[Secure-testing-commits] r25493 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Mon Feb 3 08:19:10 UTC 2014
Author: jmm
Date: 2014-02-03 08:19:10 +0000 (Mon, 03 Feb 2014)
New Revision: 25493
Modified:
data/CVE/list
Log:
x32 issue unimportant
fwsnort oldstable N/A, stable no-dsa
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-02-03 07:30:50 UTC (rev 25492)
+++ data/CVE/list 2014-02-03 08:19:10 UTC (rev 25493)
@@ -4528,15 +4528,16 @@
RESERVED
CVE-2014-0039 [configuration file can be loaded from cwd when run as a non-root user]
RESERVED
- - fwsnort <unfixed> (bug #737495)
+ - fwsnort <unfixed> (low; bug #737495)
+ [wheezy] - fwsnort <no-dsa> (Minor issue)
+ [squeeze] - fwsnort <not-affected> (Vulnerable code not present)
NOTE: https://github.com/mrash/fwsnort/commit/fa977453120cc48e1654f373311f9cac468d3348
CVE-2014-0038 [arbitrary write with CONFIG_X86_X32]
RESERVED
- - linux <unfixed>
+ - linux <unfixed> (unimportant)
- linux-2.6 <not-affected> (Introduced in 3.4+)
NOTE: introduced by http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/net/compat.c?id=ee4fa23c4bfcc635d077a9633d405610de45bc70
- NOTE: "unfixed", but Debian does not enable CONFIG_X86_X32
- TODO: double check
+ NOTE: Debian does not enable CONFIG_X86_X32, see #708070
CVE-2014-0037
RESERVED
NOT-FOR-US: Zarafa Collaboration Platform
@@ -68211,7 +68212,7 @@
NOTE: just like CVE-2009-4536 but was reported later
CVE-2009-4537 (drivers/net/r8169.c in the r8169 driver in the Linux kernel 2.6.32.3 ...)
{DSA-2053-1}
- - linux-2.6 2.6.32-11 (medium; bug #564110)
+ - linux-2.6 2.6.32-11 (medium; bug #564110; bug #591581)
- linux-2.6.24 <removed> (medium)
CVE-2009-4536 (drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel ...)
{DSA-2005-1 DSA-2003-1 DSA-1996-1}
More information about the Secure-testing-commits
mailing list