[kernel-sec-discuss] r3290 - active
Ben Hutchings
benh at moszumanska.debian.org
Thu Apr 3 23:53:34 UTC 2014
Author: benh
Date: 2014-04-03 23:52:31 +0000 (Thu, 03 Apr 2014)
New Revision: 3290
Modified:
active/CVE-2013-7348
Log:
Mark CVE-2013-7348 as bogus, not affecting any release ever
Modified: active/CVE-2013-7348
===================================================================
--- active/CVE-2013-7348 2014-04-02 04:29:21 UTC (rev 3289)
+++ active/CVE-2013-7348 2014-04-03 23:52:31 UTC (rev 3290)
@@ -1,10 +1,16 @@
Description: aio: prevent double free in ioctx_alloc
References:
Notes:
+ bwh> So far as I can see, this was introduced by commit e34ecee2ae79
+ bwh> "aio: Fix a trinity splat" and fixed by commit d558023207e0, both
+ bwh> of which went into 3.13-rc3 and 3.12.4. So no releases appear to
+ bwh> be affected and this CVE is entirely bogus.
+ bwh> There was another regression caused by "aio: Fix a trinity splat",
+ bwh> fixed by commit 200067a3f3e7 "aio: fix kioctx leak ..."
Bugs:
-upstream: released (3.12) [d558023207e008a4476a3b7bb8706b2a2bf5d84f]
-2.6.32-upstream-stable:
-sid: released (3.12-1)
-3.2-wheezy-security:
-2.6.32-squeeze-security:
-3.2-upstream-stable:
+upstream: N/A "vulnerable code not present"
+2.6.32-upstream-stable: N/A "vulnerable code not present"
+sid: N/A "vulnerable code not present"
+3.2-wheezy-security: N/A "vulnerable code not present"
+2.6.32-squeeze-security: N/A "vulnerable code not present"
+3.2-upstream-stable: N/A "vulnerable code not present"
More information about the kernel-sec-discuss
mailing list