diff options
author | Michael Gilbert <michael.s.gilbert@gmail.com> | 2009-05-18 20:10:36 +0000 |
---|---|---|
committer | Michael Gilbert <michael.s.gilbert@gmail.com> | 2009-05-18 20:10:36 +0000 |
commit | fcf5476568161d360cf436f805d08b0d5c0d407d (patch) | |
tree | 1a9daa6e83feadc1499ed05497452b93e8a8210e /data | |
parent | 5e405fe4e01607f8859347b791f0b4b32bd52889 (diff) |
kernel issue triage
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@11917 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/list | 17 |
1 files changed, 11 insertions, 6 deletions
diff --git a/data/CVE/list b/data/CVE/list index dd24c2ce65..402ea1c79a 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -297,6 +297,9 @@ CVE-2009-1528 RESERVED CVE-2009-1527 (Race condition in the ptrace_attach function in kernel/ptrace.c in the ...) - linux-2.6 <unfixed> (high) + [etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.29) + [lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.29) + NOTE: vulnerability introduced in commit d84f4f99, which has only been included in the kernel since 2.6.29 NOTE: it has been confirmed that an exploit in the wild is making use of this vulnerability CVE-2009-1526 (JBMC Software DirectAdmin before 1.334 allows local users to create or ...) NOT-FOR-US: Directadmin @@ -738,8 +741,9 @@ CVE-2009-1364 (Use-after-free vulnerability in the embedded GD library in libwmf CVE-2009-1363 RESERVED CVE-2009-1360 (The __inet6_check_established function in net/ipv6/inet6_hashtables.c ...) - - linux-2.6 2.6.29-1 + - linux-2.6 2.6.29-1 (low; bug #529342) [etch] - linux-2.6 <not-affected> (Introduced in 2.6.27) + [lenny] - linux-2.6 <not-affected> (Introduced in 2.6.27) - linux-2.6.24 <not-affected> (Introduced in 2.6.27) CVE-2009-1411 (SQL injection vulnerability in events/inc/events.inc.php in the Events ...) NOT-FOR-US: Seditio CMS @@ -2964,9 +2968,10 @@ CVE-2009-0789 (OpenSSL before 0.9.8k on WIN64 and certain other platforms does n CVE-2009-0788 RESERVED CVE-2009-0787 (The ecryptfs_write_metadata_to_contents function in the eCryptfs ...) - - linux-2.6 2.6.29-1 + - linux-2.6 2.6.29-1 (medium; bug #529326) [etch] - linux-2.6 <not-affected> (ecryptfs was merged in 2.6.19) - - linux-2.6.24 <not-affected> (Only affects 2.6.28) + [lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.28) + - linux-2.6.24 <not-affected> (vulnerabile code introduced in 2.6.28) CVE-2009-0786 RESERVED CVE-2009-0785 @@ -20508,10 +20513,10 @@ CVE-2007-6509 (Unspecified vulnerability in Appian Enterprise Business Process . CVE-2007-6508 (Directory traversal vulnerability in view.php in xeCMS 1.0 allows ...) NOT-FOR-US: xeCMS CVE-2007-6514 (Apache HTTP Server, when running on Linux with a document root on a ...) - - linux-2.6 <unfixed> + - linux-2.6 <unfixed> (low; bug #529318) NOTE: While labeled as an Apache flaw, this needs to be fixed in smbfs - NOTE: This is likely already fixed in recent kernels, but we need to pin point - NOTE: a fixed version + NOTE: This is likely already fixed in recent kernels, but we need to pin point a fixed version + NOTE: Low urgency since the worst that can happen is exposure of php (or other script) code that was intended to be kept secret from remote http users CVE-2007-XXXX [venkman preinst symlink dos] - venkman 0.9.87.2-1 (bug #456520) [lenny] - venkman <not-affected> (Vulnerable code not present) |