[kernel-sec-discuss] r2380 - active retired

Moritz Muehlenhoff jmm at alioth.debian.org
Mon Jun 20 10:20:26 UTC 2011 

Author: jmm
Date: 2011-06-20 10:20:26 +0000 (Mon, 20 Jun 2011)
New Revision: 2380

Added:
   retired/CVE-2011-1169
   retired/CVE-2011-1494
   retired/CVE-2011-1495
Removed:
   active/CVE-2011-1169
   active/CVE-2011-1494
   active/CVE-2011-1495
Log:
retire issues


Deleted: active/CVE-2011-1169
===================================================================
--- active/CVE-2011-1169	2011-06-20 10:19:07 UTC (rev 2379)
+++ active/CVE-2011-1169	2011-06-20 10:20:26 UTC (rev 2380)
@@ -1,11 +0,0 @@
-Candidate: CVE-2011-1169
-Description:
-References:
- http://git.kernel.org/?p=linux/kernel/git/tiwai/sound-2.6.git;a=commit;h=4a122c10fbfe9020df469f0f669da129c5757671
-Notes:
-Bugs:
-upstream: released (2.6.39-rc1)
-2.6.32-upstream-stable: N/A "Driver introduced in 2.6.35"
-sid: released (2.6.38-2)
-2.6.26-lenny-security: N/A "Driver introduced in 2.6.35"
-2.6.32-squeeze-security: N/A "Driver introduced in 2.6.35"

Deleted: active/CVE-2011-1494
===================================================================
--- active/CVE-2011-1494	2011-06-20 10:19:07 UTC (rev 2379)
+++ active/CVE-2011-1494	2011-06-20 10:20:26 UTC (rev 2380)
@@ -1,14 +0,0 @@
-Candidate: CVE-2011-1494
-Description: buffer overflow in mpt2ctl
-References:
- jmm> http://marc.info/?l=linux-scsi&m=130202237006310&w=2
- jmm> The /dev file is owned by root as standard, so shouldn't be an issue
- jmm> for sane installations
- jmm> no upstream fix as of 2011-04-28
-Notes:
-Bugs:
-upstream: released (2.6.39-rc6) [a1f74ae82d133ebb2aabb19d181944b4e83e9960]
-2.6.32-upstream-stable: released (2.6.32.40)
-sid: released (2.6.38-5)
-2.6.26-lenny-security: N/A "code not present"
-2.6.32-squeeze-security: released (2.6.32-34) [bugfix/all/mpt2sas-prevent-heap-overflows-and-unchecked-reads.patch]

Deleted: active/CVE-2011-1495
===================================================================
--- active/CVE-2011-1495	2011-06-20 10:19:07 UTC (rev 2379)
+++ active/CVE-2011-1495	2011-06-20 10:20:26 UTC (rev 2380)
@@ -1,14 +0,0 @@
-Candidate: CVE-2011-1495
-Description: information disclosure in mpt2ctl
-References:
- jmm> http://marc.info/?l=linux-scsi&m=130202237006310&w=2
- jmm> The /dev file is owned by root as standard, so shouldn't be an issue
- jmm> for sane installations
- jmm> no upstream fix as of 2011-04-18
-Notes:
-Bugs:
-upstream: released (2.6.39-rc6) [a1f74ae82d133ebb2aabb19d181944b4e83e9960]
-2.6.32-upstream-stable: released (2.6.32.40)
-sid: released (2.6.38-5)
-2.6.26-lenny-security: N/A "code not present"
-2.6.32-squeeze-security: released (2.6.32-34) [bugfix/all/mpt2sas-prevent-heap-overflows-and-unchecked-reads.patch]

Copied: retired/CVE-2011-1169 (from rev 2378, active/CVE-2011-1169)
===================================================================
--- retired/CVE-2011-1169	                        (rev 0)
+++ retired/CVE-2011-1169	2011-06-20 10:20:26 UTC (rev 2380)
@@ -0,0 +1,11 @@
+Candidate: CVE-2011-1169
+Description:
+References:
+ http://git.kernel.org/?p=linux/kernel/git/tiwai/sound-2.6.git;a=commit;h=4a122c10fbfe9020df469f0f669da129c5757671
+Notes:
+Bugs:
+upstream: released (2.6.39-rc1)
+2.6.32-upstream-stable: N/A "Driver introduced in 2.6.35"
+sid: released (2.6.38-2)
+2.6.26-lenny-security: N/A "Driver introduced in 2.6.35"
+2.6.32-squeeze-security: N/A "Driver introduced in 2.6.35"


Property changes on: retired/CVE-2011-1169
___________________________________________________________________
Added: svn:mergeinfo
   + 

Copied: retired/CVE-2011-1494 (from rev 2378, active/CVE-2011-1494)
===================================================================
--- retired/CVE-2011-1494	                        (rev 0)
+++ retired/CVE-2011-1494	2011-06-20 10:20:26 UTC (rev 2380)
@@ -0,0 +1,14 @@
+Candidate: CVE-2011-1494
+Description: buffer overflow in mpt2ctl
+References:
+ jmm> http://marc.info/?l=linux-scsi&m=130202237006310&w=2
+ jmm> The /dev file is owned by root as standard, so shouldn't be an issue
+ jmm> for sane installations
+ jmm> no upstream fix as of 2011-04-28
+Notes:
+Bugs:
+upstream: released (2.6.39-rc6) [a1f74ae82d133ebb2aabb19d181944b4e83e9960]
+2.6.32-upstream-stable: released (2.6.32.40)
+sid: released (2.6.38-5)
+2.6.26-lenny-security: N/A "code not present"
+2.6.32-squeeze-security: released (2.6.32-34) [bugfix/all/mpt2sas-prevent-heap-overflows-and-unchecked-reads.patch]


Property changes on: retired/CVE-2011-1494
___________________________________________________________________
Added: svn:mergeinfo
   + 

Copied: retired/CVE-2011-1495 (from rev 2378, active/CVE-2011-1495)
===================================================================
--- retired/CVE-2011-1495	                        (rev 0)
+++ retired/CVE-2011-1495	2011-06-20 10:20:26 UTC (rev 2380)
@@ -0,0 +1,14 @@
+Candidate: CVE-2011-1495
+Description: information disclosure in mpt2ctl
+References:
+ jmm> http://marc.info/?l=linux-scsi&m=130202237006310&w=2
+ jmm> The /dev file is owned by root as standard, so shouldn't be an issue
+ jmm> for sane installations
+ jmm> no upstream fix as of 2011-04-18
+Notes:
+Bugs:
+upstream: released (2.6.39-rc6) [a1f74ae82d133ebb2aabb19d181944b4e83e9960]
+2.6.32-upstream-stable: released (2.6.32.40)
+sid: released (2.6.38-5)
+2.6.26-lenny-security: N/A "code not present"
+2.6.32-squeeze-security: released (2.6.32-34) [bugfix/all/mpt2sas-prevent-heap-overflows-and-unchecked-reads.patch]


Property changes on: retired/CVE-2011-1495
___________________________________________________________________
Added: svn:mergeinfo
   +

More information about the kernel-sec-discuss mailing list