Author: jmm-guest
Date: 2005-12-15 09:39:16 +0000 (Thu, 15 Dec 2005)
New Revision: 3048
Modified:
data/CVE/list
data/DSA/list
Log:
*uff*
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2005-12-15 09:14:21 UTC (rev 3047)
+++ data/CVE/list 2005-12-15 09:39:16 UTC (rev 3048)
@@ -2766,28 +2766,23 @@
CVE-2005-3276 (The sys_get_thread_area function in process.c in Linux 2.6
before ...)
- linux-2.6 2.6.12-2
- kernel-source-2.4.27 <not-affected>
- [sarge] - kernel-source-2.6.8 2.6.8-16sarge1
CVE-2005-3275 (The NAT code (1) ip_nat_proto_tcp.c and (2) ip_nat_proto_udp.c
in ...)
{DSA-921-1}
- linux-2.6 2.6.13-1 (low)
- kernel-source-2.4.27 2.4.27-11 (low)
- [sarge] - kernel-source-2.6.8 2.6.8-16sarge1 (low)
CVE-2005-3274 (Race condition in ip_vs_conn_flush in Linux 2.6 before 2.6.13
and 2.4 ...)
- linux-2.6 2.6.13-1 (low)
- [sarge] - kernel-source-2.6.8 2.6.8-16sarge1 (low)
+ TODO: Check, whether the 2.4 fix was included in the DSA
[sarge] - kernel-source-2.4.27 2.4.27-10sarge1 (low)
CVE-2005-3273 (The rose_rt_ioctl function in rose_route.c for Radionet Open
Source ...)
- linux-2.6 2.6.12-1
- kernel-source-2.4.27 <not-affected>
- [sarge] - kernel-source-2.6.8 2.6.8-16sarge1
CVE-2005-3272 (Linux kernel before 2.6.12 allows remote attackers to poison
the ...)
- linux-2.6 2.6.12-1
- kernel-source-2.4.27 <not-affected>
- [sarge] - kernel-source-2.6.8 2.6.8-16sarge1
CVE-2005-3271 (Exec in Linux kernel 2.6 does not properly clear posix-timers
in ...)
- - linux-2.6 <not-affected> (Fixed before linux-2.6 was introduced)
+ - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.9)
- kernel-source-2.4.27 <not-affected>
- [sarge] - kernel-source-2.6.8 2.6.8-16sarge1
CVE-2005-3270 (Untrusted search path vulnerability in DiskMountNotify for
Symantec ...)
NOT-FOR-US: Symantec Antivirus
CVE-2005-3269 (Unspecified "security exposure" in the HTTP Admin
interface for Sun ...)
@@ -3169,24 +3164,22 @@
CVE-2005-3112 (The "reset password" feature in Macromedia Breeze 5.0
stores passwords ...)
NOT-FOR-US: Macromedia Breeze
CVE-2005-3110 (Race condition in ebtables netfilter module (ebtables.c) in
Linux 2.6, ...)
- - linux-2.6 2.6.12-1
- - kernel-source-2.6.8 2.6.8-16sarge1
- NOTE: 2.4.27 not applicable
+ - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.11)
+ - kernel-source-2.4.27 <not-affected>
CVE-2005-3109 (The HFS and HFS+ (hfsplus) modules in Linux 2.6 allow attackers
to ...)
- - linux-2.6 2.6.12-1
- - kernel-source-2.6.8 2.6.8-16sarge1
+ - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.12)
- kernel-source-2.4.27 <unfixed> (low)
CVE-2005-3108 (mm/ioremap.c in Linux 2.6 on 64-bit x86 systems allows local
users to ...)
- - linux-2.6 2.6.12-1
- - kernel-source-2.6.8 2.6.8-16sarge1
+ - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.12)
+ - kernel-source-2.4.27 <not-affected>
CVE-2005-3107 (fs/exec.c in Linux 2.6, when one thread is tracing another
thread that ...)
- linux-2.6 <not-affected> (Fixed before upload into archive; in 2.6.11)
- - kernel-source-2.6.8 2.6.8-16sarge1 (low)
+ - kernel-source-2.4.27 <not-affected>
CVE-2005-3106 (Race condition in Linux 2.6, when threads are sharing memory
mapping ...)
- - kernel-source-2.6.8 2.6.8-16sarge1
+ - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11)
CVE-2005-3105 (The mprotect code (mprotect.c) in Linux 2.6 on Itanium IA64
Montecito ...)
- - kernel-source-2.6.8 2.6.8-16sarge1
- kernel-source-2.4.27 <unfixed> (bug #332569; medium)
+ - linux-2.6 2.6.12-1
CVE-2005-XXXX [Minor local DoS as libldap]
- openldap <unfixed> (bug #253838; low)
TODO: Check, whether openldap2.2 is affected as well
@@ -4258,10 +4251,8 @@
- courier 0.47-8 (medium; bug #325631)
CVE-2005-2801 (xattr.c in the ext2 and ext3 file system code for Linux kernel
2.6 ...)
{DSA-921-1}
- - kernel-source-2.6.8 2.6.8-16sarge1 (medium)
+ - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11)
TODO: When was this fixed in sid for 2.4?
- NOTE: this was fixed upstream in 2.6.11 (See bug #328395)
- NOTE: http://lists.debian.org/debian-kernel/2005/08/msg00238.html
CVE-2005-2873 (The ipt_recent kernel module (ipt_recent.c) in Linux kernel
2.6.12 and ...)
- kernel-source-2.4.27 <unfixed> (bug #332228; low)
- kernel-source-2.6.8 <unfixed> (bug #332231; low)
@@ -4271,7 +4262,7 @@
CVE-2005-2872 (The ipt_recent kernel module (ipt_recent.c) in Linux kernel
before ...)
{DSA-921-1}
- kernel-source-2.4.27 2.4.27-11 (bug #322237; medium)
- - kernel-source-2.6.8 2.6.8-16sarge2 (medium)
+ - linux-2.6 2.6.12-1
CVE-2005-2761 (Cross-site scripting (XSS) vulnerability in phpGroupWare
0.9.16.000 ...)
{DSA-798-1}
- phpgroupware 0.9.16.008-1 (unknown)
@@ -5154,9 +5145,9 @@
- kernel-source-2.6.8 2.6.8-16sarge2
CVE-2004-2302 (Race condition in the sysfs_read_file and sysfs_write_file
functions ...)
{DTSA-16-1}
- - kernel-source-2.6.8 <unfixed> (bug #322339; medium)
- - linux-2.6 2.6.12-1 (bug #322339; medium)
- NOTE: 2.4.27 not affected
+ - linux-2.6 <not-affected> (Fixed before upload into archive)
+ TODO: Check, when this was fixed upstream
+ - kernel-source-2.4.27 <not-affected>
CVE-2005-XXXX [Buffer overflow in Description parsing]
- bidwatcher <removed> (bug #319489; high)
CVE-2005-XXXX [Does not do escaping in mysql version - both a worrying flaw
and stops adduser working]
@@ -5228,7 +5219,6 @@
CVE-2005-2458 (inflate.c in the zlib routines in the Linux kernel before
2.6.12.5 ...)
{DSA-921-1 DTSA-16-1}
- linux-2.6 2.6.12-3 (bug #323173; medium)
- [sarge] - kernel-source-2.6.8 2.6.8-16sarge1 (medium)
- kernel-source-2.4.27 2.4.27-12 (medium)
CVE-2004-2301 (Eudora before 6.1.1 allows remote attackers to cause a denial
of ...)
NOT-FOR-US: Eudora
@@ -8377,24 +8367,20 @@
NOTE: <http://service.real.com/help/faq/security/050623_player/EN/>
CVE-2005-1765 (syscall in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64
platform, ...)
{DTSA-16-1}
- [sarge] - kernel-source-2.6.8 2.6.8-16sarge1
- linux-2.6 2.6.12-1 (medium)
- kernel-source-2.4.27 <not-affected>
CVE-2005-1764 (Linux 2.6.11 on 64-bit x86 (x86_64) platforms does not use a
guard ...)
- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11)
- kernel-source-2.4.27 <not-affected>
CVE-2005-1763 (Buffer overflow in ptrace in the Linux Kernel for 64-bit
architectures ...)
- [sarge] - kernel-source-2.6.8 2.6.8-17
- linux-2.6 <not-affected> (Fixed before upload into archive;
2.6.12-rc5)
CVE-2005-1762 (The ptrace call in the Linux kernel 2.6.8.1 and 2.6.10 for the
AMD64 ...)
{DSA-921-1 DTSA-16-1}
- linux-2.6 <not-affected> (Fixed before upload into archive;
2.6.12-rc5)
- [sarge] - kernel-source-2.6.8 2.6.8-17
- kernel-source-2.4.27 2.4.27-11
CVE-2005-1761 (Linux kernel 2.6 and 2.4 on the IA64 architecture allows local
users ...)
{DTSA-16-1}
- linux-2.6 2.6.12-1 (medium)
- [sarge] - kernel-source-2.6.8 2.6.8-17
- kernel-source-2.4.27 <unfixed> (low)
CVE-2005-1760 (sysreport 1.3.15 and earlier includes contents of the up2date
file in ...)
NOT-FOR-US: sysreport
@@ -11835,12 +11821,11 @@
CVE-2005-0757 (The xattr file system code, as backported in Red Hat Enterprise
Linux ...)
{DSA-921-1}
- kernel-source-2.4.27 2.4.27-11 (bug #311164)
- [sarge] - kernel-source-2.6.8 2.6.8-17
- linux-2.6 <not-affected> (Fixed before upload in archive)
+ TODO: Check, when this was fixed upstream
CVE-2005-0756 (ptrace 2.6.8.1 does not properly verify addresses on the amd64
...)
{DSA-921-1}
- kernel-source-2.4.27 2.4.27-11 (medium)
- [sarge] - kernel-source-2.6.8 2.6.8-17 (medium)
- linux-2.6 <not-affected> (Fixed before upload into archive;
2.6.12-rc5)
CVE-2005-0755 (Heap-based buffer overflow in RealPlayer 10 and earlier, Helix
Player ...)
- helix-player 1.0.4-1
Modified: data/DSA/list
===================================================================
--- data/DSA/list 2005-12-15 09:14:21 UTC (rev 3047)
+++ data/DSA/list 2005-12-15 09:39:16 UTC (rev 3048)
@@ -1,3 +1,7 @@
+[14 Dec 2005] DSA-922-1 kernel-source-2.6.8 - several
+ {CVE-2004-2302 CVE-2005-0756 CVE-2005-0757 CVE-2005-1265 CVE-2005-1761
CVE-2005-1762 CVE-2005-1763 CVE-2005-1765 CVE-2005-1767 CVE-2005-2456
CVE-2005-2458 CVE-2005-2459 CVE-2005-2548 CVE-2005-2801 CVE-2005-2872
CVE-2005-3105 CVE-2005-3106 CVE-2005-3107 CVE-2005-3108 CVE-2005-3109
CVE-2005-3110 CVE-2005-3271 CVE-2005-3272 CVE-2005-3273 CVE-2005-3274
CVE-2005-3275 CVE-2005-3276}
+ [sarge] - kernel-source-2.6.8 2.6.8-16sarge1
+ NOTE: fixed in testing at time of DSA
[14 Dec 2005] DSA-921-1 kernel-source-2.4.27 - several
{CVE-2005-0756 CVE-2005-0757 CVE-2005-1762 CVE-2005-1767 CVE-2005-1768
CVE-2005-2456 CVE-2005-2458 CVE-2005-2459 CVE-2005-2553 CVE-2005-2801
CVE-2005-2872 CVE-2005-3275}
[sarge] - kernel-source-2.4.27 2.4.27-10sarge1
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
