[kernel-sec-discuss] r882 - active retired

jmm at alioth.debian.org jmm at alioth.debian.org
Wed Jul 4 07:08:52 UTC 2007 

Author: jmm
Date: 2007-07-04 07:08:52 +0000 (Wed, 04 Jul 2007)
New Revision: 882

Added:
   retired/CVE-2007-2451
Removed:
   active/CVE-2007-2451
Log:
retire CVE-2007-2451


Deleted: active/CVE-2007-2451
===================================================================
--- active/CVE-2007-2451	2007-07-04 07:01:02 UTC (rev 881)
+++ active/CVE-2007-2451	2007-07-04 07:08:52 UTC (rev 882)
@@ -1,21 +0,0 @@
-Candidate: CVE-2007-2451
-References: 
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=761e784673d79c8ea9befdad31e30c65e0d20b82
-Description: 
- Unspecified vulnerability in drivers/crypto/geode-aes.c in GEODE-AES in
- the Linux kernel before 2.6.21.3 allows attackers to obtain sensitive
- information via unspecified vectors.
-Ubuntu-Description: 
- The GEODE-AES driver did not correctly initialize the encryption key.
- Any data encrypted using this type of device would be easily compromised.
-Notes: 
- jmm> Vulnerable code was introduced after 2.6.19 release
-Bugs: 
-upstream: released (2.6.21.3, 2.6.20.12)
-linux-2.6: released (2.6.21-3)
-2.6.18-etch-security: N/A
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: N/A
-2.6.15-dapper-security: N/A
-2.6.17-edgy-security: N/A
-2.6.20-feisty-security: released (2.6.20-16.29)

Copied: retired/CVE-2007-2451 (from rev 881, active/CVE-2007-2451)
===================================================================
--- retired/CVE-2007-2451	                        (rev 0)
+++ retired/CVE-2007-2451	2007-07-04 07:08:52 UTC (rev 882)
@@ -0,0 +1,21 @@
+Candidate: CVE-2007-2451
+References: 
+ http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=761e784673d79c8ea9befdad31e30c65e0d20b82
+Description: 
+ Unspecified vulnerability in drivers/crypto/geode-aes.c in GEODE-AES in
+ the Linux kernel before 2.6.21.3 allows attackers to obtain sensitive
+ information via unspecified vectors.
+Ubuntu-Description: 
+ The GEODE-AES driver did not correctly initialize the encryption key.
+ Any data encrypted using this type of device would be easily compromised.
+Notes: 
+ jmm> Vulnerable code was introduced after 2.6.19 release
+Bugs: 
+upstream: released (2.6.21.3, 2.6.20.12)
+linux-2.6: released (2.6.21-3)
+2.6.18-etch-security: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.6.15-dapper-security: N/A
+2.6.17-edgy-security: N/A
+2.6.20-feisty-security: released (2.6.20-16.29)

More information about the kernel-sec-discuss mailing list