[Secure-testing-commits] r22102 - data/CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Tue Apr 30 12:31:50 UTC 2013 

Author: jmm
Date: 2013-04-30 12:31:50 +0000 (Tue, 30 Apr 2013)
New Revision: 22102

Modified:
   data/CVE/list
Log:
kernel updates


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2013-04-30 11:49:25 UTC (rev 22101)
+++ data/CVE/list	2013-04-30 12:31:50 UTC (rev 22102)
@@ -69,9 +69,10 @@
 	- linux <unfixed>
 	NOTE: https://git.kernel.org/linus/ea702b80e0bbb2448e201472127288beb82ca2fe
 CVE-2013-3301 (The ftrace implementation in the Linux kernel before 3.8.8 allows ...)
-	- linux-2.6 <removed>
-	- linux <unfixed>
+	- linux-2.6 <removed> (low)
+	- linux <unfixed> (low)
 	NOTE: https://git.kernel.org/linus/6a76f8c0ab19f215af2a3442870eeb5f0e81998d
+	NOTE: Not enabled in default kernels
 CVE-2013-3269 (Cross-site request forgery (CSRF) vulnerability in Cybozu Office ...)
 	NOT-FOR-US: Cybozu Office
 CVE-2013-3268 (Novell iManager 2.7 before SP6 Patch 1 does not refresh a token after ...)
@@ -180,22 +181,21 @@
 	- linux-2.6 <not-affected> (net/caif/caif_socket.c introduced in v2.6.35)
 	- linux <unfixed>
 CVE-2013-3226 (The sco_sock_recvmsg function in net/bluetooth/sco.c in the Linux ...)
-	- linux-2.6 <undetermined>
-	- linux <undetermined>
-	NOTE: sco_sock_recvmsg only introduced with v3.8; please double check
-	TODO: check
+	- linux-2.6 <not-affected> (Vulnerable code not yet present)
+	- linux <not-affected> (Vulnerable code not yet present)
+	NOTE: sco_sock_recvmsg only introduced with v3.8, bt_sock_recvmsg has its own CVE ID
 CVE-2013-3225 (The rfcomm_sock_recvmsg function in net/bluetooth/rfcomm/sock.c in the ...)
-	- linux-2.6 <removed>
-	- linux <unfixed>
+	- linux-2.6 <removed> (low)
+	- linux <unfixed> (low)
 CVE-2013-3224 (The bt_sock_recvmsg function in net/bluetooth/af_bluetooth.c in the ...)
-	- linux-2.6 <removed>
-	- linux <unfixed>
+	- linux-2.6 <removed> (low)
+	- linux <unfixed> (low)
 CVE-2013-3223 (The ax25_recvmsg function in net/ax25/af_ax25.c in the Linux kernel ...)
-	- linux-2.6 <removed>
-	- linux <unfixed>
+	- linux-2.6 <removed> (low)
+	- linux <unfixed> (low)
 CVE-2013-3222 (The vcc_recvmsg function in net/atm/common.c in the Linux kernel ...)
-	- linux-2.6 <removed>
-	- linux <unfixed>
+	- linux-2.6 <removed> (low)
+	- linux <unfixed> (low)
 CVE-2013-3221 (The Active Record component in Ruby on Rails 2.3.x, 3.0.x, 3.1.x, and ...)
 	- ruby-activerecord-3.2 <unfixed>
 	- ruby-activerecord-2.3 <unfixed>
@@ -2852,9 +2852,8 @@
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2013-04/msg05254.html
 	TODO: check
 CVE-2013-2015 (The ext4_orphan_del function in fs/ext4/namei.c in the Linux kernel ...)
-	- linux <not-affected>
-	- linux-2.6 <not-affected>
-	TODO: check
+	- linux <unfixed> (low)
+	- linux-2.6 <removed> (low)
 CVE-2013-2014
 	RESERVED
 	- keystone <unfixed>

More information about the Secure-testing-commits mailing list