r4573 - people/micah

Micah Anderson micah at costa.debian.org
Fri Oct 21 02:00:36 UTC 2005 

Author: micah
Date: 2005-10-21 02:00:36 +0000 (Fri, 21 Oct 2005)
New Revision: 4573

Modified:
   people/micah/pending_CVE_requests
Log:
cve assignments have come in, more info to follow


Modified: people/micah/pending_CVE_requests
===================================================================
--- people/micah/pending_CVE_requests	2005-10-20 23:33:20 UTC (rev 4572)
+++ people/micah/pending_CVE_requests	2005-10-21 02:00:36 UTC (rev 4573)
@@ -1,7 +1,7 @@
 1. fs-exec-posix-timers-leak-1.dpatch 
 STATUS: Submitted
 ======================================================
-Candidate:
+Candidate: CVE-2005-3271
 CONFIRM: http://linux.bkbits.net:8080/linux-2.6/cset@414b332fsZQvEUsfzKJIo-q2_ZH0hg
 REFERENCE: http://www.ussg.iu.edu/hypermail/linux/kernel/0409.1/1107.html
 A potential local denial of service was discovered in Linux 2.6 prior to 2.6.9.
@@ -12,12 +12,14 @@
 2. net-bridge-forwarding-poison-1.dpatch  
    net-bridge-forwarding-poison-2.dpatch:
 STATUS: Submitted
-NOTES:
+NOTES: Mitre said: These 2 URLs appear to be for different issues, 
+NOTE: and the first one doesn't seem security-relevant.  I've created 
+NOTE: a CAN for the latter.
 M: the following are pre-requisites: net-bridge-mangle-oops-1.dpatch 
 M: net-bridge-mangle-oops-2.dpatch
 dannf: This patch appears applicable to 2.6.0->2.6.11 (as noted above)
 ======================================================
-Candidate:
+Candidate: CVE-2005-3272
 CONFIRM: URL: http://linux.bkbits.net:8080/linux-2.6/cset@412d2246sXjFQD6OadAB57YWvqR9vQ
 CONFIRM: http://linux.bkbits.net:8080/linux-2.6/cset@1.3097.18.19?nav=index.html|src/|src/net|src/net/bridge|related/net/bridge/br_input.c
 Spoofed source addresses on the public facing side of a bridge can
@@ -33,7 +35,7 @@
 dannf> CAP_NET_ADMIN is required to use the interface, which makes this issue
 dannf> quite minor
 ======================================================
-Candidate:
+Candidate:CVE-2005-3273
 CONFIRM: http://linux.bkbits.net:8080/linux-2.6/diffs/net/rose/rose_route.c@1.16?nav=index.html|src/|src/net|src/net/rose|related/net/rose/rose_route.c|cset@1.2009.1.46
 REFERENCE: http://lkml.org/lkml/2005/5/23/169
 The rose_rt_ioctl() function in Linux 2.6 kernels prior to 2.6.12 did not sanity check the
@@ -45,7 +47,7 @@
 4. net-ipv4-ipvs-conn_tab-race.dpatch
 STATUS: Submitted
 ======================================================
-Candidate:
+Candidate: CVE-2005-3274
 CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/marcelo/linux-2.4.git;a=commit;h=e684f066dff5628bb61ad1912de6e8058b5b4c7d
 REFERENCE:http://lkml.org/lkml/2005/6/23/249
 REFERENCE:http://lkml.org/lkml/2005/6/24/173
@@ -66,7 +68,7 @@
 dannf> I'm not positive it is; but if it is, this description should do
 M> I think its safer to assume it is if we aren't positive, so I'll submit it
 ======================================================
-Candidate:
+Candidate:CVE-205-3275
 CONFIRM: http://linux.bkbits.net:8080/linux-2.6/cset@1.3596.79.34?nav=index.html|src/|src/net|src/net/ipv4|src/net/ipv4/netfilter|related/net/ipv4/netfilter/ip_nat_proto_udp.c
 A potential memory corruption bug exists in the NAT code in Linux
 kernels prior to 2.6.13 and 2.4.32-rc1.  The portptr pointing to the
@@ -156,7 +158,7 @@
 STATUS: Submitted
 NOTES:
 ======================================================
-Candidate:
+Candidate: CVE-2005-3276
 CONFIRM: http://linux.bkbits.net:8080/linux-2.6/cset@1.3700.4.106?nav=index.html|src/|src/arch|src/arch/i386|src/arch/i386/kernel|related/arch/i386/kernel/process.c
 CONFIRM: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=71ae18ec690953e9ba7107c7cc44589c2cc0d9f1
 REFERENCE: http://lkml.org/lkml/2005/8/3/36
@@ -167,9 +169,9 @@
 
 14. fs_ext2_ext3_xattr-sharing.dpatch
 STATUS: Submitted
-NOTES:
+NOTES: CVE-2005-2801 previously published.
 ======================================================
-Candidate:
+Candidate: CVE-2005-2801 previously published.
 REFERENCE: http://lists.debian.org/debian-kernel/2005/08/msg00238.html
 REFERENCE: http://www.novell.com/linux/security/advisories/2005_18_kernel.html
 REFERENCE: http://acl.bestbits.at/pipermail/acl-devel/2005-February/001848.html
@@ -180,10 +182,10 @@
 
 15. 184_arch-x86_64-ia32-ptrace32-oops.diff
 STATUS: Submitted
-NOTES:
+NOTES: CVE-2005-2553
 dannf> This is the only one in 2.4.27-10sarge1 I couldn't find a CAN for elsewhere...
 ======================================================
-Candidate:
+Candidate: CVE-2005-2553
 REFERENCE: http://lkml.org/lkml/2005/1/5/245
 CONFIRM: http://linux.bkbits.net:8080/linux-2.4/cset@41dd3455GwQPufrGvBJjcUOXQa3WXA
 Mark Bellon discovered a bug in the ptrace32 code routine on x86_64

More information about the Kernel-svn-changes mailing list