[kernel-sec-discuss] r2360 - active retired
Moritz Muehlenhoff
jmm at alioth.debian.org
Mon Jun 20 08:49:49 UTC 2011
Author: jmm
Date: 2011-06-20 08:49:48 +0000 (Mon, 20 Jun 2011)
New Revision: 2360
Added:
retired/CVE-2010-2524
retired/CVE-2010-3875
retired/CVE-2010-4655
Removed:
active/CVE-2010-2524
active/CVE-2010-3875
active/CVE-2010-4655
Log:
retire issues
Deleted: active/CVE-2010-2524
===================================================================
--- active/CVE-2010-2524 2011-06-20 08:49:23 UTC (rev 2359)
+++ active/CVE-2010-2524 2011-06-20 08:49:48 UTC (rev 2360)
@@ -1,12 +0,0 @@
-Candidate: CVE-2010-2524
-Description:
- MS-DFS referrals
-References:
- https://bugzilla.redhat.com/CVE-2010-2524
-Notes:
-Bugs:
-upstream: released (2.6.35) [4c0c03ca54f72fdd5912516ad0a23ec5cf01bda7]
-2.6.32-upstream-stable: released (2.6.32.17) [4ff7ffd]
-sid: released (2.6.32-19) [bugfix/all/stable/2.6.32.17.patch]
-2.6.26-lenny-security: released (2.6.26-26lenny3) [bugfix/all/security-keys-new-key-flag-for-add_key-from-userspace.patch, bugfix/all/fs-cifs-reject-dns-upcall-add_key-req-from-userspace.patch]
-2.6.32-squeeze-security: released (2.6.32-19) [bugfix/all/stable/2.6.32.17.patch]
Deleted: active/CVE-2010-3875
===================================================================
--- active/CVE-2010-3875 2011-06-20 08:49:23 UTC (rev 2359)
+++ active/CVE-2010-3875 2011-06-20 08:49:48 UTC (rev 2360)
@@ -1,12 +0,0 @@
-Candidate: CVE-2010-3875
-Description: ax25 stack disclosure
-References:
- http://marc.info/?l=linux-netdev&m=128854507120898&w2=
-Notes:
- jmm> Initial fix was wrong, needs followup commit 5b919f833d9d60588d026ad82d17f17e8872c7a9
-Bugs:
-upstream: released (2.6.37-rc2) [fe10ae5, 5b919f833d9d60588d026ad82d17f17e8872c7a9]
-2.6.32-upstream-stable: released (2.6.32.39)
-sid: released (2.6.38-1)
-2.6.26-lenny-security: released (2.6.26-26lenny3) [bugfix/all/net-ax25-fix-information-leak-to-userland.patch, bugfix/all/net-ax25-fix-information-leak-to-userland-harder.patch]
-2.6.32-squeeze-security: released (2.6.32-34)
Deleted: active/CVE-2010-4655
===================================================================
--- active/CVE-2010-4655 2011-06-20 08:49:23 UTC (rev 2359)
+++ active/CVE-2010-4655 2011-06-20 08:49:48 UTC (rev 2360)
@@ -1,13 +0,0 @@
-Candidate: CVE-2010-4655
-Description: heap contents leak for CAP_NET_ADMIN via ethtool ioctl
-References:
- http://www.openwall.com/lists/oss-security/2011/01/25/4
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=b00916b189d13a615ff05c9242201135992fcda3
- http://marc.info/?l=linux-kernel&m=129593098003553&w=2 -> b7c7d01aaed1f71d9afe815a569f0a81465a1744
-Notes:
-Bugs:
-upstream: released (2.6.37) [b00916b189d13a615ff05c9242201135992fcda3]
-2.6.32-upstream-stable: released (2.6.32.25)
-sid: released (2.6.37-1)
-2.6.26-lenny-security: released (2.6.26-26lenny3) [bugfix/all/net-clear-heap-allocations-for-privileged-ethtool-actions.patch]
-2.6.32-squeeze-security: released (2.6.32-27)
Copied: retired/CVE-2010-2524 (from rev 2359, active/CVE-2010-2524)
===================================================================
--- retired/CVE-2010-2524 (rev 0)
+++ retired/CVE-2010-2524 2011-06-20 08:49:48 UTC (rev 2360)
@@ -0,0 +1,12 @@
+Candidate: CVE-2010-2524
+Description:
+ MS-DFS referrals
+References:
+ https://bugzilla.redhat.com/CVE-2010-2524
+Notes:
+Bugs:
+upstream: released (2.6.35) [4c0c03ca54f72fdd5912516ad0a23ec5cf01bda7]
+2.6.32-upstream-stable: released (2.6.32.17) [4ff7ffd]
+sid: released (2.6.32-19) [bugfix/all/stable/2.6.32.17.patch]
+2.6.26-lenny-security: released (2.6.26-26lenny3) [bugfix/all/security-keys-new-key-flag-for-add_key-from-userspace.patch, bugfix/all/fs-cifs-reject-dns-upcall-add_key-req-from-userspace.patch]
+2.6.32-squeeze-security: released (2.6.32-19) [bugfix/all/stable/2.6.32.17.patch]
Property changes on: retired/CVE-2010-2524
___________________________________________________________________
Added: svn:mergeinfo
+
Copied: retired/CVE-2010-3875 (from rev 2359, active/CVE-2010-3875)
===================================================================
--- retired/CVE-2010-3875 (rev 0)
+++ retired/CVE-2010-3875 2011-06-20 08:49:48 UTC (rev 2360)
@@ -0,0 +1,12 @@
+Candidate: CVE-2010-3875
+Description: ax25 stack disclosure
+References:
+ http://marc.info/?l=linux-netdev&m=128854507120898&w2=
+Notes:
+ jmm> Initial fix was wrong, needs followup commit 5b919f833d9d60588d026ad82d17f17e8872c7a9
+Bugs:
+upstream: released (2.6.37-rc2) [fe10ae5, 5b919f833d9d60588d026ad82d17f17e8872c7a9]
+2.6.32-upstream-stable: released (2.6.32.39)
+sid: released (2.6.38-1)
+2.6.26-lenny-security: released (2.6.26-26lenny3) [bugfix/all/net-ax25-fix-information-leak-to-userland.patch, bugfix/all/net-ax25-fix-information-leak-to-userland-harder.patch]
+2.6.32-squeeze-security: released (2.6.32-34)
Copied: retired/CVE-2010-4655 (from rev 2359, active/CVE-2010-4655)
===================================================================
--- retired/CVE-2010-4655 (rev 0)
+++ retired/CVE-2010-4655 2011-06-20 08:49:48 UTC (rev 2360)
@@ -0,0 +1,13 @@
+Candidate: CVE-2010-4655
+Description: heap contents leak for CAP_NET_ADMIN via ethtool ioctl
+References:
+ http://www.openwall.com/lists/oss-security/2011/01/25/4
+ http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=b00916b189d13a615ff05c9242201135992fcda3
+ http://marc.info/?l=linux-kernel&m=129593098003553&w=2 -> b7c7d01aaed1f71d9afe815a569f0a81465a1744
+Notes:
+Bugs:
+upstream: released (2.6.37) [b00916b189d13a615ff05c9242201135992fcda3]
+2.6.32-upstream-stable: released (2.6.32.25)
+sid: released (2.6.37-1)
+2.6.26-lenny-security: released (2.6.26-26lenny3) [bugfix/all/net-clear-heap-allocations-for-privileged-ethtool-actions.patch]
+2.6.32-squeeze-security: released (2.6.32-27)
Property changes on: retired/CVE-2010-4655
___________________________________________________________________
Added: svn:mergeinfo
+
More information about the kernel-sec-discuss
mailing list