[kernel-sec-discuss] r2896 - active retired
Ben Hutchings
benh at alioth.debian.org
Tue Apr 2 03:35:44 UTC 2013
Author: benh
Date: 2013-04-02 03:35:22 +0000 (Tue, 02 Apr 2013)
New Revision: 2896
Added:
retired/CVE-2013-2546
Removed:
active/CVE-2013-2546
Log:
Mark CVE-2013-2546 as not affecting 2.6.32/squeeze, and retire
Deleted: active/CVE-2013-2546
===================================================================
--- active/CVE-2013-2546 2013-04-02 01:55:13 UTC (rev 2895)
+++ active/CVE-2013-2546 2013-04-02 03:35:22 UTC (rev 2896)
@@ -1,12 +0,0 @@
-References:
- http://seclists.org/oss-sec/2013/q1/598
-Description: information leak in crypto API
-Notes:
- jmm> This ID is about
- jmm> The structures used for the netlink based crypto algorithm report API are located on the stack. As snprintf() does not fill the remainder of the buffer with null bytes, those stack bytes will be disclosed to users of the API. Switch to strncpy() to fix this.
-Bugs:
-upstream: released (3.9-rc1) [9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6]
-2.6.32-upstream-stable:
-sid: released (3.2.41-1)
-2.6.32-squeeze-security:
-3.2-upstream-stable: released (3.2.41) [crypto-user-fix-info-leaks-in-report-api.patch]
Copied: retired/CVE-2013-2546 (from rev 2886, active/CVE-2013-2546)
===================================================================
--- retired/CVE-2013-2546 (rev 0)
+++ retired/CVE-2013-2546 2013-04-02 03:35:22 UTC (rev 2896)
@@ -0,0 +1,12 @@
+References:
+ http://seclists.org/oss-sec/2013/q1/598
+Description: information leak in crypto API
+Notes:
+ jmm> This ID is about
+ jmm> The structures used for the netlink based crypto algorithm report API are located on the stack. As snprintf() does not fill the remainder of the buffer with null bytes, those stack bytes will be disclosed to users of the API. Switch to strncpy() to fix this.
+Bugs:
+upstream: released (3.9-rc1) [9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6]
+2.6.32-upstream-stable: N/A "introduced in 3.2 commit a38f7907b926 etc."
+sid: released (3.2.41-1)
+2.6.32-squeeze-security: N/A "introduced in 3.2 commit a38f7907b926 etc."
+3.2-upstream-stable: released (3.2.41) [crypto-user-fix-info-leaks-in-report-api.patch]
More information about the kernel-sec-discuss
mailing list