Author: carnil Date: 2013-10-20 20:31:09 +0000 (Sun, 20 Oct 2013) New Revision: 24083
Modified: data/CVE/list Log: Add fixed version for linux/3.11.5-1 upload to unstable Modified: data/CVE/list =================================================================== --- data/CVE/list 2013-10-20 20:19:24 UTC (rev 24082) +++ data/CVE/list 2013-10-20 20:31:09 UTC (rev 24083) @@ -3922,7 +3922,7 @@ NOTE: http://git.videolan.org/?p=vlc.git;a=commitdiff;h=9794ec1cd268c04c8bca13a5fae15df6594dff3e CVE-2013-4387 (net/ipv6/ip6_output.c in the Linux kernel through 3.11.4 does not ...) - linux-2.6 <removed> - - linux <unfixed> + - linux 3.11.5-1 CVE-2013-4386 RESERVED CVE-2013-4385 (Buffer overflow in the "read-string!" procedure in the "extras" unit ...) @@ -4056,7 +4056,7 @@ - gnupg2 2.0.22-1 (low; bug #722724) CVE-2013-4350 (The IPv6 SCTP implementation in net/sctp/ipv6.c in the Linux kernel ...) - linux-2.6 <removed> - - linux <unfixed> + - linux 3.11.5-1 NOTE: http://www.openwall.com/lists/oss-security/2013/09/13/2 NOTE: http://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=95ee62083cb6453e056562d91f597552021e6ae7 CVE-2013-4349 [IcedTeaScriptableJavaObject::invoke off-by-one heap-based buffer overflow] @@ -4081,7 +4081,7 @@ NOTE: https://github.com/simplegeo/python-oauth2/issues/129 CVE-2013-4345 (Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c ...) - linux-2.6 <removed> - - linux <unfixed> + - linux 3.11.5-1 CVE-2013-4344 (Buffer overflow in the SCSI implementation in QEMU, as used in Xen, ...) - xen 4.2-1 - qemu 1.6.0+dfsg-2 (unimportant; bug #725944) @@ -4092,7 +4092,7 @@ NOTE: Xen in Wheezy includes qemu NOTE: Xen after Wheezy uses qemu-system-x86 from qemu, marking 4.2 as pseudo fixed CVE-2013-4343 (Use-after-free vulnerability in drivers/net/tun.c in the Linux kernel ...) - - linux <unfixed> + - linux 3.11.5-1 [wheezy] - linux <not-affected> (Introduced in 3.8) - linux-2.6 <not-affected> (Introduced in 3.8) CVE-2013-4342 (xinetd does not enforce the user and group configuration directives ...) @@ -7658,21 +7658,21 @@ [wheezy] - linux <not-affected> (driver introduced in 3.7) - linux-2.6 <not-affected> (driver introduced in 3.7) CVE-2013-2897 (Multiple array index errors in drivers/hid/hid-multitouch.c in the ...) - - linux <unfixed> (low) + - linux 3.11.5-1 (low) - linux-2.6 <not-affected> (driver introduced in 2.6.38) CVE-2013-2896 (drivers/hid/hid-ntrig.c in the Human Interface Device (HID) subsystem ...) - linux 3.10.11-1 (low) [wheezy] - linux 3.2.51-1 - linux-2.6 <not-affected> (Vulnerable feature probing code not present) CVE-2013-2895 (drivers/hid/hid-logitech-dj.c in the Human Interface Device (HID) ...) - - linux <unfixed> (low) + - linux 3.11.5-1 (low) - linux-2.6 <not-affected> (driver introduced in 3.2) CVE-2013-2894 (drivers/hid/hid-lenovo-tpkbd.c in the Human Interface Device (HID) ...) - - linux <unfixed> (low) + - linux 3.11.5-1 (low) [wheezy] - linux <not-affected> (driver introduced in 3.6) - linux-2.6 <not-affected> (driver introduced in 3.6) CVE-2013-2893 (The Human Interface Device (HID) subsystem in the Linux kernel through ...) - - linux <unfixed> (low) + - linux 3.11.5-1 (low) - linux-2.6 <removed> (low) CVE-2013-2892 (drivers/hid/hid-pl.c in the Human Interface Device (HID) subsystem in ...) {DSA-2766-1} @@ -7680,14 +7680,14 @@ [wheezy] - linux 3.2.51-1 - linux-2.6 <removed> (low) CVE-2013-2891 (drivers/hid/hid-steelseries.c in the Human Interface Device (HID) ...) - - linux <unfixed> (low) + - linux 3.11.5-1 (low) [wheezy] - linux <not-affected> (steelseries driver introduced in 3.9) - linux-2.6 <not-affected> (steelseries driver introduced in 3.9) CVE-2013-2890 (drivers/hid/hid-sony.c in the Human Interface Device (HID) subsystem ...) - linux <not-affected> (buzz driver introduced in 3.11 cycle, only in experimental) - linux-2.6 <not-affected> (buzz driver introduced in 3.11 cycle) CVE-2013-2889 (drivers/hid/hid-zpff.c in the Human Interface Device (HID) subsystem ...) - - linux <unfixed> (low) + - linux 3.11.5-1 (low) - linux-2.6 <removed> (low) CVE-2013-2888 (Multiple array index errors in drivers/hid/hid-core.c in the Human ...) {DSA-2766-1} @@ -9760,7 +9760,7 @@ - linux 3.9.8-1 (low) CVE-2013-2147 (The HP Smart Array controller disk-array driver and Compaq SMART2 ...) - linux-2.6 <removed> (low) - - linux <unfixed> (low) + - linux 3.11.5-1 (low) CVE-2013-2146 (arch/x86/kernel/cpu/perf_event_intel.c in the Linux kernel before ...) - linux-2.6 <not-affected> (Introduced in 3.1) - linux 3.9.4-1 _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits