[kernel-sec-discuss] r2897 - active retired

Ben Hutchings benh at alioth.debian.org
Tue Apr 2 03:40:01 UTC 2013


Author: benh
Date: 2013-04-02 03:39:39 +0000 (Tue, 02 Apr 2013)
New Revision: 2897

Added:
   retired/CVE-2013-2547
   retired/CVE-2013-2548
Removed:
   active/CVE-2013-2547
   active/CVE-2013-2548
Log:
Mark CVE-2013-254{7,8} as not affecting 2.6.32/squeeze, and retire

Deleted: active/CVE-2013-2547
===================================================================
--- active/CVE-2013-2547	2013-04-02 03:35:22 UTC (rev 2896)
+++ active/CVE-2013-2547	2013-04-02 03:39:39 UTC (rev 2897)
@@ -1,12 +0,0 @@
-References:
- http://seclists.org/oss-sec/2013/q1/598
-Description: information leak in crypto API
-Notes:
- jmm> This ID is about
- jmm> crypto_report_one() does not initialize all field of struct crypto_user_alg. Fix this to fix the heap info leak. 
-Bugs:
-upstream: released (3.9-rc1) [9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6]
-2.6.32-upstream-stable: 
-sid: released (3.2.41-1)
-2.6.32-squeeze-security:
-3.2-upstream-stable: released (3.2.41) [crypto-user-fix-info-leaks-in-report-api.patch]

Deleted: active/CVE-2013-2548
===================================================================
--- active/CVE-2013-2548	2013-04-02 03:35:22 UTC (rev 2896)
+++ active/CVE-2013-2548	2013-04-02 03:39:39 UTC (rev 2897)
@@ -1,12 +0,0 @@
-References:
- http://seclists.org/oss-sec/2013/q1/598
-Description: information leak in crypto API
-Notes:
- jmm> This ID is about
- jmm> For the module name we should copy only as many bytes as module_name() returns -- not as much as the destination buffer could hold. But the current code does not and therefore copies random data from behind the end of the module name, as the module name is always shorter than CRYPTO_MAX_ALG_NAME.
-Bugs:
-upstream: released (3.9-rc1) [9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6]
-2.6.32-upstream-stable: 
-sid: released (3.2.41-1)
-2.6.32-squeeze-security:
-3.2-upstream-stable: released (3.2.41) [crypto-user-fix-info-leaks-in-report-api.patch]
\ No newline at end of file

Copied: retired/CVE-2013-2547 (from rev 2886, active/CVE-2013-2547)
===================================================================
--- retired/CVE-2013-2547	                        (rev 0)
+++ retired/CVE-2013-2547	2013-04-02 03:39:39 UTC (rev 2897)
@@ -0,0 +1,12 @@
+References:
+ http://seclists.org/oss-sec/2013/q1/598
+Description: information leak in crypto API
+Notes:
+ jmm> This ID is about
+ jmm> crypto_report_one() does not initialize all field of struct crypto_user_alg. Fix this to fix the heap info leak. 
+Bugs:
+upstream: released (3.9-rc1) [9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6]
+2.6.32-upstream-stable: N/A "introduced in 3.2 commit a38f7907b926"
+sid: released (3.2.41-1)
+2.6.32-squeeze-security: N/A "introduced in 3.2 commit a38f7907b926"
+3.2-upstream-stable: released (3.2.41) [crypto-user-fix-info-leaks-in-report-api.patch]

Copied: retired/CVE-2013-2548 (from rev 2886, active/CVE-2013-2548)
===================================================================
--- retired/CVE-2013-2548	                        (rev 0)
+++ retired/CVE-2013-2548	2013-04-02 03:39:39 UTC (rev 2897)
@@ -0,0 +1,12 @@
+References:
+ http://seclists.org/oss-sec/2013/q1/598
+Description: information leak in crypto API
+Notes:
+ jmm> This ID is about
+ jmm> For the module name we should copy only as many bytes as module_name() returns -- not as much as the destination buffer could hold. But the current code does not and therefore copies random data from behind the end of the module name, as the module name is always shorter than CRYPTO_MAX_ALG_NAME.
+Bugs:
+upstream: released (3.9-rc1) [9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6]
+2.6.32-upstream-stable: N/A "introduced in 3.2 commit a38f7907b926"
+sid: released (3.2.41-1)
+2.6.32-squeeze-security: N/A "introduced in 3.2 commit a38f7907b926"
+3.2-upstream-stable: released (3.2.41) [crypto-user-fix-info-leaks-in-report-api.patch]
\ No newline at end of file




More information about the kernel-sec-discuss mailing list