[kernel-sec-discuss] r2963 - active retired

Moritz Muehlenhoff jmm at alioth.debian.org
Thu May 16 07:56:02 UTC 2013


Author: jmm
Date: 2013-05-16 07:55:41 +0000 (Thu, 16 May 2013)
New Revision: 2963

Added:
   retired/CVE-2013-1929
   retired/CVE-2013-1979
   retired/CVE-2013-3076
   retired/CVE-2013-3227
Removed:
   active/CVE-2013-1929
   active/CVE-2013-1979
   active/CVE-2013-3076
   active/CVE-2013-3227
Log:
retire


Deleted: active/CVE-2013-1929
===================================================================
--- active/CVE-2013-1929	2013-05-16 07:50:25 UTC (rev 2962)
+++ active/CVE-2013-1929	2013-05-16 07:55:41 UTC (rev 2963)
@@ -1,12 +0,0 @@
-Description:
- tg3: fix length overflow in VPD firmware parsing 
-References:
- http://marc.info/?l=oss-security&m=136520690507676&w=2
-Notes:
-Bugs:
-upstream: released (3.9-rc6) [715230a44310a8cf66fbfb5a46f9a62a9b2de424]
-2.6.32-upstream-stable: N/A "code not present"
-sid: released (3.8.11-1)
-3.2-wheezy-security: released (3.2.41-2+deb7u1) [bugfix/all/tg3-fix-length-overflow-in-VPD-firmware-parsing.patch]
-2.6.32-squeeze-security: released (2.6.32-48squeeze2) [features/all/tg3/0209-tg3-fix-length-overflow-in-VPD-firmware-parsing.patch]
-3.2-upstream-stable: released (3.2.43) [2b79fa8fddde2d070ca28a2d94394c39bfd8d741]

Deleted: active/CVE-2013-1979
===================================================================
--- active/CVE-2013-1979	2013-05-16 07:50:25 UTC (rev 2962)
+++ active/CVE-2013-1979	2013-05-16 07:55:41 UTC (rev 2963)
@@ -1,10 +0,0 @@
-Description: net: incorrect SCM_CREDENTIALS passing
-References:
-Notes:
-Bugs:
-upstream: released (3.9) [83f1b4ba917db5dc5a061a44b3403ddb6e783494]
-2.6.32-upstream-stable: N/A "Introduced in 2.6.36 with 257b5358b32f17e0603b6ff57b13610b0e02348f"
-sid: released (3.8.11-1)
-2.6.32-squeeze-security: N/A "Introduced in 2.6.36 with 257b5358b32f17e0603b6ff57b13610b0e02348f"
-3.2-upstream-stable: released (3.2.44) [5428146ebea24b916eb9e3684449699cb6a5c8c0]
-3.2-wheezy-security: released (3.2.41-2+deb7u1) [bugfix/all/net-fix-incorrect-credentials-passing.patch]

Deleted: active/CVE-2013-3076
===================================================================
--- active/CVE-2013-3076	2013-05-16 07:50:25 UTC (rev 2962)
+++ active/CVE-2013-3076	2013-05-16 07:55:41 UTC (rev 2963)
@@ -1,10 +0,0 @@
-Description: algif_hash info leak
-References:
-Notes:
-Bugs:
-upstream: released (3.9) [72a763d805a48ac8c0bf48fdb510e84c12de51fe]
-2.6.32-upstream-stable: N/A "algif_hash not yet present"
-sid: released (3.8.11-1)
-2.6.32-squeeze-security: N/A "algif_hash not yet present"
-3.2-upstream-stable: released (3.2.45) [419f4ba0f032c8d906153d24e017f4bee6df26f5]
-3.2-wheezy-security: released (3.2.41-2+deb7u1) [bugfix/all/crypto-algif-suppress-sending-source-address-informa.patch]

Deleted: active/CVE-2013-3227
===================================================================
--- active/CVE-2013-3227	2013-05-16 07:50:25 UTC (rev 2962)
+++ active/CVE-2013-3227	2013-05-16 07:55:41 UTC (rev 2963)
@@ -1,10 +0,0 @@
-Description: caif info leak
-References:
-Notes:
-Bugs:
-upstream: released (3.9) [2d6fbfe733f35c6b355c216644e08e149c61b271]
-2.6.32-upstream-stable: N/A "CAIF introduced in 2.6.35"
-sid: released (3.8.11-1)
-2.6.32-squeeze-security: N/A "CAIF introduced in 2.6.35"
-3.2-upstream-stable: released (3.2.45) [5bf0d2c0fe1a954f937be4ad1b3c63b34e08dc52]
-3.2-wheezy-security: released (3.2.41-2+deb7u1) [bugfix/all/caif-Fix-missing-msg_namelen-update-in-caif_seqpkt_r.patch]

Copied: retired/CVE-2013-1929 (from rev 2962, active/CVE-2013-1929)
===================================================================
--- retired/CVE-2013-1929	                        (rev 0)
+++ retired/CVE-2013-1929	2013-05-16 07:55:41 UTC (rev 2963)
@@ -0,0 +1,12 @@
+Description:
+ tg3: fix length overflow in VPD firmware parsing 
+References:
+ http://marc.info/?l=oss-security&m=136520690507676&w=2
+Notes:
+Bugs:
+upstream: released (3.9-rc6) [715230a44310a8cf66fbfb5a46f9a62a9b2de424]
+2.6.32-upstream-stable: N/A "code not present"
+sid: released (3.8.11-1)
+3.2-wheezy-security: released (3.2.41-2+deb7u1) [bugfix/all/tg3-fix-length-overflow-in-VPD-firmware-parsing.patch]
+2.6.32-squeeze-security: released (2.6.32-48squeeze2) [features/all/tg3/0209-tg3-fix-length-overflow-in-VPD-firmware-parsing.patch]
+3.2-upstream-stable: released (3.2.43) [2b79fa8fddde2d070ca28a2d94394c39bfd8d741]


Property changes on: retired/CVE-2013-1929
___________________________________________________________________
Added: svn:mergeinfo
   + 

Copied: retired/CVE-2013-1979 (from rev 2962, active/CVE-2013-1979)
===================================================================
--- retired/CVE-2013-1979	                        (rev 0)
+++ retired/CVE-2013-1979	2013-05-16 07:55:41 UTC (rev 2963)
@@ -0,0 +1,10 @@
+Description: net: incorrect SCM_CREDENTIALS passing
+References:
+Notes:
+Bugs:
+upstream: released (3.9) [83f1b4ba917db5dc5a061a44b3403ddb6e783494]
+2.6.32-upstream-stable: N/A "Introduced in 2.6.36 with 257b5358b32f17e0603b6ff57b13610b0e02348f"
+sid: released (3.8.11-1)
+2.6.32-squeeze-security: N/A "Introduced in 2.6.36 with 257b5358b32f17e0603b6ff57b13610b0e02348f"
+3.2-upstream-stable: released (3.2.44) [5428146ebea24b916eb9e3684449699cb6a5c8c0]
+3.2-wheezy-security: released (3.2.41-2+deb7u1) [bugfix/all/net-fix-incorrect-credentials-passing.patch]


Property changes on: retired/CVE-2013-1979
___________________________________________________________________
Added: svn:mergeinfo
   + 

Copied: retired/CVE-2013-3076 (from rev 2962, active/CVE-2013-3076)
===================================================================
--- retired/CVE-2013-3076	                        (rev 0)
+++ retired/CVE-2013-3076	2013-05-16 07:55:41 UTC (rev 2963)
@@ -0,0 +1,10 @@
+Description: algif_hash info leak
+References:
+Notes:
+Bugs:
+upstream: released (3.9) [72a763d805a48ac8c0bf48fdb510e84c12de51fe]
+2.6.32-upstream-stable: N/A "algif_hash not yet present"
+sid: released (3.8.11-1)
+2.6.32-squeeze-security: N/A "algif_hash not yet present"
+3.2-upstream-stable: released (3.2.45) [419f4ba0f032c8d906153d24e017f4bee6df26f5]
+3.2-wheezy-security: released (3.2.41-2+deb7u1) [bugfix/all/crypto-algif-suppress-sending-source-address-informa.patch]


Property changes on: retired/CVE-2013-3076
___________________________________________________________________
Added: svn:mergeinfo
   + 

Copied: retired/CVE-2013-3227 (from rev 2962, active/CVE-2013-3227)
===================================================================
--- retired/CVE-2013-3227	                        (rev 0)
+++ retired/CVE-2013-3227	2013-05-16 07:55:41 UTC (rev 2963)
@@ -0,0 +1,10 @@
+Description: caif info leak
+References:
+Notes:
+Bugs:
+upstream: released (3.9) [2d6fbfe733f35c6b355c216644e08e149c61b271]
+2.6.32-upstream-stable: N/A "CAIF introduced in 2.6.35"
+sid: released (3.8.11-1)
+2.6.32-squeeze-security: N/A "CAIF introduced in 2.6.35"
+3.2-upstream-stable: released (3.2.45) [5bf0d2c0fe1a954f937be4ad1b3c63b34e08dc52]
+3.2-wheezy-security: released (3.2.41-2+deb7u1) [bugfix/all/caif-Fix-missing-msg_namelen-update-in-caif_seqpkt_r.patch]


Property changes on: retired/CVE-2013-3227
___________________________________________________________________
Added: svn:mergeinfo
   + 




More information about the kernel-sec-discuss mailing list