[kernel-sec-discuss] r2962 - active
Moritz Muehlenhoff
jmm at alioth.debian.org
Thu May 16 07:50:46 UTC 2013
Author: jmm
Date: 2013-05-16 07:50:25 +0000 (Thu, 16 May 2013)
New Revision: 2962
Modified:
active/CVE-2013-0160
active/CVE-2013-1929
active/CVE-2013-1979
active/CVE-2013-2015
active/CVE-2013-2094
active/CVE-2013-3076
active/CVE-2013-3222
active/CVE-2013-3223
active/CVE-2013-3224
active/CVE-2013-3225
active/CVE-2013-3227
active/CVE-2013-3228
active/CVE-2013-3229
active/CVE-2013-3231
active/CVE-2013-3234
active/CVE-2013-3235
active/CVE-2013-3301
Log:
record latest wheezy update
Modified: active/CVE-2013-0160
===================================================================
--- active/CVE-2013-0160 2013-05-15 21:41:07 UTC (rev 2961)
+++ active/CVE-2013-0160 2013-05-16 07:50:25 UTC (rev 2962)
@@ -2,10 +2,9 @@
References: http://www.openwall.com/lists/oss-security/2013/01/07/5
Notes:
Bugs:
-upstream: pending [b0b885657b6c, b0de59b5733d, 37b7f3c76595]
+upstream: released (3.10-rc1) [b0b885657b6c, b0de59b5733d, 37b7f3c76595]
2.6.32-upstream-stable:
sid: released (3.8.12-1)
-3.2-wheezy-security:
2.6.32-squeeze-security:
3.2-upstream-stable: released (3.2.45) [cd945654552d978b84c0825c7206b2d0667a1272, c29ad805df8c54a9f5d74c66bf5d4a2d449bd99a, 0b28f5865ef23d2bcee122d75b4aea1e2f052624]
-3.2-wheezy-security: pending (3.2.41-2+deb7u1) [bugfix/all/TTY-do-not-update-atime-mtime-on-read-write.patch, bugfix/all/TTY-fix-atime-mtime-regression.patch, bugfix/all/tty-fix-up-atime-mtime-mess-take-three.patch]
+3.2-wheezy-security: released (3.2.41-2+deb7u1) [bugfix/all/TTY-do-not-update-atime-mtime-on-read-write.patch, bugfix/all/TTY-fix-atime-mtime-regression.patch, bugfix/all/tty-fix-up-atime-mtime-mess-take-three.patch]
Modified: active/CVE-2013-1929
===================================================================
--- active/CVE-2013-1929 2013-05-15 21:41:07 UTC (rev 2961)
+++ active/CVE-2013-1929 2013-05-16 07:50:25 UTC (rev 2962)
@@ -7,6 +7,6 @@
upstream: released (3.9-rc6) [715230a44310a8cf66fbfb5a46f9a62a9b2de424]
2.6.32-upstream-stable: N/A "code not present"
sid: released (3.8.11-1)
-3.2-wheezy-security: pending (3.2.41-2+deb7u1) [bugfix/all/tg3-fix-length-overflow-in-VPD-firmware-parsing.patch]
+3.2-wheezy-security: released (3.2.41-2+deb7u1) [bugfix/all/tg3-fix-length-overflow-in-VPD-firmware-parsing.patch]
2.6.32-squeeze-security: released (2.6.32-48squeeze2) [features/all/tg3/0209-tg3-fix-length-overflow-in-VPD-firmware-parsing.patch]
3.2-upstream-stable: released (3.2.43) [2b79fa8fddde2d070ca28a2d94394c39bfd8d741]
Modified: active/CVE-2013-1979
===================================================================
--- active/CVE-2013-1979 2013-05-15 21:41:07 UTC (rev 2961)
+++ active/CVE-2013-1979 2013-05-16 07:50:25 UTC (rev 2962)
@@ -5,7 +5,6 @@
upstream: released (3.9) [83f1b4ba917db5dc5a061a44b3403ddb6e783494]
2.6.32-upstream-stable: N/A "Introduced in 2.6.36 with 257b5358b32f17e0603b6ff57b13610b0e02348f"
sid: released (3.8.11-1)
-3.2-wheezy-security:
2.6.32-squeeze-security: N/A "Introduced in 2.6.36 with 257b5358b32f17e0603b6ff57b13610b0e02348f"
3.2-upstream-stable: released (3.2.44) [5428146ebea24b916eb9e3684449699cb6a5c8c0]
-3.2-wheezy-security: pending (3.2.41-2+deb7u1) [bugfix/all/net-fix-incorrect-credentials-passing.patch]
+3.2-wheezy-security: released (3.2.41-2+deb7u1) [bugfix/all/net-fix-incorrect-credentials-passing.patch]
Modified: active/CVE-2013-2015
===================================================================
--- active/CVE-2013-2015 2013-05-15 21:41:07 UTC (rev 2961)
+++ active/CVE-2013-2015 2013-05-16 07:50:25 UTC (rev 2962)
@@ -7,6 +7,6 @@
upstream: released (3.8) [0e9a9a1ad619e7e987815d20262d36a2f95717ca]
2.6.32-upstream-stable:
sid: released (3.8-1)
-3.2-wheezy-security: pending (3.2.41-2+deb7u1) [bugfix/all/ext4-make-orphan-functions-be-no-op-in-no-journal-mo.patch, bugfix/all/ext4-avoid-hang-when-mounting-non-journal-filesystem.patch]
+3.2-wheezy-security: released (3.2.41-2+deb7u1) [bugfix/all/ext4-make-orphan-functions-be-no-op-in-no-journal-mo.patch, bugfix/all/ext4-avoid-hang-when-mounting-non-journal-filesystem.patch]
2.6.32-squeeze-security: released (2.6.32-48squeeze2) [bugfix/all/ext4-make-orphan-functions-be-no-op-in-no-journal-mo.patch, bugfix/all/ext4-avoid-hang-when-mounting-non-journal-filesystem.patch]
3.2-upstream-stable:
Modified: active/CVE-2013-2094
===================================================================
--- active/CVE-2013-2094 2013-05-15 21:41:07 UTC (rev 2961)
+++ active/CVE-2013-2094 2013-05-16 07:50:25 UTC (rev 2962)
@@ -1,4 +1,4 @@
-Description:
+Description: perf 0day
References:
http://seclists.org/oss-sec/2013/q2/320
Notes:
@@ -6,6 +6,6 @@
upstream:
2.6.32-upstream-stable:
sid:
-3.2-wheezy-security: pending (3.2.41-2+deb7u1) [bugfix/all/perf-Treat-attr.config-as-u64-in-perf_swevent_init.patch]
+3.2-wheezy-security: released (3.2.41-2+deb7u1) [bugfix/all/perf-Treat-attr.config-as-u64-in-perf_swevent_init.patch]
2.6.32-squeeze-security:
3.2-upstream-stable: needed
Modified: active/CVE-2013-3076
===================================================================
--- active/CVE-2013-3076 2013-05-15 21:41:07 UTC (rev 2961)
+++ active/CVE-2013-3076 2013-05-16 07:50:25 UTC (rev 2962)
@@ -5,7 +5,6 @@
upstream: released (3.9) [72a763d805a48ac8c0bf48fdb510e84c12de51fe]
2.6.32-upstream-stable: N/A "algif_hash not yet present"
sid: released (3.8.11-1)
-3.2-wheezy-security:
2.6.32-squeeze-security: N/A "algif_hash not yet present"
3.2-upstream-stable: released (3.2.45) [419f4ba0f032c8d906153d24e017f4bee6df26f5]
-3.2-wheezy-security: pending (3.2.41-2+deb7u1) [bugfix/all/crypto-algif-suppress-sending-source-address-informa.patch]
+3.2-wheezy-security: released (3.2.41-2+deb7u1) [bugfix/all/crypto-algif-suppress-sending-source-address-informa.patch]
Modified: active/CVE-2013-3222
===================================================================
--- active/CVE-2013-3222 2013-05-15 21:41:07 UTC (rev 2961)
+++ active/CVE-2013-3222 2013-05-16 07:50:25 UTC (rev 2962)
@@ -5,8 +5,7 @@
upstream: released (3.9) [9b3e617f3df53822345a8573b6d358f6b9e5ed87]
2.6.32-upstream-stable:
sid: released (3.8.11-1)
-3.2-wheezy-security:
2.6.32-squeeze-security: released (2.6.32-48squeeze2) [bugfix/all/atm-update-msg_namelen-in-vcc_recvmsg.patch]
3.2-upstream-stable: released (3.2.45) [2a8c07b253bac436358adb9eb96a37dd223ef120]
-3.2-wheezy-security: pending (3.2.41-2+deb7u1) [bugfix/all/atm-update-msg_namelen-in-vcc_recvmsg.patch]
+3.2-wheezy-security: released (3.2.41-2+deb7u1) [bugfix/all/atm-update-msg_namelen-in-vcc_recvmsg.patch]
Modified: active/CVE-2013-3223
===================================================================
--- active/CVE-2013-3223 2013-05-15 21:41:07 UTC (rev 2961)
+++ active/CVE-2013-3223 2013-05-16 07:50:25 UTC (rev 2962)
@@ -5,7 +5,6 @@
upstream: released (3.9) [ef3313e84acbf349caecae942ab3ab731471f1a1]
2.6.32-upstream-stable:
sid: released (3.8.11-1)
-3.2-wheezy-security:
2.6.32-squeeze-security: released (2.6.32-48squeeze2) [bugfix/all/ax25-fix-info-leak-via-msg_name-in-ax25_recvmsg.patch]
3.2-upstream-stable: released (3.2.45) [e72f86d5b6602c86efb08443c58086c40228b81b]
-3.2-wheezy-security: pending (3.2.41-2+deb7u1) [bugfix/all/ax25-fix-info-leak-via-msg_name-in-ax25_recvmsg.patch]
+3.2-wheezy-security: released (3.2.41-2+deb7u1) [bugfix/all/ax25-fix-info-leak-via-msg_name-in-ax25_recvmsg.patch]
Modified: active/CVE-2013-3224
===================================================================
--- active/CVE-2013-3224 2013-05-15 21:41:07 UTC (rev 2961)
+++ active/CVE-2013-3224 2013-05-16 07:50:25 UTC (rev 2962)
@@ -5,7 +5,6 @@
upstream: released (3.9) [4683f42fde3977bdb4e8a09622788cc8b5313778]
2.6.32-upstream-stable:
sid: released (3.8.11-1)
-3.2-wheezy-security:
2.6.32-squeeze-security: released (2.6.32-48squeeze2) [bugfix/all/Bluetooth-fix-possible-info-leak-in-bt_sock_recvmsg.patch]
3.2-upstream-stable: released (3.2.45) [95ee0fb7a014cdf80be37b329fa462ff3847f7c0]
-3.2-wheezy-security: pending (3.2.41-2+deb7u1) [bugfix/all/Bluetooth-fix-possible-info-leak-in-bt_sock_recvmsg.patch]
+3.2-wheezy-security: released (3.2.41-2+deb7u1) [bugfix/all/Bluetooth-fix-possible-info-leak-in-bt_sock_recvmsg.patch]
Modified: active/CVE-2013-3225
===================================================================
--- active/CVE-2013-3225 2013-05-15 21:41:07 UTC (rev 2961)
+++ active/CVE-2013-3225 2013-05-16 07:50:25 UTC (rev 2962)
@@ -5,7 +5,6 @@
upstream: released (3.9) [e11e0455c0d7d3d62276a0c55d9dfbc16779d691]
2.6.32-upstream-stable:
sid: released (3.8.11-1)
-3.2-wheezy-security:
2.6.32-squeeze-security: released (2.6.32-48squeeze2) [bugfix/all/Bluetooth-RFCOMM-Fix-missing-msg_namelen-update-in-r.patch]
3.2-upstream-stable: released (3.2.45) [bbad6f725f1d1b92e5eb3a7c6a8875eeec955747]
-3.2-wheezy-security: pending (3.2.41-2+deb7u1) [bugfix/all/Bluetooth-RFCOMM-Fix-missing-msg_namelen-update-in-r.patch]
+3.2-wheezy-security: released (3.2.41-2+deb7u1) [bugfix/all/Bluetooth-RFCOMM-Fix-missing-msg_namelen-update-in-r.patch]
Modified: active/CVE-2013-3227
===================================================================
--- active/CVE-2013-3227 2013-05-15 21:41:07 UTC (rev 2961)
+++ active/CVE-2013-3227 2013-05-16 07:50:25 UTC (rev 2962)
@@ -5,7 +5,6 @@
upstream: released (3.9) [2d6fbfe733f35c6b355c216644e08e149c61b271]
2.6.32-upstream-stable: N/A "CAIF introduced in 2.6.35"
sid: released (3.8.11-1)
-3.2-wheezy-security:
2.6.32-squeeze-security: N/A "CAIF introduced in 2.6.35"
3.2-upstream-stable: released (3.2.45) [5bf0d2c0fe1a954f937be4ad1b3c63b34e08dc52]
-3.2-wheezy-security: pending (3.2.41-2+deb7u1) [bugfix/all/caif-Fix-missing-msg_namelen-update-in-caif_seqpkt_r.patch]
+3.2-wheezy-security: released (3.2.41-2+deb7u1) [bugfix/all/caif-Fix-missing-msg_namelen-update-in-caif_seqpkt_r.patch]
Modified: active/CVE-2013-3228
===================================================================
--- active/CVE-2013-3228 2013-05-15 21:41:07 UTC (rev 2961)
+++ active/CVE-2013-3228 2013-05-16 07:50:25 UTC (rev 2962)
@@ -8,4 +8,4 @@
3.2-wheezy-security:
2.6.32-squeeze-security: released (2.6.32-48squeeze2) [bugfix/all/irda-Fix-missing-msg_namelen-update-in-irda_recvmsg_.patch]
3.2-upstream-stable: released (3.2.45) [402fb9f974f158d747e6c6944336cd9af7f349b2]
-3.2-wheezy-security: pending (3.2.41-2+deb7u1) [bugfix/all/irda-Fix-missing-msg_namelen-update-in-irda_recvmsg_.patch]
+3.2-wheezy-security: released (3.2.41-2+deb7u1) [bugfix/all/irda-Fix-missing-msg_namelen-update-in-irda_recvmsg_.patch]
Modified: active/CVE-2013-3229
===================================================================
--- active/CVE-2013-3229 2013-05-15 21:41:07 UTC (rev 2961)
+++ active/CVE-2013-3229 2013-05-16 07:50:25 UTC (rev 2962)
@@ -5,7 +5,6 @@
upstream: released (3.9) [a5598bd9c087dc0efc250a5221e5d0e6f584ee88]
2.6.32-upstream-stable:
sid: released (3.8.11-1)
-3.2-wheezy-security:
2.6.32-squeeze-security: released (2.6.32-48squeeze2) [bugfix/all/iucv-Fix-missing-msg_namelen-update-in-iucv_sock_rec.patch]
3.2-upstream-stable: released (3.2.45) [40c157ba78681c45cc62dabde406b44ca3c76c2b]
-3.2-wheezy-security: pending (3.2.41-2+deb7u1) [bugfix/all/iucv-Fix-missing-msg_namelen-update-in-iucv_sock_rec.patch]
+3.2-wheezy-security: released (3.2.41-2+deb7u1) [bugfix/all/iucv-Fix-missing-msg_namelen-update-in-iucv_sock_rec.patch]
Modified: active/CVE-2013-3231
===================================================================
--- active/CVE-2013-3231 2013-05-15 21:41:07 UTC (rev 2961)
+++ active/CVE-2013-3231 2013-05-16 07:50:25 UTC (rev 2962)
@@ -5,7 +5,6 @@
upstream: released (3.9) [c77a4b9cffb6215a15196ec499490d116dfad181]
2.6.32-upstream-stable:
sid: released (3.8.11-1)
-3.2-wheezy-security:
2.6.32-squeeze-security: released (2.6.32-48squeeze2) [bugfix/all/llc-Fix-missing-msg_namelen-update-in-llc_ui_recvmsg.patch]
3.2-upstream-stable: released (3.2.45) [d0dd0a3d5d31807eea0d54bd561cf178c45a24ca]
-3.2-wheezy-security: pending (3.2.41-2+deb7u1) [bugfix/all/llc-Fix-missing-msg_namelen-update-in-llc_ui_recvmsg.patch]
+3.2-wheezy-security: released (3.2.41-2+deb7u1) [bugfix/all/llc-Fix-missing-msg_namelen-update-in-llc_ui_recvmsg.patch]
Modified: active/CVE-2013-3234
===================================================================
--- active/CVE-2013-3234 2013-05-15 21:41:07 UTC (rev 2961)
+++ active/CVE-2013-3234 2013-05-16 07:50:25 UTC (rev 2962)
@@ -5,7 +5,6 @@
upstream: released (3.9) [4a184233f21645cf0b719366210ed445d1024d72]
2.6.32-upstream-stable:
sid: released (3.8.11-1)
-3.2-wheezy-security:
2.6.32-squeeze-security: released (2.6.32-48squeeze2) [bugfix/all/rose-fix-info-leak-via-msg_name-in-rose_recvmsg.patch]
3.2-upstream-stable: released (3.2.45) [f05503a9ef115c505b36fcd75f77b341811e9169]
-3.2-wheezy-security: pending (3.2.41-2+deb7u1) [bugfix/all/rose-fix-info-leak-via-msg_name-in-rose_recvmsg.patch]
+3.2-wheezy-security: released (3.2.41-2+deb7u1) [bugfix/all/rose-fix-info-leak-via-msg_name-in-rose_recvmsg.patch]
Modified: active/CVE-2013-3235
===================================================================
--- active/CVE-2013-3235 2013-05-15 21:41:07 UTC (rev 2961)
+++ active/CVE-2013-3235 2013-05-16 07:50:25 UTC (rev 2962)
@@ -5,7 +5,6 @@
upstream: released (3.9) [60085c3d009b0df252547adb336d1ccca5ce52ec]
2.6.32-upstream-stable:
sid: released (3.8.11-1)
-3.2-wheezy-security:
2.6.32-squeeze-security: released (2.6.32-48squeeze2) [bugfix/all/tipc-fix-info-leaks-via-msg_name-in-recv_msg-recv_st.patch]
3.2-upstream-stable: released (3.2.45) [1ae38900523eaf11a77c73827c096d7e7eade3a4]
-3.2-wheezy-security: pending (3.2.41-2+deb7u1) [bugfix/all/tipc-fix-info-leaks-via-msg_name-in-recv_msg-recv_st.patch]
+3.2-wheezy-security: released (3.2.41-2+deb7u1) [bugfix/all/tipc-fix-info-leaks-via-msg_name-in-recv_msg-recv_st.patch]
Modified: active/CVE-2013-3301
===================================================================
--- active/CVE-2013-3301 2013-05-15 21:41:07 UTC (rev 2961)
+++ active/CVE-2013-3301 2013-05-16 07:50:25 UTC (rev 2962)
@@ -6,7 +6,6 @@
upstream: released (3.9) [6a76f8c0ab19f215af2a3442870eeb5f0e81998d]
2.6.32-upstream-stable:
sid: released (3.8.11-1)
-3.2-wheezy-security:
2.6.32-squeeze-security:
3.2-upstream-stable: released (3.2.44) [ee3c9aabb636fcfc21d53c506362620b55fdd8c6]
-3.2-wheezy-security: pending (3.2.41-2+deb7u1) [bugfix/all/tracing-Fix-possible-NULL-pointer-dereferences.patch]
+3.2-wheezy-security: released (3.2.41-2+deb7u1) [bugfix/all/tracing-Fix-possible-NULL-pointer-dereferences.patch]
More information about the kernel-sec-discuss
mailing list