[Secure-testing-commits] r46447 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Tue Nov 22 13:28:17 UTC 2016
Author: carnil
Date: 2016-11-22 13:28:16 +0000 (Tue, 22 Nov 2016)
New Revision: 46447
Modified:
data/CVE/list
Log:
Mark several item for src:linux-2.6 as removed
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-11-22 13:27:27 UTC (rev 46446)
+++ data/CVE/list 2016-11-22 13:28:16 UTC (rev 46447)
@@ -89931,7 +89931,7 @@
- linux-2.6 <not-affected> (Not exploitable by unprivileged users in 2.6.32)
CVE-2013-4299 (Interpretation conflict in drivers/md/dm-snap-persistent.c in the ...)
{DSA-2906-1}
- - linux-2.6 <unfixed>
+ - linux-2.6 <removed>
- linux 3.11.6-2
[wheezy] - linux 3.2.53-1
NOTE: upstream commit: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e9c6a182649f4259db704ae15a91ac820e63b0ca
@@ -92626,7 +92626,7 @@
- linux 3.8.11-1 (low)
CVE-2013-3234 (The rose_recvmsg function in net/rose/af_rose.c in the Linux kernel ...)
{DSA-2669-1 DSA-2668-1}
- - linux-2.6 <unfixed> (low)
+ - linux-2.6 <removed> (low)
- linux 3.8.11-1 (low)
CVE-2013-3233 (The llcp_sock_recvmsg function in net/nfc/llcp/sock.c in the Linux ...)
- linux-2.6 <not-affected> (net/nfc/llcp/sock.c not present, introduced in 3.3)
@@ -104802,11 +104802,11 @@
[squeeze] - chromium-browser <end-of-life>
CVE-2012-5375 (The CRC32C feature in the Btrfs implementation in the Linux kernel ...)
- linux 3.8-1 (unimportant)
- - linux-2.6 <unfixed> (unimportant)
+ - linux-2.6 <removed> (unimportant)
NOTE: btrfs support in Squeeze/Wheezy is not ready for production use
CVE-2012-5374 (The CRC32C feature in the Btrfs implementation in the Linux kernel ...)
- linux 3.8-1 (unimportant)
- - linux-2.6 <unfixed> (unimportant)
+ - linux-2.6 <removed> (unimportant)
NOTE: btrfs support in Squeeze/Wheezy is not ready for production use
CVE-2012-5373 (Oracle Java SE 7 and earlier, and OpenJDK 7 and earlier, computes hash ...)
- openjdk-6 <removed> (low)
@@ -118685,14 +118685,14 @@
CVE-2011-4917
RESERVED
- linux <unfixed> (unimportant)
- - linux-2.6 <unfixed> (unimportant)
+ - linux-2.6 <removed> (unimportant)
NOTE: Minor info leak, unlikely to be fixed upstream
CVE-2011-4916
RESERVED
CVE-2011-4915
RESERVED
- linux <unfixed> (unimportant)
- - linux-2.6 <unfixed> (unimportant)
+ - linux-2.6 <removed> (unimportant)
NOTE: Minor info leak, unlikely to be fixed upstream
CVE-2011-4914 (The ROSE protocol implementation in the Linux kernel before 2.6.39 ...)
{DSA-2389-1}
@@ -120150,7 +120150,7 @@
CVE-2011-4604 (The bat_socket_read function in net/batman-adv/icmp_socket.c in the ...)
- batmand-adv-kernelland <removed>
[squeeze] - batmand-adv-kernelland <not-affected> (Vulnerable code not present)
- - linux-2.6 <unfixed>
+ - linux-2.6 <removed>
[squeeze] - linux-2.6 <not-affected> (Vulnerable code not present)
[lenny] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2011-4603 (The silc_channel_message function in ops.c in the SILC protocol plugin ...)
@@ -120848,7 +120848,7 @@
NOTE: incomplete fix for CVE-2011-2482
CVE-2011-4347 (The kvm_vm_ioctl_assign_device function in virt/kvm/assigned-dev.c in ...)
{DSA-2443-1}
- - linux-2.6 <unfixed>
+ - linux-2.6 <removed>
CVE-2011-4346 (Cross-site scripting (XSS) vulnerability in the web interface in Red ...)
NOT-FOR-US: Red Hat Satellite
CVE-2011-4345 (Cross-site scripting (XSS) vulnerability in Namazu before 2.0.21, when ...)
@@ -121520,7 +121520,7 @@
CVE-2011-4127 (The Linux kernel before 3.2.2 does not properly restrict SG_IO ioctl ...)
{DSA-2443-1 DSA-2389-1}
- libguestfs 1:1.14.8-1
- - linux-2.6 <unfixed>
+ - linux-2.6 <removed>
CVE-2011-4126
RESERVED
CVE-2011-4125
@@ -121658,7 +121658,7 @@
[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.37)
CVE-2011-4086 (The journal_unmap_buffer function in fs/jbd2/transaction.c in the ...)
{DSA-2469-1}
- - linux-2.6 <unfixed> (low)
+ - linux-2.6 <removed> (low)
CVE-2011-4085 (The servlets invoked by httpha-invoker in JBoss Enterprise Application ...)
NOT-FOR-US: JBoss Enterprise SOA Platform
CVE-2011-4084
@@ -128744,7 +128744,7 @@
{DSA-2264-1 DSA-2240-1}
- linux-2.6 2.6.39-1
CVE-2011-1747 (The agp subsystem in the Linux kernel 2.6.38.5 and earlier does not ...)
- - linux-2.6 <unfixed> (unimportant)
+ - linux-2.6 <removed> (unimportant)
NOTE: Can only be triggered with root equivalent privs -> non-issue
CVE-2011-1746 (Multiple integer overflows in the (1) agp_allocate_memory and (2) ...)
{DSA-2264-1 DSA-2240-1}
@@ -129142,7 +129142,7 @@
[lenny] - kdenetwork <not-affected> (Metalink plugin not yet present)
CVE-2011-1585 (The cifs_find_smb_ses function in fs/cifs/connect.c in the Linux ...)
{DSA-2240-1}
- - linux-2.6 <unfixed> (unimportant)
+ - linux-2.6 <removed> (unimportant)
NOTE: an exploitation requires the ability to run mount.cifs w/ root privs
CVE-2011-1584 (The updateFile function in inc/core/class.dc.media.php in the Media ...)
- dotclear <not-affected> (Fixed before initial upload to archive)
@@ -134047,7 +134047,7 @@
RESERVED
CVE-2010-4563 (The Linux kernel, when using IPv6, allows remote attackers to ...)
- linux <unfixed> (unimportant)
- - linux-2.6 <unfixed> (unimportant)
+ - linux-2.6 <removed> (unimportant)
NOTE: http://seclists.org/fulldisclosure/2011/Apr/254
CVE-2010-4562 (Microsoft Windows 2008, 7, Vista, 2003, 2000, and XP, when using IPv6, ...)
NOT-FOR-US: Microsoft Windows
@@ -165900,7 +165900,7 @@
NOTE: http://sam.zoy.org/blog/2007-01-16-exposing-file-parsing-vulnerabilities
CVE-2008-4609 (The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, ...)
- linux <unfixed> (unimportant)
- - linux-2.6 <unfixed> (unimportant)
+ - linux-2.6 <removed> (unimportant)
- linux-2.6.24 <removed> (unimportant)
NOTE: this is a design flaw in TCP itself; maximum impact is a denial-of-service
NOTE: there is no upstream solution
@@ -185220,7 +185220,7 @@
- linux-2.6 <not-affected> (There's a separate ID for 2.6, see CVE-2007-3719)
CVE-2007-3719 (The process scheduler in the Linux kernel 2.6.16 gives preference to ...)
- linux <unfixed> (unimportant)
- - linux-2.6 <unfixed> (unimportant)
+ - linux-2.6 <removed> (unimportant)
NOTE: This is the existing default behaviour of the scheduler, can be tuned
NOTE: to suit individual needs
CVE-2007-3718 (Multiple unspecified vulnerabilities in the SVG parsing engine in ...)
@@ -213462,7 +213462,7 @@
NOT-FOR-US: Dell hardware issue
CVE-2005-3660 (Linux kernel 2.4 and 2.6 allows attackers to cause a denial of service ...)
- linux <unfixed> (unimportant)
- - linux-2.6 <unfixed> (unimportant)
+ - linux-2.6 <removed> (unimportant)
NOTE: Design limitation, for rare corner cases, where this poses a problem advanced
NOTE: resource management systems can be deployed
CVE-2005-3659 (nsrd.exe in EMC Legato NetWorker 7.1.x before 7.1.4 and 7.2.x before ...)
@@ -229617,7 +229617,7 @@
- mc 1:4.6.0-4.6.1-pre1-2
CVE-2004-0230 (TCP, when using a large Window Size, makes it easier for remote ...)
- linux <unfixed> (unimportant)
- - linux-2.6 <unfixed> (unimportant)
+ - linux-2.6 <removed> (unimportant)
- linux-2.6.24 <removed> (unimportant)
NOTE: the attack works with a certain non-negligible probability, but even
NOTE: when successful, it only causes a TCP disconnect, which will (in most
More information about the Secure-testing-commits
mailing list