[kernel-sec-discuss] r2896 - active retired

Ben Hutchings benh at alioth.debian.org
Tue Apr 2 03:35:44 UTC 2013


Author: benh
Date: 2013-04-02 03:35:22 +0000 (Tue, 02 Apr 2013)
New Revision: 2896

Added:
   retired/CVE-2013-2546
Removed:
   active/CVE-2013-2546
Log:
Mark CVE-2013-2546 as not affecting 2.6.32/squeeze, and retire

Deleted: active/CVE-2013-2546
===================================================================
--- active/CVE-2013-2546	2013-04-02 01:55:13 UTC (rev 2895)
+++ active/CVE-2013-2546	2013-04-02 03:35:22 UTC (rev 2896)
@@ -1,12 +0,0 @@
-References:
- http://seclists.org/oss-sec/2013/q1/598
-Description: information leak in crypto API
-Notes:
- jmm> This ID is about
- jmm> The structures used for the netlink based crypto algorithm report API are located on the stack. As snprintf() does not fill the remainder of the buffer with null bytes, those stack bytes will be disclosed to users of the API. Switch to strncpy() to fix this.
-Bugs:
-upstream: released (3.9-rc1) [9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6]
-2.6.32-upstream-stable: 
-sid: released (3.2.41-1)
-2.6.32-squeeze-security:
-3.2-upstream-stable: released (3.2.41) [crypto-user-fix-info-leaks-in-report-api.patch]

Copied: retired/CVE-2013-2546 (from rev 2886, active/CVE-2013-2546)
===================================================================
--- retired/CVE-2013-2546	                        (rev 0)
+++ retired/CVE-2013-2546	2013-04-02 03:35:22 UTC (rev 2896)
@@ -0,0 +1,12 @@
+References:
+ http://seclists.org/oss-sec/2013/q1/598
+Description: information leak in crypto API
+Notes:
+ jmm> This ID is about
+ jmm> The structures used for the netlink based crypto algorithm report API are located on the stack. As snprintf() does not fill the remainder of the buffer with null bytes, those stack bytes will be disclosed to users of the API. Switch to strncpy() to fix this.
+Bugs:
+upstream: released (3.9-rc1) [9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6]
+2.6.32-upstream-stable: N/A "introduced in 3.2 commit a38f7907b926 etc."
+sid: released (3.2.41-1)
+2.6.32-squeeze-security: N/A "introduced in 3.2 commit a38f7907b926 etc."
+3.2-upstream-stable: released (3.2.41) [crypto-user-fix-info-leaks-in-report-api.patch]




More information about the kernel-sec-discuss mailing list