[kernel-sec-discuss] r3048 - active retired
Moritz Muehlenhoff
jmm at alioth.debian.org
Thu Aug 29 06:27:21 UTC 2013
Author: jmm
Date: 2013-08-29 06:26:59 +0000 (Thu, 29 Aug 2013)
New Revision: 3048
Added:
retired/CVE-2013-1059
retired/CVE-2013-2148
retired/CVE-2013-4163
Removed:
active/CVE-2013-1059
active/CVE-2013-2148
active/CVE-2013-4163
Log:
retire
Deleted: active/CVE-2013-1059
===================================================================
--- active/CVE-2013-1059 2013-08-29 06:25:41 UTC (rev 3047)
+++ active/CVE-2013-1059 2013-08-29 06:26:59 UTC (rev 3048)
@@ -1,12 +0,0 @@
-Description: libceph: Fix NULL pointer dereference in auth client code
-References:
- https://bugzilla.redhat.com/attachment.cgi?id=767633&action=diff
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-1059
-Notes:
-Bugs:
-upstream: released (3.11-rc1) [2cb33cac622afde897aa02d3dcd9fbba8bae839e]
-2.6.32-upstream-stable: N/A "ceph was introduced in 2.6.34"
-sid: released (3.10.1-1)
-3.2-wheezy-security: released (3.2.46-1+deb7u1) [bugfix/all/libceph-Fix-NULL-pointer-dereference-in-auth-client-.patch]
-2.6.32-squeeze-security: N/A "ceph was introduced in 2.6.34"
-3.2-upstream-stable: released (3.2.49)
\ No newline at end of file
Deleted: active/CVE-2013-2148
===================================================================
--- active/CVE-2013-2148 2013-08-29 06:25:41 UTC (rev 3047)
+++ active/CVE-2013-2148 2013-08-29 06:26:59 UTC (rev 3048)
@@ -1,11 +0,0 @@
-Description: stack info leak in fanotify
-References:
- https://lkml.org/lkml/2013/6/3/128
-Notes:
-Bugs:
-upstream: released (3.11-rc1) [de1e0c40aceb9d5bff09c3a3b97b2f1b178af53f]
-2.6.32-upstream-stable: N/A "fanotify introduced in 2.6.36"
-sid: released (3.9.8-1)
-3.2-wheezy-security: released (3.2.46-1+deb7u1) [bugfix/all/fanotify-info-leak-in-copy_event_to_user.patch]
-2.6.32-squeeze-security: N/A "fanotify introduced in 2.6.36"
-3.2-upstream-stable: released (3.2.50)
Deleted: active/CVE-2013-4163
===================================================================
--- active/CVE-2013-4163 2013-08-29 06:25:41 UTC (rev 3047)
+++ active/CVE-2013-4163 2013-08-29 06:26:59 UTC (rev 3048)
@@ -1,13 +0,0 @@
-Description: net: panic while appending data to a corked IPv6 socket in ip6_append_data_mtu
-References:
-Notes:
- jmm> This was introduced upstream in 3.5, but 0c1833797a5a6ec23ea9261d979aa18078720b74 was
- jmm> merged into 3.2.20, so Wheezy and 3.2.x LTS are affected
- jmm> Fixed in 3.10.4
-Bugs:
-upstream: released (3.11-rc1) [75a493e60ac4bbe2e977e7129d6d8cbb0dd236be]
-2.6.32-upstream-stable: N/A "Introduced with 0c1833797a5a6ec23ea9261d979aa18078720b74"
-sid: released (3.10.5-1)
-3.2-wheezy-security: released (3.2.46-1+deb7u1) [bugfix/all/ipv6-ip6_append_data_mtu-did-not-care-about-pmtudisc.patch]
-2.6.32-squeeze-security: N/A "Introduced with 0c1833797a5a6ec23ea9261d979aa18078720b74"
-3.2-upstream-stable: released (3.2.50)
Copied: retired/CVE-2013-1059 (from rev 3047, active/CVE-2013-1059)
===================================================================
--- retired/CVE-2013-1059 (rev 0)
+++ retired/CVE-2013-1059 2013-08-29 06:26:59 UTC (rev 3048)
@@ -0,0 +1,12 @@
+Description: libceph: Fix NULL pointer dereference in auth client code
+References:
+ https://bugzilla.redhat.com/attachment.cgi?id=767633&action=diff
+ https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-1059
+Notes:
+Bugs:
+upstream: released (3.11-rc1) [2cb33cac622afde897aa02d3dcd9fbba8bae839e]
+2.6.32-upstream-stable: N/A "ceph was introduced in 2.6.34"
+sid: released (3.10.1-1)
+3.2-wheezy-security: released (3.2.46-1+deb7u1) [bugfix/all/libceph-Fix-NULL-pointer-dereference-in-auth-client-.patch]
+2.6.32-squeeze-security: N/A "ceph was introduced in 2.6.34"
+3.2-upstream-stable: released (3.2.49)
\ No newline at end of file
Property changes on: retired/CVE-2013-1059
___________________________________________________________________
Added: svn:mergeinfo
+
Copied: retired/CVE-2013-2148 (from rev 3047, active/CVE-2013-2148)
===================================================================
--- retired/CVE-2013-2148 (rev 0)
+++ retired/CVE-2013-2148 2013-08-29 06:26:59 UTC (rev 3048)
@@ -0,0 +1,11 @@
+Description: stack info leak in fanotify
+References:
+ https://lkml.org/lkml/2013/6/3/128
+Notes:
+Bugs:
+upstream: released (3.11-rc1) [de1e0c40aceb9d5bff09c3a3b97b2f1b178af53f]
+2.6.32-upstream-stable: N/A "fanotify introduced in 2.6.36"
+sid: released (3.9.8-1)
+3.2-wheezy-security: released (3.2.46-1+deb7u1) [bugfix/all/fanotify-info-leak-in-copy_event_to_user.patch]
+2.6.32-squeeze-security: N/A "fanotify introduced in 2.6.36"
+3.2-upstream-stable: released (3.2.50)
Property changes on: retired/CVE-2013-2148
___________________________________________________________________
Added: svn:mergeinfo
+
Copied: retired/CVE-2013-4163 (from rev 3047, active/CVE-2013-4163)
===================================================================
--- retired/CVE-2013-4163 (rev 0)
+++ retired/CVE-2013-4163 2013-08-29 06:26:59 UTC (rev 3048)
@@ -0,0 +1,13 @@
+Description: net: panic while appending data to a corked IPv6 socket in ip6_append_data_mtu
+References:
+Notes:
+ jmm> This was introduced upstream in 3.5, but 0c1833797a5a6ec23ea9261d979aa18078720b74 was
+ jmm> merged into 3.2.20, so Wheezy and 3.2.x LTS are affected
+ jmm> Fixed in 3.10.4
+Bugs:
+upstream: released (3.11-rc1) [75a493e60ac4bbe2e977e7129d6d8cbb0dd236be]
+2.6.32-upstream-stable: N/A "Introduced with 0c1833797a5a6ec23ea9261d979aa18078720b74"
+sid: released (3.10.5-1)
+3.2-wheezy-security: released (3.2.46-1+deb7u1) [bugfix/all/ipv6-ip6_append_data_mtu-did-not-care-about-pmtudisc.patch]
+2.6.32-squeeze-security: N/A "Introduced with 0c1833797a5a6ec23ea9261d979aa18078720b74"
+3.2-upstream-stable: released (3.2.50)
Property changes on: retired/CVE-2013-4163
___________________________________________________________________
Added: svn:mergeinfo
+
More information about the kernel-sec-discuss
mailing list