[kernel-sec-discuss] r3291 - active retired

Ben Hutchings benh at moszumanska.debian.org
Thu Apr 3 23:55:52 UTC 2014 

Author: benh
Date: 2014-04-03 23:54:49 +0000 (Thu, 03 Apr 2014)
New Revision: 3291

Added:
   retired/CVE-2013-7348
Removed:
   active/CVE-2013-7348
Log:
Retire CVE-2013-7348

Deleted: active/CVE-2013-7348
===================================================================
--- active/CVE-2013-7348	2014-04-03 23:52:31 UTC (rev 3290)
+++ active/CVE-2013-7348	2014-04-03 23:54:49 UTC (rev 3291)
@@ -1,16 +0,0 @@
-Description: aio: prevent double free in ioctx_alloc
-References:
-Notes:
- bwh> So far as I can see, this was introduced by commit e34ecee2ae79
- bwh> "aio: Fix a trinity splat" and fixed by commit d558023207e0, both
- bwh> of which went into 3.13-rc3 and 3.12.4.  So no releases appear to
- bwh> be affected and this CVE is entirely bogus.
- bwh> There was another regression caused by "aio: Fix a trinity splat",
- bwh> fixed by commit 200067a3f3e7 "aio: fix kioctx leak ..."
-Bugs:
-upstream: N/A "vulnerable code not present"
-2.6.32-upstream-stable: N/A "vulnerable code not present"
-sid: N/A "vulnerable code not present"
-3.2-wheezy-security: N/A "vulnerable code not present"
-2.6.32-squeeze-security: N/A "vulnerable code not present"
-3.2-upstream-stable: N/A "vulnerable code not present"

Copied: retired/CVE-2013-7348 (from rev 3290, active/CVE-2013-7348)
===================================================================
--- retired/CVE-2013-7348	                        (rev 0)
+++ retired/CVE-2013-7348	2014-04-03 23:54:49 UTC (rev 3291)
@@ -0,0 +1,16 @@
+Description: aio: prevent double free in ioctx_alloc
+References:
+Notes:
+ bwh> So far as I can see, this was introduced by commit e34ecee2ae79
+ bwh> "aio: Fix a trinity splat" and fixed by commit d558023207e0, both
+ bwh> of which went into 3.13-rc3 and 3.12.4.  So no releases appear to
+ bwh> be affected and this CVE is entirely bogus.
+ bwh> There was another regression caused by "aio: Fix a trinity splat",
+ bwh> fixed by commit 200067a3f3e7 "aio: fix kioctx leak ..."
+Bugs:
+upstream: N/A "vulnerable code not present"
+2.6.32-upstream-stable: N/A "vulnerable code not present"
+sid: N/A "vulnerable code not present"
+3.2-wheezy-security: N/A "vulnerable code not present"
+2.6.32-squeeze-security: N/A "vulnerable code not present"
+3.2-upstream-stable: N/A "vulnerable code not present"

More information about the kernel-sec-discuss mailing list