r4573 - people/micah
Micah Anderson
micah at costa.debian.org
Fri Oct 21 02:00:36 UTC 2005
Author: micah
Date: 2005-10-21 02:00:36 +0000 (Fri, 21 Oct 2005)
New Revision: 4573
Modified:
people/micah/pending_CVE_requests
Log:
cve assignments have come in, more info to follow
Modified: people/micah/pending_CVE_requests
===================================================================
--- people/micah/pending_CVE_requests 2005-10-20 23:33:20 UTC (rev 4572)
+++ people/micah/pending_CVE_requests 2005-10-21 02:00:36 UTC (rev 4573)
@@ -1,7 +1,7 @@
1. fs-exec-posix-timers-leak-1.dpatch
STATUS: Submitted
======================================================
-Candidate:
+Candidate: CVE-2005-3271
CONFIRM: http://linux.bkbits.net:8080/linux-2.6/cset@414b332fsZQvEUsfzKJIo-q2_ZH0hg
REFERENCE: http://www.ussg.iu.edu/hypermail/linux/kernel/0409.1/1107.html
A potential local denial of service was discovered in Linux 2.6 prior to 2.6.9.
@@ -12,12 +12,14 @@
2. net-bridge-forwarding-poison-1.dpatch
net-bridge-forwarding-poison-2.dpatch:
STATUS: Submitted
-NOTES:
+NOTES: Mitre said: These 2 URLs appear to be for different issues,
+NOTE: and the first one doesn't seem security-relevant. I've created
+NOTE: a CAN for the latter.
M: the following are pre-requisites: net-bridge-mangle-oops-1.dpatch
M: net-bridge-mangle-oops-2.dpatch
dannf: This patch appears applicable to 2.6.0->2.6.11 (as noted above)
======================================================
-Candidate:
+Candidate: CVE-2005-3272
CONFIRM: URL: http://linux.bkbits.net:8080/linux-2.6/cset@412d2246sXjFQD6OadAB57YWvqR9vQ
CONFIRM: http://linux.bkbits.net:8080/linux-2.6/cset@1.3097.18.19?nav=index.html|src/|src/net|src/net/bridge|related/net/bridge/br_input.c
Spoofed source addresses on the public facing side of a bridge can
@@ -33,7 +35,7 @@
dannf> CAP_NET_ADMIN is required to use the interface, which makes this issue
dannf> quite minor
======================================================
-Candidate:
+Candidate:CVE-2005-3273
CONFIRM: http://linux.bkbits.net:8080/linux-2.6/diffs/net/rose/rose_route.c@1.16?nav=index.html|src/|src/net|src/net/rose|related/net/rose/rose_route.c|cset@1.2009.1.46
REFERENCE: http://lkml.org/lkml/2005/5/23/169
The rose_rt_ioctl() function in Linux 2.6 kernels prior to 2.6.12 did not sanity check the
@@ -45,7 +47,7 @@
4. net-ipv4-ipvs-conn_tab-race.dpatch
STATUS: Submitted
======================================================
-Candidate:
+Candidate: CVE-2005-3274
CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/marcelo/linux-2.4.git;a=commit;h=e684f066dff5628bb61ad1912de6e8058b5b4c7d
REFERENCE:http://lkml.org/lkml/2005/6/23/249
REFERENCE:http://lkml.org/lkml/2005/6/24/173
@@ -66,7 +68,7 @@
dannf> I'm not positive it is; but if it is, this description should do
M> I think its safer to assume it is if we aren't positive, so I'll submit it
======================================================
-Candidate:
+Candidate:CVE-205-3275
CONFIRM: http://linux.bkbits.net:8080/linux-2.6/cset@1.3596.79.34?nav=index.html|src/|src/net|src/net/ipv4|src/net/ipv4/netfilter|related/net/ipv4/netfilter/ip_nat_proto_udp.c
A potential memory corruption bug exists in the NAT code in Linux
kernels prior to 2.6.13 and 2.4.32-rc1. The portptr pointing to the
@@ -156,7 +158,7 @@
STATUS: Submitted
NOTES:
======================================================
-Candidate:
+Candidate: CVE-2005-3276
CONFIRM: http://linux.bkbits.net:8080/linux-2.6/cset@1.3700.4.106?nav=index.html|src/|src/arch|src/arch/i386|src/arch/i386/kernel|related/arch/i386/kernel/process.c
CONFIRM: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=71ae18ec690953e9ba7107c7cc44589c2cc0d9f1
REFERENCE: http://lkml.org/lkml/2005/8/3/36
@@ -167,9 +169,9 @@
14. fs_ext2_ext3_xattr-sharing.dpatch
STATUS: Submitted
-NOTES:
+NOTES: CVE-2005-2801 previously published.
======================================================
-Candidate:
+Candidate: CVE-2005-2801 previously published.
REFERENCE: http://lists.debian.org/debian-kernel/2005/08/msg00238.html
REFERENCE: http://www.novell.com/linux/security/advisories/2005_18_kernel.html
REFERENCE: http://acl.bestbits.at/pipermail/acl-devel/2005-February/001848.html
@@ -180,10 +182,10 @@
15. 184_arch-x86_64-ia32-ptrace32-oops.diff
STATUS: Submitted
-NOTES:
+NOTES: CVE-2005-2553
dannf> This is the only one in 2.4.27-10sarge1 I couldn't find a CAN for elsewhere...
======================================================
-Candidate:
+Candidate: CVE-2005-2553
REFERENCE: http://lkml.org/lkml/2005/1/5/245
CONFIRM: http://linux.bkbits.net:8080/linux-2.4/cset@41dd3455GwQPufrGvBJjcUOXQa3WXA
Mark Bellon discovered a bug in the ptrace32 code routine on x86_64
More information about the Kernel-svn-changes
mailing list