[kernel-sec-discuss] r1979 - active retired

Moritz Muehlenhoff jmm at alioth.debian.org
Thu Sep 30 07:16:55 UTC 2010 

Author: jmm
Date: 2010-09-30 07:16:53 +0000 (Thu, 30 Sep 2010)
New Revision: 1979

Added:
   retired/CVE-2010-2960
   retired/CVE-2010-3080
   retired/CVE-2010-3081
Removed:
   active/CVE-2010-2960
   active/CVE-2010-3080
   active/CVE-2010-3081
Log:
retire issues


Deleted: active/CVE-2010-2960
===================================================================
--- active/CVE-2010-2960	2010-09-30 07:15:42 UTC (rev 1978)
+++ active/CVE-2010-2960	2010-09-30 07:16:53 UTC (rev 1979)
@@ -1,16 +0,0 @@
-Candidate: CVE-2010-2960
-Description: keyctl_session_to_parent null ptr deref
-References:
-Notes:
- Patches (not in upstream yet):
- https://bugzilla.redhat.com/show_bug.cgi?id=627440#c4
- https://bugzilla.redhat.com/show_bug.cgi?id=627440#c5
- Introduced via upstream commit ee18d64c (v2.6.32-rc1)
- https://bugzilla.redhat.com/CVE-2010-2960
- https://bugzilla.redhat.com/show_bug.cgi?id=627440#c3
-Bugs:
-upstream: released (2.6.36-rc4) [9d1ac65, 3d96406]
-2.6.32-upstream-stable: released (2.6.32.23)
-linux-2.6: released (2.6.32-23) [bugfix/all/keys-fix-RCU-no-lock-warning-in-keyctl_session_to_parent.patch, bugfix/all/keys-fix-bug-in-keyctl_session_to_parent-if-parent-has-no-session-keyring.patch]
-2.6.26-lenny-security: N/A
-2.6.32-squeeze-security: released (2.6.32-23) [bugfix/all/keys-fix-RCU-no-lock-warning-in-keyctl_session_to_parent.patch, bugfix/all/keys-fix-bug-in-keyctl_session_to_parent-if-parent-has-no-session-keyring.patch]

Deleted: active/CVE-2010-3080
===================================================================
--- active/CVE-2010-3080	2010-09-30 07:15:42 UTC (rev 1978)
+++ active/CVE-2010-3080	2010-09-30 07:16:53 UTC (rev 1979)
@@ -1,14 +0,0 @@
-Candidate: CVE-2010-3080
-Description:
-References:
- https://bugzilla.redhat.com/CVE-2010-3080
- http://git.kernel.org/?p=linux/kernel/git/tiwai/sound-2.6.git;a=commitdiff;h=c598337660c21c0afaa9df5a65bb4a7a0cf15be8
-Notes:
- CONFIG_SND_SEQUENCER_OSS is not set though, so not an issue for prebuilt kernels"
-Bugs:
-upstream: released (2.6.32-rc4) [27f7ad5]
-2.6.32-upstream-stable: released (2.6.32.22) [alsa-seq-oss-fix-double-free-at-error-path-of-snd_seq_oss_open.patch]
-linux-2.6: released (2.6.32-24)
-2.6.26-lenny-security: released (2.6.26-25lenny1) [alsa-seq-oss-fix-double-free-at-error-path-of-snd_seq_oss_open.patch]
-2.6.32-squeeze-security: released (2.6.32-24)
-

Deleted: active/CVE-2010-3081
===================================================================
--- active/CVE-2010-3081	2010-09-30 07:15:42 UTC (rev 1978)
+++ active/CVE-2010-3081	2010-09-30 07:16:53 UTC (rev 1979)
@@ -1,12 +0,0 @@
-Candidate: CVE-2010-3081
-Description:
-References:
- http://sota.gen.nz/compat1/
-Notes:
- commit c41d68a
-Bugs:
-upstream: released (2.6.36-rc5) 
-2.6.32-upstream-stable: released (2.6.32.22) [compat-make-compat_alloc_user_space-incorporate-the-access_ok.patch]
-linux-2.6: released (2.6.32-23) [bugfix/all/compat-make-compat_alloc_user_space-incorporate-the-access_ok.patch]
-2.6.26-lenny-security: released (2.6.26-25lenny1) [bugfix/all/compat-make-compat_alloc_user_space-incorporate-the_access_ok.patch]
-2.6.32-squeeze-security: released (2.6.32-23) [bugfix/all/compat-make-compat_alloc_user_space-incorporate-the-access_ok.patch]

Copied: retired/CVE-2010-2960 (from rev 1978, active/CVE-2010-2960)
===================================================================
--- retired/CVE-2010-2960	                        (rev 0)
+++ retired/CVE-2010-2960	2010-09-30 07:16:53 UTC (rev 1979)
@@ -0,0 +1,16 @@
+Candidate: CVE-2010-2960
+Description: keyctl_session_to_parent null ptr deref
+References:
+Notes:
+ Patches (not in upstream yet):
+ https://bugzilla.redhat.com/show_bug.cgi?id=627440#c4
+ https://bugzilla.redhat.com/show_bug.cgi?id=627440#c5
+ Introduced via upstream commit ee18d64c (v2.6.32-rc1)
+ https://bugzilla.redhat.com/CVE-2010-2960
+ https://bugzilla.redhat.com/show_bug.cgi?id=627440#c3
+Bugs:
+upstream: released (2.6.36-rc4) [9d1ac65, 3d96406]
+2.6.32-upstream-stable: released (2.6.32.23)
+linux-2.6: released (2.6.32-23) [bugfix/all/keys-fix-RCU-no-lock-warning-in-keyctl_session_to_parent.patch, bugfix/all/keys-fix-bug-in-keyctl_session_to_parent-if-parent-has-no-session-keyring.patch]
+2.6.26-lenny-security: N/A
+2.6.32-squeeze-security: released (2.6.32-23) [bugfix/all/keys-fix-RCU-no-lock-warning-in-keyctl_session_to_parent.patch, bugfix/all/keys-fix-bug-in-keyctl_session_to_parent-if-parent-has-no-session-keyring.patch]


Property changes on: retired/CVE-2010-2960
___________________________________________________________________
Added: svn:mergeinfo
   + 

Copied: retired/CVE-2010-3080 (from rev 1978, active/CVE-2010-3080)
===================================================================
--- retired/CVE-2010-3080	                        (rev 0)
+++ retired/CVE-2010-3080	2010-09-30 07:16:53 UTC (rev 1979)
@@ -0,0 +1,14 @@
+Candidate: CVE-2010-3080
+Description:
+References:
+ https://bugzilla.redhat.com/CVE-2010-3080
+ http://git.kernel.org/?p=linux/kernel/git/tiwai/sound-2.6.git;a=commitdiff;h=c598337660c21c0afaa9df5a65bb4a7a0cf15be8
+Notes:
+ CONFIG_SND_SEQUENCER_OSS is not set though, so not an issue for prebuilt kernels"
+Bugs:
+upstream: released (2.6.32-rc4) [27f7ad5]
+2.6.32-upstream-stable: released (2.6.32.22) [alsa-seq-oss-fix-double-free-at-error-path-of-snd_seq_oss_open.patch]
+linux-2.6: released (2.6.32-24)
+2.6.26-lenny-security: released (2.6.26-25lenny1) [alsa-seq-oss-fix-double-free-at-error-path-of-snd_seq_oss_open.patch]
+2.6.32-squeeze-security: released (2.6.32-24)
+


Property changes on: retired/CVE-2010-3080
___________________________________________________________________
Added: svn:mergeinfo
   + 

Copied: retired/CVE-2010-3081 (from rev 1978, active/CVE-2010-3081)
===================================================================
--- retired/CVE-2010-3081	                        (rev 0)
+++ retired/CVE-2010-3081	2010-09-30 07:16:53 UTC (rev 1979)
@@ -0,0 +1,12 @@
+Candidate: CVE-2010-3081
+Description:
+References:
+ http://sota.gen.nz/compat1/
+Notes:
+ commit c41d68a
+Bugs:
+upstream: released (2.6.36-rc5) 
+2.6.32-upstream-stable: released (2.6.32.22) [compat-make-compat_alloc_user_space-incorporate-the-access_ok.patch]
+linux-2.6: released (2.6.32-23) [bugfix/all/compat-make-compat_alloc_user_space-incorporate-the-access_ok.patch]
+2.6.26-lenny-security: released (2.6.26-25lenny1) [bugfix/all/compat-make-compat_alloc_user_space-incorporate-the_access_ok.patch]
+2.6.32-squeeze-security: released (2.6.32-23) [bugfix/all/compat-make-compat_alloc_user_space-incorporate-the-access_ok.patch]


Property changes on: retired/CVE-2010-3081
___________________________________________________________________
Added: svn:mergeinfo
   +

More information about the kernel-sec-discuss mailing list