[kernel-sec-discuss] r2497 - active
Dann Frazier
dannf at alioth.debian.org
Sat Sep 17 15:45:22 UTC 2011
Author: dannf
Date: 2011-09-17 15:45:21 +0000 (Sat, 17 Sep 2011)
New Revision: 2497
Modified:
active/CVE-2011-3353
active/CVE-2011-3359
active/CVE-2011-3363
Log:
Mark a few issues N/A for lenny
Modified: active/CVE-2011-3353
===================================================================
--- active/CVE-2011-3353 2011-09-15 14:43:09 UTC (rev 2496)
+++ active/CVE-2011-3353 2011-09-17 15:45:21 UTC (rev 2497)
@@ -8,5 +8,5 @@
upstream:
2.6.32-upstream-stable: released (2.6.32.46) [7b1ef6c0a199bd93899f167f459627dd9421913a]
sid: released (3.0.0-3) [bugfix/all/fuse-check-size-of-fuse_notify_inval_entry-message.patch]
-2.6.26-lenny-security:
+2.6.26-lenny-security: N/A "vulnerable code not present; added in 3b463ae0"
2.6.32-squeeze-security: pending (2.6.32-36) [bugfix/all/stable/2.6.32.46.patch]
Modified: active/CVE-2011-3359
===================================================================
--- active/CVE-2011-3359 2011-09-15 14:43:09 UTC (rev 2496)
+++ active/CVE-2011-3359 2011-09-17 15:45:21 UTC (rev 2497)
@@ -1,4 +1,4 @@
-Description: b43: allocate receive buffers big enough for max frame len + offset
+Description: b43: allocate receive buffers big enough for max frame len + offset
References:
https://bugzilla.redhat.com/show_bug.cgi?id=738202
https://bugzilla.kernel.org/show_bug.cgi?id=32042
@@ -7,5 +7,5 @@
upstream: released (2.6.39) [c85ce65ecac078ab1a1835c87c4a6319cf74660a]
2.6.32-upstream-stable: released (2.6.32.37)
sid: released (2.6.39-1)
-2.6.26-lenny-security: needed
+2.6.26-lenny-security: N/A "2.6.26 doesn't look vulnerable; it used a 2404 byte buffer which was later trimmed down to 2352 in 8eccb53f1b. The upstream fix was to bump the 2352 buffer to 2382 - so our 2404 should still be ok"
2.6.32-squeeze-security: released (2.6.32-34)
Modified: active/CVE-2011-3363
===================================================================
--- active/CVE-2011-3363 2011-09-15 14:43:09 UTC (rev 2496)
+++ active/CVE-2011-3363 2011-09-17 15:45:21 UTC (rev 2497)
@@ -6,5 +6,5 @@
upstream: released (2.6.39) [70945643722ffeac779d2529a348f99567fa5c33]
2.6.32-upstream-stable: released (2.6.32.39)
sid: released (2.6.39-1)
-2.6.26-lenny-security:
+2.6.26-lenny-security: N/A "Remote DFS root support wasn't added until 1bfe73c2"
2.6.32-squeeze-security: released (2.6.32-34)
More information about the kernel-sec-discuss
mailing list