09:12:57 UTC 2012


Author: jmm
Date: 2012-04-08 09:12:54 +0000 (Sun, 08 Apr 2012)
New Revision: 18876

Modified:
   data/CVE/list
Log:
tremulous no-dsa
kernel updates


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-04-08 08:46:07 UTC (rev 18875)
+++ data/CVE/list	2012-04-08 09:12:54 UTC (rev 18876)
@@ -770,7 +770,7 @@
 CVE-2012-1837 (The (1) webreports, (2) post/create-role, and (3) post/update-role ...)
 	NOT-FOR-US: Tivoli
 CVE-2012-1836 (Heap-based buffer overflow in dns.cpp in InspIRCd 2.0.5 might allow ...)
-	- inspircd 2.0.5-0.1
+	- inspircd 2.0.5-0.1 (bug #667914)
 CVE-2012-1835
 	RESERVED
 CVE-2012-1834
@@ -5167,6 +5167,7 @@
 	- openarena 0.8.5-6 (medium; bug #665656)
 	- ioquake3 <not-affected> (fixed before upload)
 	- tremulous 1.1.0-8 (bug #665842)
+	[squeeze] - tremulous <no-dsa> (Contrib not supported)
 CVE-2010-5076
 	RESERVED
 CVE-2009-5108
@@ -17144,7 +17145,10 @@
 CVE-2011-1019
 	RESERVED
 	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.32)
-	- linux-2.6 2.6.38-1
+	- linux-2.6 2.6.38-1 (unimportant)
+	NOTE: We won't fix this for Squeeze. This only applies to non-standard setups with fine
+	NOTE: grained security capability models, and an attacker can only load modules from
+	NOTE: /lib/modules, which is only writable with root privs
 CVE-2011-1018 (logwatch.pl in Logwatch 7.3.6 allows remote attackers to execute ...)
 	{DSA-2182-1}
 	- logwatch 7.3.6.cvs20090906-2 (bug #615995)
@@ -18734,8 +18738,8 @@
 CVE-2011-0464 (Unspecified vulnerability in Novell Vibe OnPrem 3.0 before Hot Patch 1 ...)
 	NOT-FOR-US: Novell Vibe OnPrem
 CVE-2011-0463 (The ocfs2_prepare_page_for_write function in fs/ocfs2/aops.c in the ...)
-	- linux-2.6 <unfixed>
-	TODO: check
+	- linux-2.6 2.6.39-1
+	[squeeze] - linux-2.6 2.6.32-34
 CVE-2011-0462 (Multiple cross-site scripting (XSS) vulnerabilities in the login page ...)
 	NOT-FOR-US: openSUSE Build Service
 CVE-2011-0461 (/etc/init.d/boot.localfs in the aaa_base package before 11.2-43.48.1 ...)




More information about the Secure-testing-commits mailing list