[kernel-sec-discuss] r3021 - active
Moritz Muehlenhoff
jmm at alioth.debian.org
Wed Jul 24 06:24:14 UTC 2013
Author: jmm
Date: 2013-07-24 06:23:51 +0000 (Wed, 24 Jul 2013)
New Revision: 3021
Added:
active/CVE-2013-4163
Modified:
active/CVE-2013-2140
active/CVE-2013-2147
Log:
new ipv6 issue
Modified: active/CVE-2013-2140
===================================================================
--- active/CVE-2013-2140 2013-07-16 10:42:04 UTC (rev 3020)
+++ active/CVE-2013-2140 2013-07-24 06:23:51 UTC (rev 3021)
@@ -3,7 +3,7 @@
http://seclists.org/oss-sec/2013/q2/att-488/0001-xen-blkback-Check-device-permissions-before-allowing.patch
Notes:
Bugs:
-upstream: needed "no fix merged as of 2013-07-15"
+upstream: needed "no fix merged as of 2013-07-19"
2.6.32-upstream-stable: N/A "Vulnerable code not present"
sid: released (3.10.1-1)
3.2-wheezy-security: N/A "Vulnerable code not present"
Modified: active/CVE-2013-2147
===================================================================
--- active/CVE-2013-2147 2013-07-16 10:42:04 UTC (rev 3020)
+++ active/CVE-2013-2147 2013-07-24 06:23:51 UTC (rev 3021)
@@ -4,7 +4,7 @@
https://lkml.org/lkml/2013/6/3/127
Notes:
Bugs:
-upstream: needed "no fix merged as of 2013-07-15"
+upstream: needed "no fix merged as of 2013-07-19"
2.6.32-upstream-stable: needed
sid: needed
3.2-wheezy-security: needed
Added: active/CVE-2013-4163
===================================================================
--- active/CVE-2013-4163 (rev 0)
+++ active/CVE-2013-4163 2013-07-24 06:23:51 UTC (rev 3021)
@@ -0,0 +1,12 @@
+Description: net: panic while appending data to a corked IPv6 socket in ip6_append_data_mtu
+References:
+Notes:
+ jmm> This was introduced upstream in 3.5, but 0c1833797a5a6ec23ea9261d979aa18078720b74 was
+ jmm> merged into 3.2.20, so Wheezy and 3.2.x LTS are affected
+Bugs:
+upstream: released (3.11-rc1) [75a493e60ac4bbe2e977e7129d6d8cbb0dd236be]
+2.6.32-upstream-stable: N/A "Introduced with 0c1833797a5a6ec23ea9261d979aa18078720b74"
+sid: needed
+3.2-wheezy-security: needed
+2.6.32-squeeze-security: N/A "Introduced with 0c1833797a5a6ec23ea9261d979aa18078720b74"
+3.2-upstream-stable: needed
More information about the kernel-sec-discuss
mailing list