Author: jmm-guest
Date: 2007-06-13 20:32:22 +0000 (Wed, 13 Jun 2007)
New Revision: 6000
Modified:
data/CVE/list
Log:
three new kernel issues
findutils no-dsa
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-06-13 15:51:56 UTC (rev 5999)
+++ data/CVE/list 2007-06-13 20:32:22 UTC (rev 6000)
@@ -637,9 +637,9 @@
CVE-2007-2877 (Buffer overflow in tcl/win/tclWinReg.c in Tcl (Tcl/Tk) before
8.5a6 ...)
NOTE: Not a security issue; Windows-only anyway.
CVE-2007-2876 (The sctp_new function in (1) ip_conntrack_proto_sctp.c and (2)
...)
- TODO: check
+ - linux-2.6 <unfixed> (medium)
CVE-2007-2875 (Integer underflow in the cpuset_tasks_read function in the
Linux ...)
- TODO: check
+ - linux-2.6 <unfixed> (medium)
CVE-2007-2874
RESERVED
CVE-2007-2873 (SpamAssassin 3.1.x, 3.2.0, and 3.2.1 before 20070611, when
running as ...)
@@ -1590,9 +1590,11 @@
CVE-2007-2454 (Heap-based buffer overflow in the VGA device in Parallels
allows local ...)
NOT-FOR-US: Parallels
CVE-2007-2453 (The random number feature in Linux kernel 2.6 before 2.6.20.13,
and ...)
- TODO: check
+ - linux-2.6 <unfixed> (low)
CVE-2007-2452 (Heap-based buffer overflow in the visit_old_format function in
...)
- findutils 4.2.31-1 (low; bug #426862)
+ [sarge] - findutils <no-dsa> (Not vulnerable in default configuration,
minor issue)
+ [etch] - findutils <no-dsa> (Not vulnerable in default configuration,
minor issue)
CVE-2007-2451 (Unspecified vulnerability in drivers/crypto/geode-aes.c in
GEODE-AES ...)
- linux-2.6 2.6.21-3
[etch] - linux-2.6 <not-affected> (Vulnerable code not present,
introduced in 2.6.20)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
