[kernel-sec-discuss] r3185 - active retired
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Mon Dec 16 08:00:17 UTC 2013
Author: jmm
Date: 2013-12-16 07:59:13 +0000 (Mon, 16 Dec 2013)
New Revision: 3185
Added:
retired/CVE-2013-2164
retired/CVE-2013-2206
retired/CVE-2013-2232
retired/CVE-2013-2234
retired/CVE-2013-2237
retired/CVE-2013-2852
retired/CVE-2013-2888
retired/CVE-2013-2892
Removed:
active/CVE-2013-2164
active/CVE-2013-2206
active/CVE-2013-2232
active/CVE-2013-2234
active/CVE-2013-2237
active/CVE-2013-2852
active/CVE-2013-2888
active/CVE-2013-2892
Log:
retire issues (these are submitted for 2.6.32.x, but progress
is very sluggish, no need to wait)
Deleted: active/CVE-2013-2164
===================================================================
--- active/CVE-2013-2164 2013-12-16 07:52:59 UTC (rev 3184)
+++ active/CVE-2013-2164 2013-12-16 07:59:13 UTC (rev 3185)
@@ -1,12 +0,0 @@
-Description: block information leak
-References:
- http://www.openwall.com/lists/oss-security/2013/06/06/3
- http://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git/commit/drivers/cdrom/cdrom.c?id=050e4b8fb7cdd7096c987a9cd556029c622c7fe2
-Notes:
-Bugs:
-upstream: released (3.11-rc1) [542db01579fbb7ea7d1f7bb9ddcef1559df660b2]
-2.6.32-upstream-stable: pending (2.6.32.62)
-sid: released (3.9.8-1)
-3.2-wheezy-security: released (3.2.46-1+deb7u1) [bugfix/all/drivers-cdrom-cdrom.c-use-kzalloc-for-failing-hardwa.patch]
-2.6.32-squeeze-security: released (2.6.32-48squeeze4) [bugfix/all/cdrom-use-kzalloc-for-failing-hw.patch]
-3.2-upstream-stable: released (3.2.49)
Deleted: active/CVE-2013-2206
===================================================================
--- active/CVE-2013-2206 2013-12-16 07:52:59 UTC (rev 3184)
+++ active/CVE-2013-2206 2013-12-16 07:59:13 UTC (rev 3185)
@@ -1,10 +0,0 @@
-Description: sctp: duplicate cookie handling NULL pointer dereference
-References:
-Notes:
-Bugs:
-upstream: released (3.9) [f2815633504b442ca0b0605c16bf3d88a3a0fcea]
-2.6.32-upstream-stable: pending (2.6.32.62)
-sid: released (3.9.4-1)
-3.2-wheezy-security: released (3.2.46-1
-2.6.32-squeeze-security: released (2.6.32-48squeeze4) [bugfix/all/sctp-duplicate-cookie-handling-null-pointer-deref.patch]
-3.2-upstream-stable: released (3.2.42)
Deleted: active/CVE-2013-2232
===================================================================
--- active/CVE-2013-2232 2013-12-16 07:52:59 UTC (rev 3184)
+++ active/CVE-2013-2232 2013-12-16 07:59:13 UTC (rev 3185)
@@ -1,10 +0,0 @@
-Description: ipv6: ip6_sk_dst_check() must not assume ipv6 dst
-References:
-Notes:
-Bugs:
-upstream: released (3.10) [a963a37d384d71ad43b3e9e79d68d42fbe0901f3]
-2.6.32-upstream-stable: pending (2.6.32.62)
-sid: released (3.10.1-1)
-3.2-wheezy-security: released (3.2.46-1+deb7u1) [bugfix/all/ipv6-ip6_sk_dst_check-must-not-assume-ipv6-dst.patch]
-2.6.32-squeeze-security: released (2.6.32-48squeeze4) [bugfix/all/ipv6-ipv6_sk_dst_check_must-not-assume-ipv6-dst.patch]
-3.2-upstream-stable: released (3.2.50)
Deleted: active/CVE-2013-2234
===================================================================
--- active/CVE-2013-2234 2013-12-16 07:52:59 UTC (rev 3184)
+++ active/CVE-2013-2234 2013-12-16 07:59:13 UTC (rev 3185)
@@ -1,10 +0,0 @@
-Description: af_key: fix info leaks in notify messages
-References:
-Notes:
-Bugs:
-upstream: released (3.10) [a5cc68f3d63306d0d288f31edfc2ae6ef8ecd887]
-2.6.32-upstream-stable: pending (2.6.32.62)
-sid: released (3.10.1-1)
-3.2-wheezy-security: released (3.2.46-1+deb7u1) [bugfix/all/af_key-fix-info-leaks-in-notify-messages.patch]
-2.6.32-squeeze-security: released (2.6.32-48squeeze4) [bugfix/all/af_key-fix-info-leaks-in-notify-msgs.patch]
-3.2-upstream-stable: released (3.2.50)
Deleted: active/CVE-2013-2237
===================================================================
--- active/CVE-2013-2237 2013-12-16 07:52:59 UTC (rev 3184)
+++ active/CVE-2013-2237 2013-12-16 07:59:13 UTC (rev 3185)
@@ -1,10 +0,0 @@
-Description: another info leak in af_key
-References:
-Notes:
-Bugs:
-upstream: released (3.9) [85dfb745ee40232876663ae206cba35f24ab2a40]
-2.6.32-upstream-stable: pending (2.6.32.62)
-sid: released (3.9.4-1)
-3.2-wheezy-security: released (3.2.46-1+deb7u1) [bugfix/all/af_key-initialize-satype-in-key_notify_policy_flush.patch]
-2.6.32-squeeze-security: released (2.6.32-48squeeze4) [bugfix/all/af_key-initialize-sa_type-in-key_notify_policy_flush.patch]
-3.2-upstream-stable: released (3.2.51)
Deleted: active/CVE-2013-2852
===================================================================
--- active/CVE-2013-2852 2013-12-16 07:52:59 UTC (rev 3184)
+++ active/CVE-2013-2852 2013-12-16 07:59:13 UTC (rev 3185)
@@ -1,10 +0,0 @@
-Description: b43: format string leaking into error msgs
-References:
-Notes:
-Bugs:
-upstream: released (3.10-rc6) [e0e29b683d6784ef59bbc914eac85a04b650e63c]
-2.6.32-upstream-stable: pending (2.6.32.62)
-sid: released (3.9.8-1)
-3.2-wheezy-security: released (3.2.46-1+deb7u1) [bugfix/all/b43-stop-format-string-leaking-into-error-msgs.patch]
-2.6.32-squeeze-security: released (2.6.32-48squeeze4) [bugfix/all/b43-stop-formatstring-leak.patch]
-3.2-upstream-stable: released (3.2.47)
Deleted: active/CVE-2013-2888
===================================================================
--- active/CVE-2013-2888 2013-12-16 07:52:59 UTC (rev 3184)
+++ active/CVE-2013-2888 2013-12-16 07:59:13 UTC (rev 3185)
@@ -1,13 +0,0 @@
-Description: HID arbitrary heap write
-References:
- http://marc.info/?l=linux-input&m=137772180514608&w=1
-Notes:
- in addion Kees recommends the followin defensive patch:
- http://marc.info/?t=137772196600012&r=1&w=1
-Bugs:
-upstream: released (3.12-rc1) [43622021d2e2b82ea03d883926605bdd0525e1d1, be67b68d52fa28b9b721c47bb42068f0c1214855]
-2.6.32-upstream-stable: pending (2.6.32.62)
-sid: released (3.10.11-1)
-3.2-wheezy-security: released (3.2.51-1)
-2.6.32-squeeze-security: released (2.6.32-48squeeze4) [bugfix/all/hid-check-for-null-when-setting-values.patch, bugfix/all/hid-validate-report-id-size.patch]
-3.2-upstream-stable: released (3.2.52)
\ No newline at end of file
Deleted: active/CVE-2013-2892
===================================================================
--- active/CVE-2013-2892 2013-12-16 07:52:59 UTC (rev 3184)
+++ active/CVE-2013-2892 2013-12-16 07:59:13 UTC (rev 3185)
@@ -1,11 +0,0 @@
-Description: pantherlord local DoS through zeroing out too much
-References:
- http://marc.info/?l=linux-input&m=137772185414625&w=1
-Notes:
-Bugs:
-upstream: released (3.12-rc1) [412f30105ec6735224535791eed5cdc02888ecb4]
-2.6.32-upstream-stable: pending (2.6.32.62)
-sid: released (3.10.11-1)
-3.2-wheezy-security: released (3.2.51-1)
-2.6.32-squeeze-security: released (2.6.32-48squeeze4) [bugfix/all/HID-pantherlord-validate-output-report-details.patch]
-3.2-upstream-stable: released (3.2.52)
Copied: retired/CVE-2013-2164 (from rev 3179, active/CVE-2013-2164)
===================================================================
--- retired/CVE-2013-2164 (rev 0)
+++ retired/CVE-2013-2164 2013-12-16 07:59:13 UTC (rev 3185)
@@ -0,0 +1,12 @@
+Description: block information leak
+References:
+ http://www.openwall.com/lists/oss-security/2013/06/06/3
+ http://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git/commit/drivers/cdrom/cdrom.c?id=050e4b8fb7cdd7096c987a9cd556029c622c7fe2
+Notes:
+Bugs:
+upstream: released (3.11-rc1) [542db01579fbb7ea7d1f7bb9ddcef1559df660b2]
+2.6.32-upstream-stable: pending (2.6.32.62)
+sid: released (3.9.8-1)
+3.2-wheezy-security: released (3.2.46-1+deb7u1) [bugfix/all/drivers-cdrom-cdrom.c-use-kzalloc-for-failing-hardwa.patch]
+2.6.32-squeeze-security: released (2.6.32-48squeeze4) [bugfix/all/cdrom-use-kzalloc-for-failing-hw.patch]
+3.2-upstream-stable: released (3.2.49)
Property changes on: retired/CVE-2013-2164
___________________________________________________________________
Added: svn:mergeinfo
+
Copied: retired/CVE-2013-2206 (from rev 3179, active/CVE-2013-2206)
===================================================================
--- retired/CVE-2013-2206 (rev 0)
+++ retired/CVE-2013-2206 2013-12-16 07:59:13 UTC (rev 3185)
@@ -0,0 +1,10 @@
+Description: sctp: duplicate cookie handling NULL pointer dereference
+References:
+Notes:
+Bugs:
+upstream: released (3.9) [f2815633504b442ca0b0605c16bf3d88a3a0fcea]
+2.6.32-upstream-stable: pending (2.6.32.62)
+sid: released (3.9.4-1)
+3.2-wheezy-security: released (3.2.46-1
+2.6.32-squeeze-security: released (2.6.32-48squeeze4) [bugfix/all/sctp-duplicate-cookie-handling-null-pointer-deref.patch]
+3.2-upstream-stable: released (3.2.42)
Property changes on: retired/CVE-2013-2206
___________________________________________________________________
Added: svn:mergeinfo
+
Copied: retired/CVE-2013-2232 (from rev 3179, active/CVE-2013-2232)
===================================================================
--- retired/CVE-2013-2232 (rev 0)
+++ retired/CVE-2013-2232 2013-12-16 07:59:13 UTC (rev 3185)
@@ -0,0 +1,10 @@
+Description: ipv6: ip6_sk_dst_check() must not assume ipv6 dst
+References:
+Notes:
+Bugs:
+upstream: released (3.10) [a963a37d384d71ad43b3e9e79d68d42fbe0901f3]
+2.6.32-upstream-stable: pending (2.6.32.62)
+sid: released (3.10.1-1)
+3.2-wheezy-security: released (3.2.46-1+deb7u1) [bugfix/all/ipv6-ip6_sk_dst_check-must-not-assume-ipv6-dst.patch]
+2.6.32-squeeze-security: released (2.6.32-48squeeze4) [bugfix/all/ipv6-ipv6_sk_dst_check_must-not-assume-ipv6-dst.patch]
+3.2-upstream-stable: released (3.2.50)
Property changes on: retired/CVE-2013-2232
___________________________________________________________________
Added: svn:mergeinfo
+
Copied: retired/CVE-2013-2234 (from rev 3179, active/CVE-2013-2234)
===================================================================
--- retired/CVE-2013-2234 (rev 0)
+++ retired/CVE-2013-2234 2013-12-16 07:59:13 UTC (rev 3185)
@@ -0,0 +1,10 @@
+Description: af_key: fix info leaks in notify messages
+References:
+Notes:
+Bugs:
+upstream: released (3.10) [a5cc68f3d63306d0d288f31edfc2ae6ef8ecd887]
+2.6.32-upstream-stable: pending (2.6.32.62)
+sid: released (3.10.1-1)
+3.2-wheezy-security: released (3.2.46-1+deb7u1) [bugfix/all/af_key-fix-info-leaks-in-notify-messages.patch]
+2.6.32-squeeze-security: released (2.6.32-48squeeze4) [bugfix/all/af_key-fix-info-leaks-in-notify-msgs.patch]
+3.2-upstream-stable: released (3.2.50)
Property changes on: retired/CVE-2013-2234
___________________________________________________________________
Added: svn:mergeinfo
+
Copied: retired/CVE-2013-2237 (from rev 3179, active/CVE-2013-2237)
===================================================================
--- retired/CVE-2013-2237 (rev 0)
+++ retired/CVE-2013-2237 2013-12-16 07:59:13 UTC (rev 3185)
@@ -0,0 +1,10 @@
+Description: another info leak in af_key
+References:
+Notes:
+Bugs:
+upstream: released (3.9) [85dfb745ee40232876663ae206cba35f24ab2a40]
+2.6.32-upstream-stable: pending (2.6.32.62)
+sid: released (3.9.4-1)
+3.2-wheezy-security: released (3.2.46-1+deb7u1) [bugfix/all/af_key-initialize-satype-in-key_notify_policy_flush.patch]
+2.6.32-squeeze-security: released (2.6.32-48squeeze4) [bugfix/all/af_key-initialize-sa_type-in-key_notify_policy_flush.patch]
+3.2-upstream-stable: released (3.2.51)
Property changes on: retired/CVE-2013-2237
___________________________________________________________________
Added: svn:mergeinfo
+
Copied: retired/CVE-2013-2852 (from rev 3179, active/CVE-2013-2852)
===================================================================
--- retired/CVE-2013-2852 (rev 0)
+++ retired/CVE-2013-2852 2013-12-16 07:59:13 UTC (rev 3185)
@@ -0,0 +1,10 @@
+Description: b43: format string leaking into error msgs
+References:
+Notes:
+Bugs:
+upstream: released (3.10-rc6) [e0e29b683d6784ef59bbc914eac85a04b650e63c]
+2.6.32-upstream-stable: pending (2.6.32.62)
+sid: released (3.9.8-1)
+3.2-wheezy-security: released (3.2.46-1+deb7u1) [bugfix/all/b43-stop-format-string-leaking-into-error-msgs.patch]
+2.6.32-squeeze-security: released (2.6.32-48squeeze4) [bugfix/all/b43-stop-formatstring-leak.patch]
+3.2-upstream-stable: released (3.2.47)
Property changes on: retired/CVE-2013-2852
___________________________________________________________________
Added: svn:mergeinfo
+
Copied: retired/CVE-2013-2888 (from rev 3179, active/CVE-2013-2888)
===================================================================
--- retired/CVE-2013-2888 (rev 0)
+++ retired/CVE-2013-2888 2013-12-16 07:59:13 UTC (rev 3185)
@@ -0,0 +1,13 @@
+Description: HID arbitrary heap write
+References:
+ http://marc.info/?l=linux-input&m=137772180514608&w=1
+Notes:
+ in addion Kees recommends the followin defensive patch:
+ http://marc.info/?t=137772196600012&r=1&w=1
+Bugs:
+upstream: released (3.12-rc1) [43622021d2e2b82ea03d883926605bdd0525e1d1, be67b68d52fa28b9b721c47bb42068f0c1214855]
+2.6.32-upstream-stable: pending (2.6.32.62)
+sid: released (3.10.11-1)
+3.2-wheezy-security: released (3.2.51-1)
+2.6.32-squeeze-security: released (2.6.32-48squeeze4) [bugfix/all/hid-check-for-null-when-setting-values.patch, bugfix/all/hid-validate-report-id-size.patch]
+3.2-upstream-stable: released (3.2.52)
\ No newline at end of file
Property changes on: retired/CVE-2013-2888
___________________________________________________________________
Added: svn:mergeinfo
+
Copied: retired/CVE-2013-2892 (from rev 3179, active/CVE-2013-2892)
===================================================================
--- retired/CVE-2013-2892 (rev 0)
+++ retired/CVE-2013-2892 2013-12-16 07:59:13 UTC (rev 3185)
@@ -0,0 +1,11 @@
+Description: pantherlord local DoS through zeroing out too much
+References:
+ http://marc.info/?l=linux-input&m=137772185414625&w=1
+Notes:
+Bugs:
+upstream: released (3.12-rc1) [412f30105ec6735224535791eed5cdc02888ecb4]
+2.6.32-upstream-stable: pending (2.6.32.62)
+sid: released (3.10.11-1)
+3.2-wheezy-security: released (3.2.51-1)
+2.6.32-squeeze-security: released (2.6.32-48squeeze4) [bugfix/all/HID-pantherlord-validate-output-report-details.patch]
+3.2-upstream-stable: released (3.2.52)
Property changes on: retired/CVE-2013-2892
___________________________________________________________________
Added: svn:mergeinfo
+
More information about the kernel-sec-discuss
mailing list