[kernel-sec-discuss] r1983 - active retired
Moritz Muehlenhoff
jmm at alioth.debian.org
Thu Sep 30 12:08:47 UTC 2010
Author: jmm
Date: 2010-09-30 12:08:32 +0000 (Thu, 30 Sep 2010)
New Revision: 1983
Added:
retired/CVE-2010-2954
retired/CVE-2010-3295
retired/CVE-2010-3298
retired/CVE-2010-3301
Removed:
active/CVE-2010-2954
active/CVE-2010-3295
active/CVE-2010-3298
active/CVE-2010-3301
Log:
retire issues
Deleted: active/CVE-2010-2954
===================================================================
--- active/CVE-2010-2954 2010-09-30 12:06:12 UTC (rev 1982)
+++ active/CVE-2010-2954 2010-09-30 12:08:32 UTC (rev 1983)
@@ -1,12 +0,0 @@
-Candidate: CVE-2010-2954
-Description:
- irda signal NULL dereference crash
-References:
- http://www.spinics.net/lists/netdev/msg139404.html
-Notes:
-Bugs:
-upstream: released (2.6.36-rc4) [628e300]
-2.6.32-upstream-stable: released (2.6.32.23)
-linux-2.6: released (2.6.32-22) [bugfix/all/irda-correctly-clean-up-self-ias_obj-on-irda_bind-failure.patch]
-2.6.26-lenny-security: released (2.6.26-25lenny1) [bugfix/all/irda-correctly-clean-up-self-ias_obj-on-irda_bind-failure.patch]
-2.6.32-squeeze-security: released (2.6.32-22) [bugfix/all/irda-correctly-clean-up-self-ias_obj-on-irda_bind-failure.patch]
Deleted: active/CVE-2010-3295
===================================================================
--- active/CVE-2010-3295 2010-09-30 12:06:12 UTC (rev 1982)
+++ active/CVE-2010-3295 2010-09-30 12:08:32 UTC (rev 1983)
@@ -1,12 +0,0 @@
-Candidate: CVE-2010-3295
-Description: drivers/net/tulip/de4x5.c: reading uninitialized stack memory
-References:
- https://bugzilla.redhat.com/633158
-Notes:
- supposedly not an issue: http://www.openwall.com/lists/oss-security/2010/09/15/2
-Bugs:
-upstream: N/A
-2.6.32-upstream-stable: N/A
-linux-2.6: N/A
-2.6.26-lenny-security: N/A
-2.6.32-squeeze-security: N/A
Deleted: active/CVE-2010-3298
===================================================================
--- active/CVE-2010-3298 2010-09-30 12:06:12 UTC (rev 1982)
+++ active/CVE-2010-3298 2010-09-30 12:08:32 UTC (rev 1983)
@@ -1,13 +0,0 @@
-Candidate: cve-2010-3298
-Description: drivers/net/usb/hso.c: reading uninitialized memory
-References:
- https://bugzilla.redhat.com/633140
-Notes:
- jmm> 7011e660938fc44ed86319c18a5954e95a82ab3e
- jmm>
-Bugs:
-upstream: released (2.6.36-rc5)
-2.6.32-upstream-stable: released (2.6.32.23)
-linux-2.6: released (2.6.32-24)
-2.6.26-lenny-security: N/A (Driver introduced in 2.6.27)
-2.6.32-squeeze-security: released (2.6.32-24)
Deleted: active/CVE-2010-3301
===================================================================
--- active/CVE-2010-3301 2010-09-30 12:06:12 UTC (rev 1982)
+++ active/CVE-2010-3301 2010-09-30 12:08:32 UTC (rev 1983)
@@ -1,12 +0,0 @@
-Candidate: CVE-2010-3301
-Description:
-References:
- http://sota.gen.nz/compat2/
-Notes:
- poc: http://sota.gen.nz/compat2/robert_you_suck.c
-Bugs:
-upstream: released (2.6.35-rc5) [36d001c, eefdca0]
-2.6.32-upstream-stable: released (2.6.32.22) [x86-64-compat-test-rax-for-the-syscall-number-not-eax.patch, x86-64-compat-retruncate-rax-after-ia32-syscall-entry-tracing.patch]
-linux-2.6: released (2.6.32-23) [bugfix/x86/compat-test-rax-for-the-syscall-number-not-eax.patch, bugfix/x86/compat-retruncate-rax-after-ia32-syscall-entry-tracing.patch]
-2.6.26-lenny-security: N/A "issue (re-)introduced in 2.6.27 by d4d6715"
-2.6.32-squeeze-security: released (2.6.32-23) [bugfix/x86/compat-test-rax-for-the-syscall-number-not-eax.patch, bugfix/x86/compat-retruncate-rax-after-ia32-syscall-entry-tracing.patch]
Copied: retired/CVE-2010-2954 (from rev 1982, active/CVE-2010-2954)
===================================================================
--- retired/CVE-2010-2954 (rev 0)
+++ retired/CVE-2010-2954 2010-09-30 12:08:32 UTC (rev 1983)
@@ -0,0 +1,12 @@
+Candidate: CVE-2010-2954
+Description:
+ irda signal NULL dereference crash
+References:
+ http://www.spinics.net/lists/netdev/msg139404.html
+Notes:
+Bugs:
+upstream: released (2.6.36-rc4) [628e300]
+2.6.32-upstream-stable: released (2.6.32.23)
+linux-2.6: released (2.6.32-22) [bugfix/all/irda-correctly-clean-up-self-ias_obj-on-irda_bind-failure.patch]
+2.6.26-lenny-security: released (2.6.26-25lenny1) [bugfix/all/irda-correctly-clean-up-self-ias_obj-on-irda_bind-failure.patch]
+2.6.32-squeeze-security: released (2.6.32-22) [bugfix/all/irda-correctly-clean-up-self-ias_obj-on-irda_bind-failure.patch]
Property changes on: retired/CVE-2010-2954
___________________________________________________________________
Added: svn:mergeinfo
+
Copied: retired/CVE-2010-3295 (from rev 1982, active/CVE-2010-3295)
===================================================================
--- retired/CVE-2010-3295 (rev 0)
+++ retired/CVE-2010-3295 2010-09-30 12:08:32 UTC (rev 1983)
@@ -0,0 +1,12 @@
+Candidate: CVE-2010-3295
+Description: drivers/net/tulip/de4x5.c: reading uninitialized stack memory
+References:
+ https://bugzilla.redhat.com/633158
+Notes:
+ supposedly not an issue: http://www.openwall.com/lists/oss-security/2010/09/15/2
+Bugs:
+upstream: N/A
+2.6.32-upstream-stable: N/A
+linux-2.6: N/A
+2.6.26-lenny-security: N/A
+2.6.32-squeeze-security: N/A
Property changes on: retired/CVE-2010-3295
___________________________________________________________________
Added: svn:mergeinfo
+
Copied: retired/CVE-2010-3298 (from rev 1982, active/CVE-2010-3298)
===================================================================
--- retired/CVE-2010-3298 (rev 0)
+++ retired/CVE-2010-3298 2010-09-30 12:08:32 UTC (rev 1983)
@@ -0,0 +1,13 @@
+Candidate: cve-2010-3298
+Description: drivers/net/usb/hso.c: reading uninitialized memory
+References:
+ https://bugzilla.redhat.com/633140
+Notes:
+ jmm> 7011e660938fc44ed86319c18a5954e95a82ab3e
+ jmm>
+Bugs:
+upstream: released (2.6.36-rc5)
+2.6.32-upstream-stable: released (2.6.32.23)
+linux-2.6: released (2.6.32-24)
+2.6.26-lenny-security: N/A (Driver introduced in 2.6.27)
+2.6.32-squeeze-security: released (2.6.32-24)
Property changes on: retired/CVE-2010-3298
___________________________________________________________________
Added: svn:mergeinfo
+
Copied: retired/CVE-2010-3301 (from rev 1982, active/CVE-2010-3301)
===================================================================
--- retired/CVE-2010-3301 (rev 0)
+++ retired/CVE-2010-3301 2010-09-30 12:08:32 UTC (rev 1983)
@@ -0,0 +1,12 @@
+Candidate: CVE-2010-3301
+Description:
+References:
+ http://sota.gen.nz/compat2/
+Notes:
+ poc: http://sota.gen.nz/compat2/robert_you_suck.c
+Bugs:
+upstream: released (2.6.35-rc5) [36d001c, eefdca0]
+2.6.32-upstream-stable: released (2.6.32.22) [x86-64-compat-test-rax-for-the-syscall-number-not-eax.patch, x86-64-compat-retruncate-rax-after-ia32-syscall-entry-tracing.patch]
+linux-2.6: released (2.6.32-23) [bugfix/x86/compat-test-rax-for-the-syscall-number-not-eax.patch, bugfix/x86/compat-retruncate-rax-after-ia32-syscall-entry-tracing.patch]
+2.6.26-lenny-security: N/A "issue (re-)introduced in 2.6.27 by d4d6715"
+2.6.32-squeeze-security: released (2.6.32-23) [bugfix/x86/compat-test-rax-for-the-syscall-number-not-eax.patch, bugfix/x86/compat-retruncate-rax-after-ia32-syscall-entry-tracing.patch]
Property changes on: retired/CVE-2010-3301
___________________________________________________________________
Added: svn:mergeinfo
+
More information about the kernel-sec-discuss
mailing list