[kernel-sec-discuss] r2722 - active
Moritz Muehlenhoff
jmm at alioth.debian.org
Fri Jul 20 13:45:32 UTC 2012
Author: jmm
Date: 2012-07-20 13:45:31 +0000 (Fri, 20 Jul 2012)
New Revision: 2722
Modified:
active/CVE-2011-1747
active/CVE-2012-2119
active/CVE-2012-2137
active/CVE-2012-2372
active/CVE-2012-3364
Log:
multiple updates
Modified: active/CVE-2011-1747
===================================================================
--- active/CVE-2011-1747 2012-07-19 02:56:38 UTC (rev 2721)
+++ active/CVE-2011-1747 2012-07-20 13:45:31 UTC (rev 2722)
@@ -10,6 +10,7 @@
> (faked) process."
References:
Notes:
+ jmm> This can only be triggered by root-equivalent privileges
Bugs:
upstream: needed "no upstream fix as of 2011.08.08"
2.6.32-upstream-stable: needed "no upstream fix as of 2011.06.20"
Modified: active/CVE-2012-2119
===================================================================
--- active/CVE-2012-2119 2012-07-19 02:56:38 UTC (rev 2721)
+++ active/CVE-2012-2119 2012-07-20 13:45:31 UTC (rev 2722)
@@ -4,7 +4,7 @@
Notes:
Bugs:
upstream: released (3.5-rc1) [b92946e2919134ebe2a4083e4302236295ea2a73]
-2.6.32-upstream-stable:
+2.6.32-upstream-stable: N/A "zerocopy wasn't added until 3.1-rc1"
sid: released (3.2.20-1)
2.6.32-squeeze-security: N/A "zerocopy wasn't added until 3.1-rc1"
3.2-upstream-stable:
Modified: active/CVE-2012-2137
===================================================================
--- active/CVE-2012-2137 2012-07-19 02:56:38 UTC (rev 2721)
+++ active/CVE-2012-2137 2012-07-20 13:45:31 UTC (rev 2722)
@@ -3,7 +3,7 @@
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2137
Notes:
Bugs:
-upstream:
+upstream: released (3.5-rc2) [f2ebd422f71cda9c791f76f85d2ca102ae34a1ed]
2.6.32-upstream-stable: N/A "code introduced in 2.6.33"
sid: released (3.2.20-1)
2.6.32-squeeze-security: N/A "code introduced in 2.6.33"
Modified: active/CVE-2012-2372
===================================================================
--- active/CVE-2012-2372 2012-07-19 02:56:38 UTC (rev 2721)
+++ active/CVE-2012-2372 2012-07-20 13:45:31 UTC (rev 2722)
@@ -2,6 +2,8 @@
References:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2372
Notes:
+ jmm> This could be a0c6ffbcfe600606b2d913dded4dc6b37b3bbbfd, but should be
+ jmm> double-checked
Bugs:
upstream:
2.6.32-upstream-stable:
Modified: active/CVE-2012-3364
===================================================================
--- active/CVE-2012-3364 2012-07-19 02:56:38 UTC (rev 2721)
+++ active/CVE-2012-3364 2012-07-20 13:45:31 UTC (rev 2722)
@@ -3,7 +3,7 @@
http://marc.info/?l=linux-kernel&m=134030878917784&w=2
Notes:
Bugs:
-upstream: needed
+upstream: released (3.5-rc5) [67de956ff5dc1d4f321e16cfbd63f5be3b691b43]
2.6.32-upstream-stable: N/A "Vulnerable code not present"
sid: pending (3.2.23-1)
2.6.32-squeeze-security: N/A "Vulnerable code not present"
More information about the kernel-sec-discuss
mailing list