[kernel-sec-discuss] r3334 - active retired
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Tue Apr 29 15:02:58 UTC 2014
Author: jmm
Date: 2014-04-29 15:02:58 +0000 (Tue, 29 Apr 2014)
New Revision: 3334
Added:
retired/CVE-2013-0343
retired/CVE-2013-2929
retired/CVE-2013-4162
retired/CVE-2013-4299
retired/CVE-2013-4345
retired/CVE-2013-4511
retired/CVE-2013-4512
retired/CVE-2013-4587
retired/CVE-2013-6367
retired/CVE-2013-6378
retired/CVE-2013-6381
retired/CVE-2013-6382
retired/CVE-2013-6383
retired/CVE-2013-7263
retired/CVE-2013-7265
retired/CVE-2013-7339
retired/CVE-2014-0101
retired/CVE-2014-1444
retired/CVE-2014-1445
Removed:
active/CVE-2013-0343
active/CVE-2013-2929
active/CVE-2013-4162
active/CVE-2013-4299
active/CVE-2013-4345
active/CVE-2013-4511
active/CVE-2013-4512
active/CVE-2013-4587
active/CVE-2013-6367
active/CVE-2013-6378
active/CVE-2013-6381
active/CVE-2013-6382
active/CVE-2013-6383
active/CVE-2013-7263
active/CVE-2013-7265
active/CVE-2013-7339
active/CVE-2014-0101
active/CVE-2014-1444
active/CVE-2014-1445
Log:
retire (no need to wait for 2.6.32.x releases)
Deleted: active/CVE-2013-0343
===================================================================
--- active/CVE-2013-0343 2014-04-29 14:58:12 UTC (rev 3333)
+++ active/CVE-2013-0343 2014-04-29 15:02:58 UTC (rev 3334)
@@ -1,13 +0,0 @@
-Description: kernel handling of IPv6 temporary addresses
-References:
- http://seclists.org/oss-sec/2012/q4/292
- http://seclists.org/oss-sec/2013/q1/92
- https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=4b08a8f1bd8cb4541c93ec170027b4d0782dab52
-Notes:
-Bugs:
-upstream: released (3.11) [4b08a8f1bd8cb4541c93ec170027b4d0782dab52]
-2.6.32-upstream-stable: pending
-sid: released (3.10.11-1)
-3.2-wheezy-security: released (3.2.51-1)
-2.6.32-squeeze-security: released (2.6.32-48squeeze5) [bugfix/all/CVE-2013-0343-patch]
-3.2-upstream-stable: released (3.2.52)
Deleted: active/CVE-2013-2929
===================================================================
--- active/CVE-2013-2929 2014-04-29 14:58:12 UTC (rev 3333)
+++ active/CVE-2013-2929 2014-04-29 15:02:58 UTC (rev 3334)
@@ -1,10 +0,0 @@
-Description: exec/ptrace: fix get_dumpable() incorrect tests
-References:
-Notes:
-Bugs:
-upstream: released (3.13-rc1) [d049f74f2dbe71354d43d393ac3a188947811348]
-2.6.32-upstream-stable: pending
-sid: released (3.11.10-1)
-3.2-wheezy-security: released (3.2.53-1) [bugfix/all/exec-ptrace-fix-get_dumpable-incorrect-tests.patch]
-2.6.32-squeeze-security: released (2.6.32-48squeeze5) [bugfix/all/exec-ptrace-fix-get_dumpable-incorrect-tests.patch]
-3.2-upstream-stable: released (3.2.54)
Deleted: active/CVE-2013-4162
===================================================================
--- active/CVE-2013-4162 2014-04-29 14:58:12 UTC (rev 3333)
+++ active/CVE-2013-4162 2014-04-29 15:02:58 UTC (rev 3334)
@@ -1,12 +0,0 @@
-Description: ipv6: call udp_push_pending_frames when uncorking a socket with AF_INET pending data
-References:
-Notes:
- Fixed in 3.10.4
-Bugs:
-upstream: released (3.11-rc1) [8822b64a0fa64a5dd1dfcf837c5b0be83f8c05d1]
-2.6.32-upstream-stable: pending
-sid: released (3.10.5-1)
-3.2-wheezy-security: released (3.2.46-1+deb7u1) [bugfix/all/ipv6-call-udp_push_pending_frames-when-uncorking-a-s.patch]
-2.6.32-squeeze-security: released (2.6.32-48squeeze5) [bugfix/all/CVE-2013-4162.patch]
-3.2-upstream-stable: released (3.2.50)
-
Deleted: active/CVE-2013-4299
===================================================================
--- active/CVE-2013-4299 2014-04-29 14:58:12 UTC (rev 3333)
+++ active/CVE-2013-4299 2014-04-29 15:02:58 UTC (rev 3334)
@@ -1,10 +0,0 @@
-Description: dm snapshot: fix data corruption
-References:
-Notes:
-Bugs:
-upstream: released (3.12-rc6) [e9c6a182649f4259db704ae15a91ac820e63b0ca]
-2.6.32-upstream-stable: pending
-sid: released (3.11.6-2) [bugfix/all/dm-snapshot-fix-data-corruption.patch]
-3.2-wheezy-security: released (3.2.53-1)
-2.6.32-squeeze-security: released (2.6.32-48squeeze5) [bugfix/all/CVE-2013-4299.patch]
-3.2-upstream-stable: released (3.2.53)
Deleted: active/CVE-2013-4345
===================================================================
--- active/CVE-2013-4345 2014-04-29 14:58:12 UTC (rev 3333)
+++ active/CVE-2013-4345 2014-04-29 15:02:58 UTC (rev 3334)
@@ -1,11 +0,0 @@
-Description: ansi_cprng: Fix off by one error in non-block size request
-References:
- http://marc.info/?l=linux-crypto-vger&m=137942122902845&w=2
-Notes:
-Bugs:
-upstream: released (3.13-rc1) [714b33d15130cbb5ab426456d4e3de842d6c5b8a]
-2.6.32-upstream-stable: pending
-sid: released (3.11.5-1)
-3.2-wheezy-security: released (3.2.53-1) [bugfix/all/crypto-ansi_cprng-Fix-off-by-one-error-in-non-block-.patch]
-2.6.32-squeeze-security: released (2.6.32-48squeeze5) [bugfix/all/CVE-2013-4345.patch]
-3.2-upstream-stable: released (3.2.54)
Deleted: active/CVE-2013-4511
===================================================================
--- active/CVE-2013-4511 2014-04-29 14:58:12 UTC (rev 3333)
+++ active/CVE-2013-4511 2014-04-29 15:02:58 UTC (rev 3334)
@@ -1,11 +0,0 @@
-Description: privilege escalation in uio and au1?00 drivers
-References:
-Notes:
- jmm> au1?00 drivers not built in Debian
-Bugs:
-upstream: released (3.12) [7314e613d5ff9f0934f7a0f74ed7973b903315d1]
-2.6.32-upstream-stable: pending
-sid: released (3.11.8-1)
-3.2-wheezy-security: released (3.2.53-1)
-2.6.32-squeeze-security: released (2.6.32-48squeeze5) [bugfix/all/CVE-2013-4511.patch]
-3.2-upstream-stable: released (3.2.53)
Deleted: active/CVE-2013-4512
===================================================================
--- active/CVE-2013-4512 2014-04-29 14:58:12 UTC (rev 3333)
+++ active/CVE-2013-4512 2014-04-29 15:02:58 UTC (rev 3334)
@@ -1,10 +0,0 @@
-Description: array overwrite in exitcode_proc_write (UML)
-References:
-Notes:
-Bugs:
-upstream: released (3.12) [201f99f170df14ba52ea4c52847779042b7a623b]
-2.6.32-upstream-stable: pending
-sid: released (3.11.8-1)
-3.2-wheezy-security: released (3.2.53-1)
-2.6.32-squeeze-security: released (2.6.32-48squeeze5) [bugfix/all/CVE-2013-4512.patch]
-3.2-upstream-stable: released (3.2.53)
Deleted: active/CVE-2013-4587
===================================================================
--- active/CVE-2013-4587 2014-04-29 14:58:12 UTC (rev 3333)
+++ active/CVE-2013-4587 2014-04-29 15:02:58 UTC (rev 3334)
@@ -1,11 +0,0 @@
-Description: kvm: rtc_status.dest_map out-of-bounds access
-References:
- http://seclists.org/oss-sec/2013/q4/494
-Notes:
-Bugs:
-upstream: released (3.13-rc4) [338c7dbadd2671189cec7faf64c84d01071b3f96]
-2.6.32-upstream-stable: pending
-sid: released (3.12.6-1)
-3.2-wheezy-security: released (3.2.54-1) [linux_3.2.54.orig.tar.xz]
-2.6.32-squeeze-security: released (2.6.32-48squeeze5) [bugfix/all/CVE-2013-4587.patch]
-3.2-upstream-stable: released (3.2.54)
Deleted: active/CVE-2013-6367
===================================================================
--- active/CVE-2013-6367 2014-04-29 14:58:12 UTC (rev 3333)
+++ active/CVE-2013-6367 2014-04-29 15:02:58 UTC (rev 3334)
@@ -1,11 +0,0 @@
-Description: kvm: division by zero in apic_get_tmcct()
-References:
- http://seclists.org/oss-sec/2013/q4/494
-Notes:
-Bugs:
-upstream: released (3.13-rc4) [b963a22e6d1a266a67e9eecc88134713fd54775c]
-2.6.32-upstream-stable: pending
-sid: released (3.12.6-1)
-3.2-wheezy-security: released (3.2.54-1) [linux_3.2.54.orig.tar.xz]
-2.6.32-squeeze-security: released (2.6.32-48squeeze5) [bugfix/x86/KVM-Fix-potential-divide-by-0-in-lapic-CVE-2013-.patch]
-3.2-upstream-stable: released (3.2.54)
Deleted: active/CVE-2013-6378
===================================================================
--- active/CVE-2013-6378 2014-04-29 14:58:12 UTC (rev 3333)
+++ active/CVE-2013-6378 2014-04-29 15:02:58 UTC (rev 3334)
@@ -1,11 +0,0 @@
-Description: libertas: potential oops in debugfs
-References:
-Notes:
- Only triggerable by root
-Bugs:
-upstream: released (3.13-rc1) [a497e47d4aec37aaf8f13509f3ef3d1f6a717d88]
-2.6.32-upstream-stable: pending
-sid: released (3.11.10-1)
-3.2-wheezy-security: released (3.2.53-1) [bugfix/all/libertas-potential-oops-in-debugfs.patch]
-2.6.32-squeeze-security: released (2.6.32-48squeeze5) [bugfix/all/CVE-2013-6378.patch]
-3.2-upstream-stable: released (3.2.54)
Deleted: active/CVE-2013-6381
===================================================================
--- active/CVE-2013-6381 2014-04-29 14:58:12 UTC (rev 3333)
+++ active/CVE-2013-6381 2014-04-29 15:02:58 UTC (rev 3334)
@@ -1,10 +0,0 @@
-Description: qeth: avoid buffer overflow in snmp ioctl
-References:
-Notes:
-Bugs:
-upstream: released (3.13-rc1) [6fb392b1a63ae36c31f62bc3fc8630b49d602b62]
-2.6.32-upstream-stable: pending
-sid: released (3.11.10-1) [bugfix/s390/qeth-avoid-buffer-overflow-in-snmp-ioctl.patch]
-3.2-wheezy-security: released (3.2.53-1) [bugfix/s390/qeth-avoid-buffer-overflow-in-snmp-ioctl.patch]
-2.6.32-squeeze-security: released (2.6.32-48squeeze5) [bugfix/all/CVE-2013-6381.patch]
-3.2-upstream-stable: released (3.2.54)
Deleted: active/CVE-2013-6382
===================================================================
--- active/CVE-2013-6382 2014-04-29 14:58:12 UTC (rev 3333)
+++ active/CVE-2013-6382 2014-04-29 15:02:58 UTC (rev 3334)
@@ -1,11 +0,0 @@
-Description: underflow bug in xfs_attrlist_by_handle()
-References:
- http://patchwork.xfs.org/patch/6773/
-Notes:
-Bugs:
-upstream: released 3.13-rc3 [31978b5cc66b8ba8a7e8eef60b12395d41b7b890]
-2.6.32-upstream-stable: pending
-sid: released (3.11.10-1) [bugfix/all/xfs-underflow-bug-in-xfs_attrlist_by_handle.patch]
-3.2-wheezy-security: released (3.2.53-1) [bugfix/all/xfs-underflow-bug-in-xfs_attrlist_by_handle.patch]
-2.6.32-squeeze-security: released (2.6.32-48squeeze5) [bugfix/all/xfs-underflow-bug-in-xfs_attrlist_by_handle.patch]
-3.2-upstream-stable: released (3.2.54)
Deleted: active/CVE-2013-6383
===================================================================
--- active/CVE-2013-6383 2014-04-29 14:58:12 UTC (rev 3333)
+++ active/CVE-2013-6383 2014-04-29 15:02:58 UTC (rev 3334)
@@ -1,10 +0,0 @@
-Description: aacraid: missing capable() check in compat ioctl
-References:
-Notes:
-Bugs:
-upstream: released (3.13-rc1) [f856567b930dfcdbc3323261bf77240ccdde01f5]
-2.6.32-upstream-stable: pending
-sid: released (3.11.8-1)
-3.2-wheezy-security: released (3.2.53-1)
-2.6.32-squeeze-security: released (2.6.32-48squeeze5) [bugfix/all/CVE-2013-6383.patch]
-3.2-upstream-stable: released (3.2.53)
Deleted: active/CVE-2013-7263
===================================================================
--- active/CVE-2013-7263 2014-04-29 14:58:12 UTC (rev 3333)
+++ active/CVE-2013-7263 2014-04-29 15:02:58 UTC (rev 3334)
@@ -1,11 +0,0 @@
-Description: ipv4,ipv6: uninitialised memory leakage
-References:
-Notes:
- jmm> Originally CVE-2013-6405, was split into CVE-2013-726[345] and CVE-2013-7281
-Bugs:
-upstream: released (3.13-rc2) [bceaa90240b6019ed73b49965eac7d167610be69, 85fbaa75037d0b6b786ff18658ddf0b4014ce2a4]
-2.6.32-upstream-stable: pending
-sid: released (3.12.4-1)
-3.2-wheezy-security: released (3.2.54-1) [linux_3.2.54.orig.tar.xz]
-2.6.32-squeeze-security: released (2.6.32-48squeeze5) [bugfix/all/CVE-2013-6405-1.patch, bugfix/all/CVE-2013-6405-2.patch]
-3.2-upstream-stable: released (3.2.54) [b38ecb9bbbb42b71833ff4439283f51120a35c1a, b38ecb9bbbb42b71833ff4439283f51120a35c1a]
Deleted: active/CVE-2013-7265
===================================================================
--- active/CVE-2013-7265 2014-04-29 14:58:12 UTC (rev 3333)
+++ active/CVE-2013-7265 2014-04-29 15:02:58 UTC (rev 3334)
@@ -1,11 +0,0 @@
-Description: phonet: uninitialised memory leakage
-References:
-Notes:
- jmm> Originally CVE-2013-6405, was split into CVE-2013-726[345] and CVE-2013-7281
-Bugs:
-upstream: released (3.13-rc2) [bceaa90240b6019ed73b49965eac7d167610be69]
-2.6.32-upstream-stable: pending
-sid: released (3.12.4-1)
-3.2-wheezy-security: released (3.2.54-1) [linux_3.2.54.orig.tar.xz]
-2.6.32-squeeze-security: released (2.6.32-48squeeze5) [bugfix/all/CVE-2013-6405-1.patch]
-3.2-upstream-stable: released (3.2.54) [b38ecb9bbbb42b71833ff4439283f51120a35c1a]
Deleted: active/CVE-2013-7339
===================================================================
--- active/CVE-2013-7339 2014-04-29 14:58:12 UTC (rev 3333)
+++ active/CVE-2013-7339 2014-04-29 15:02:58 UTC (rev 3334)
@@ -1,10 +0,0 @@
-Description: rds: prevent dereference of a NULL device
-References:
-Notes:
-Bugs:
-upstream: released (3.13-rc4)
-2.6.32-upstream-stable: pending
-sid: released (3.13-1~exp1)
-3.2-wheezy-security: released (3.2.56-1)
-2.6.32-squeeze-security: released (2.6.32-48squeeze5) [bugfix/all/rds-prevent-dereference-of-a-NULL-device.patch]
-3.2-upstream-stable: released (3.2.55)
Deleted: active/CVE-2014-0101
===================================================================
--- active/CVE-2014-0101 2014-04-29 14:58:12 UTC (rev 3333)
+++ active/CVE-2014-0101 2014-04-29 15:02:58 UTC (rev 3334)
@@ -1,11 +0,0 @@
-Description: net: sctp: null pointer dereference when processing authenticated cookie_echo chunk
-References:
- http://patchwork.ozlabs.org/patch/325898/
-Notes:
-Bugs:
-upstream: released (3.14-rc3) [ec0223ec48a90cb605244b45f7c62de856403729]
-2.6.32-upstream-stable: pending
-sid: released (3.13.6-1) [bugfix/all/net-sctp-fix-sctp_sf_do_5_1D_ce-to-verify-if-we-peer.patch]
-3.2-wheezy-security: released (3.2.56-1)
-2.6.32-squeeze-security: released (2.6.32-48squeeze5) [bugfix/all/net-sctp-fix-sctp_sf_do_5_1D_ce-to-verify-if-we-peer.patch]
-3.2-upstream-stable: released (3.2.56)
Deleted: active/CVE-2014-1444
===================================================================
--- active/CVE-2014-1444 2014-04-29 14:58:12 UTC (rev 3333)
+++ active/CVE-2014-1444 2014-04-29 15:02:58 UTC (rev 3334)
@@ -1,10 +0,0 @@
-Description: farsync: fix info leak in ioctl
-References:
-Notes:
-Bugs:
-upstream: released (3.13-rc1) [96b340406724d87e4621284ebac5e059d67b2194]
-2.6.32-upstream-stable: pending
-sid: released (3.12.6-1)
-3.2-wheezy-security: released (3.2.53)
-2.6.32-squeeze-security: released (2.6.32-48squeeze5) [bugfix/all/farsync-fix-info-leak-in-ioctl.patch]
-3.2-upstream-stable: released (3.2.51-1)
Deleted: active/CVE-2014-1445
===================================================================
--- active/CVE-2014-1445 2014-04-29 14:58:12 UTC (rev 3333)
+++ active/CVE-2014-1445 2014-04-29 15:02:58 UTC (rev 3334)
@@ -1,10 +0,0 @@
-Description: wanxl: fix info leak in ioctl
-References:
-Notes:
-Bugs:
-upstream: released (3.13-rc1) [2b13d06c9584b4eb773f1e80bbaedab9a1c344e1]
-2.6.32-upstream-stable: pending
-sid: released (3.12.6-1)
-3.2-wheezy-security: released (3.2.53)
-2.6.32-squeeze-security: released (2.6.32-48squeeze5) [bugfix/all/wanxl-fix-info-leak-in-ioctl.patch]
-3.2-upstream-stable: released (3.2.51-1)
Copied: retired/CVE-2013-0343 (from rev 3333, active/CVE-2013-0343)
===================================================================
--- retired/CVE-2013-0343 (rev 0)
+++ retired/CVE-2013-0343 2014-04-29 15:02:58 UTC (rev 3334)
@@ -0,0 +1,13 @@
+Description: kernel handling of IPv6 temporary addresses
+References:
+ http://seclists.org/oss-sec/2012/q4/292
+ http://seclists.org/oss-sec/2013/q1/92
+ https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=4b08a8f1bd8cb4541c93ec170027b4d0782dab52
+Notes:
+Bugs:
+upstream: released (3.11) [4b08a8f1bd8cb4541c93ec170027b4d0782dab52]
+2.6.32-upstream-stable: pending
+sid: released (3.10.11-1)
+3.2-wheezy-security: released (3.2.51-1)
+2.6.32-squeeze-security: released (2.6.32-48squeeze5) [bugfix/all/CVE-2013-0343-patch]
+3.2-upstream-stable: released (3.2.52)
Property changes on: retired/CVE-2013-0343
___________________________________________________________________
Added: svn:mergeinfo
+
Copied: retired/CVE-2013-2929 (from rev 3333, active/CVE-2013-2929)
===================================================================
--- retired/CVE-2013-2929 (rev 0)
+++ retired/CVE-2013-2929 2014-04-29 15:02:58 UTC (rev 3334)
@@ -0,0 +1,10 @@
+Description: exec/ptrace: fix get_dumpable() incorrect tests
+References:
+Notes:
+Bugs:
+upstream: released (3.13-rc1) [d049f74f2dbe71354d43d393ac3a188947811348]
+2.6.32-upstream-stable: pending
+sid: released (3.11.10-1)
+3.2-wheezy-security: released (3.2.53-1) [bugfix/all/exec-ptrace-fix-get_dumpable-incorrect-tests.patch]
+2.6.32-squeeze-security: released (2.6.32-48squeeze5) [bugfix/all/exec-ptrace-fix-get_dumpable-incorrect-tests.patch]
+3.2-upstream-stable: released (3.2.54)
Property changes on: retired/CVE-2013-2929
___________________________________________________________________
Added: svn:mergeinfo
+
Copied: retired/CVE-2013-4162 (from rev 3333, active/CVE-2013-4162)
===================================================================
--- retired/CVE-2013-4162 (rev 0)
+++ retired/CVE-2013-4162 2014-04-29 15:02:58 UTC (rev 3334)
@@ -0,0 +1,12 @@
+Description: ipv6: call udp_push_pending_frames when uncorking a socket with AF_INET pending data
+References:
+Notes:
+ Fixed in 3.10.4
+Bugs:
+upstream: released (3.11-rc1) [8822b64a0fa64a5dd1dfcf837c5b0be83f8c05d1]
+2.6.32-upstream-stable: pending
+sid: released (3.10.5-1)
+3.2-wheezy-security: released (3.2.46-1+deb7u1) [bugfix/all/ipv6-call-udp_push_pending_frames-when-uncorking-a-s.patch]
+2.6.32-squeeze-security: released (2.6.32-48squeeze5) [bugfix/all/CVE-2013-4162.patch]
+3.2-upstream-stable: released (3.2.50)
+
Property changes on: retired/CVE-2013-4162
___________________________________________________________________
Added: svn:mergeinfo
+
Copied: retired/CVE-2013-4299 (from rev 3333, active/CVE-2013-4299)
===================================================================
--- retired/CVE-2013-4299 (rev 0)
+++ retired/CVE-2013-4299 2014-04-29 15:02:58 UTC (rev 3334)
@@ -0,0 +1,10 @@
+Description: dm snapshot: fix data corruption
+References:
+Notes:
+Bugs:
+upstream: released (3.12-rc6) [e9c6a182649f4259db704ae15a91ac820e63b0ca]
+2.6.32-upstream-stable: pending
+sid: released (3.11.6-2) [bugfix/all/dm-snapshot-fix-data-corruption.patch]
+3.2-wheezy-security: released (3.2.53-1)
+2.6.32-squeeze-security: released (2.6.32-48squeeze5) [bugfix/all/CVE-2013-4299.patch]
+3.2-upstream-stable: released (3.2.53)
Property changes on: retired/CVE-2013-4299
___________________________________________________________________
Added: svn:mergeinfo
+
Copied: retired/CVE-2013-4345 (from rev 3333, active/CVE-2013-4345)
===================================================================
--- retired/CVE-2013-4345 (rev 0)
+++ retired/CVE-2013-4345 2014-04-29 15:02:58 UTC (rev 3334)
@@ -0,0 +1,11 @@
+Description: ansi_cprng: Fix off by one error in non-block size request
+References:
+ http://marc.info/?l=linux-crypto-vger&m=137942122902845&w=2
+Notes:
+Bugs:
+upstream: released (3.13-rc1) [714b33d15130cbb5ab426456d4e3de842d6c5b8a]
+2.6.32-upstream-stable: pending
+sid: released (3.11.5-1)
+3.2-wheezy-security: released (3.2.53-1) [bugfix/all/crypto-ansi_cprng-Fix-off-by-one-error-in-non-block-.patch]
+2.6.32-squeeze-security: released (2.6.32-48squeeze5) [bugfix/all/CVE-2013-4345.patch]
+3.2-upstream-stable: released (3.2.54)
Property changes on: retired/CVE-2013-4345
___________________________________________________________________
Added: svn:mergeinfo
+
Copied: retired/CVE-2013-4511 (from rev 3333, active/CVE-2013-4511)
===================================================================
--- retired/CVE-2013-4511 (rev 0)
+++ retired/CVE-2013-4511 2014-04-29 15:02:58 UTC (rev 3334)
@@ -0,0 +1,11 @@
+Description: privilege escalation in uio and au1?00 drivers
+References:
+Notes:
+ jmm> au1?00 drivers not built in Debian
+Bugs:
+upstream: released (3.12) [7314e613d5ff9f0934f7a0f74ed7973b903315d1]
+2.6.32-upstream-stable: pending
+sid: released (3.11.8-1)
+3.2-wheezy-security: released (3.2.53-1)
+2.6.32-squeeze-security: released (2.6.32-48squeeze5) [bugfix/all/CVE-2013-4511.patch]
+3.2-upstream-stable: released (3.2.53)
Property changes on: retired/CVE-2013-4511
___________________________________________________________________
Added: svn:mergeinfo
+
Copied: retired/CVE-2013-4512 (from rev 3333, active/CVE-2013-4512)
===================================================================
--- retired/CVE-2013-4512 (rev 0)
+++ retired/CVE-2013-4512 2014-04-29 15:02:58 UTC (rev 3334)
@@ -0,0 +1,10 @@
+Description: array overwrite in exitcode_proc_write (UML)
+References:
+Notes:
+Bugs:
+upstream: released (3.12) [201f99f170df14ba52ea4c52847779042b7a623b]
+2.6.32-upstream-stable: pending
+sid: released (3.11.8-1)
+3.2-wheezy-security: released (3.2.53-1)
+2.6.32-squeeze-security: released (2.6.32-48squeeze5) [bugfix/all/CVE-2013-4512.patch]
+3.2-upstream-stable: released (3.2.53)
Property changes on: retired/CVE-2013-4512
___________________________________________________________________
Added: svn:mergeinfo
+
Copied: retired/CVE-2013-4587 (from rev 3333, active/CVE-2013-4587)
===================================================================
--- retired/CVE-2013-4587 (rev 0)
+++ retired/CVE-2013-4587 2014-04-29 15:02:58 UTC (rev 3334)
@@ -0,0 +1,11 @@
+Description: kvm: rtc_status.dest_map out-of-bounds access
+References:
+ http://seclists.org/oss-sec/2013/q4/494
+Notes:
+Bugs:
+upstream: released (3.13-rc4) [338c7dbadd2671189cec7faf64c84d01071b3f96]
+2.6.32-upstream-stable: pending
+sid: released (3.12.6-1)
+3.2-wheezy-security: released (3.2.54-1) [linux_3.2.54.orig.tar.xz]
+2.6.32-squeeze-security: released (2.6.32-48squeeze5) [bugfix/all/CVE-2013-4587.patch]
+3.2-upstream-stable: released (3.2.54)
Property changes on: retired/CVE-2013-4587
___________________________________________________________________
Added: svn:mergeinfo
+
Copied: retired/CVE-2013-6367 (from rev 3333, active/CVE-2013-6367)
===================================================================
--- retired/CVE-2013-6367 (rev 0)
+++ retired/CVE-2013-6367 2014-04-29 15:02:58 UTC (rev 3334)
@@ -0,0 +1,11 @@
+Description: kvm: division by zero in apic_get_tmcct()
+References:
+ http://seclists.org/oss-sec/2013/q4/494
+Notes:
+Bugs:
+upstream: released (3.13-rc4) [b963a22e6d1a266a67e9eecc88134713fd54775c]
+2.6.32-upstream-stable: pending
+sid: released (3.12.6-1)
+3.2-wheezy-security: released (3.2.54-1) [linux_3.2.54.orig.tar.xz]
+2.6.32-squeeze-security: released (2.6.32-48squeeze5) [bugfix/x86/KVM-Fix-potential-divide-by-0-in-lapic-CVE-2013-.patch]
+3.2-upstream-stable: released (3.2.54)
Property changes on: retired/CVE-2013-6367
___________________________________________________________________
Added: svn:mergeinfo
+
Copied: retired/CVE-2013-6378 (from rev 3333, active/CVE-2013-6378)
===================================================================
--- retired/CVE-2013-6378 (rev 0)
+++ retired/CVE-2013-6378 2014-04-29 15:02:58 UTC (rev 3334)
@@ -0,0 +1,11 @@
+Description: libertas: potential oops in debugfs
+References:
+Notes:
+ Only triggerable by root
+Bugs:
+upstream: released (3.13-rc1) [a497e47d4aec37aaf8f13509f3ef3d1f6a717d88]
+2.6.32-upstream-stable: pending
+sid: released (3.11.10-1)
+3.2-wheezy-security: released (3.2.53-1) [bugfix/all/libertas-potential-oops-in-debugfs.patch]
+2.6.32-squeeze-security: released (2.6.32-48squeeze5) [bugfix/all/CVE-2013-6378.patch]
+3.2-upstream-stable: released (3.2.54)
Property changes on: retired/CVE-2013-6378
___________________________________________________________________
Added: svn:mergeinfo
+
Copied: retired/CVE-2013-6381 (from rev 3333, active/CVE-2013-6381)
===================================================================
--- retired/CVE-2013-6381 (rev 0)
+++ retired/CVE-2013-6381 2014-04-29 15:02:58 UTC (rev 3334)
@@ -0,0 +1,10 @@
+Description: qeth: avoid buffer overflow in snmp ioctl
+References:
+Notes:
+Bugs:
+upstream: released (3.13-rc1) [6fb392b1a63ae36c31f62bc3fc8630b49d602b62]
+2.6.32-upstream-stable: pending
+sid: released (3.11.10-1) [bugfix/s390/qeth-avoid-buffer-overflow-in-snmp-ioctl.patch]
+3.2-wheezy-security: released (3.2.53-1) [bugfix/s390/qeth-avoid-buffer-overflow-in-snmp-ioctl.patch]
+2.6.32-squeeze-security: released (2.6.32-48squeeze5) [bugfix/all/CVE-2013-6381.patch]
+3.2-upstream-stable: released (3.2.54)
Property changes on: retired/CVE-2013-6381
___________________________________________________________________
Added: svn:mergeinfo
+
Copied: retired/CVE-2013-6382 (from rev 3333, active/CVE-2013-6382)
===================================================================
--- retired/CVE-2013-6382 (rev 0)
+++ retired/CVE-2013-6382 2014-04-29 15:02:58 UTC (rev 3334)
@@ -0,0 +1,11 @@
+Description: underflow bug in xfs_attrlist_by_handle()
+References:
+ http://patchwork.xfs.org/patch/6773/
+Notes:
+Bugs:
+upstream: released 3.13-rc3 [31978b5cc66b8ba8a7e8eef60b12395d41b7b890]
+2.6.32-upstream-stable: pending
+sid: released (3.11.10-1) [bugfix/all/xfs-underflow-bug-in-xfs_attrlist_by_handle.patch]
+3.2-wheezy-security: released (3.2.53-1) [bugfix/all/xfs-underflow-bug-in-xfs_attrlist_by_handle.patch]
+2.6.32-squeeze-security: released (2.6.32-48squeeze5) [bugfix/all/xfs-underflow-bug-in-xfs_attrlist_by_handle.patch]
+3.2-upstream-stable: released (3.2.54)
Property changes on: retired/CVE-2013-6382
___________________________________________________________________
Added: svn:mergeinfo
+
Copied: retired/CVE-2013-6383 (from rev 3333, active/CVE-2013-6383)
===================================================================
--- retired/CVE-2013-6383 (rev 0)
+++ retired/CVE-2013-6383 2014-04-29 15:02:58 UTC (rev 3334)
@@ -0,0 +1,10 @@
+Description: aacraid: missing capable() check in compat ioctl
+References:
+Notes:
+Bugs:
+upstream: released (3.13-rc1) [f856567b930dfcdbc3323261bf77240ccdde01f5]
+2.6.32-upstream-stable: pending
+sid: released (3.11.8-1)
+3.2-wheezy-security: released (3.2.53-1)
+2.6.32-squeeze-security: released (2.6.32-48squeeze5) [bugfix/all/CVE-2013-6383.patch]
+3.2-upstream-stable: released (3.2.53)
Property changes on: retired/CVE-2013-6383
___________________________________________________________________
Added: svn:mergeinfo
+
Copied: retired/CVE-2013-7263 (from rev 3333, active/CVE-2013-7263)
===================================================================
--- retired/CVE-2013-7263 (rev 0)
+++ retired/CVE-2013-7263 2014-04-29 15:02:58 UTC (rev 3334)
@@ -0,0 +1,11 @@
+Description: ipv4,ipv6: uninitialised memory leakage
+References:
+Notes:
+ jmm> Originally CVE-2013-6405, was split into CVE-2013-726[345] and CVE-2013-7281
+Bugs:
+upstream: released (3.13-rc2) [bceaa90240b6019ed73b49965eac7d167610be69, 85fbaa75037d0b6b786ff18658ddf0b4014ce2a4]
+2.6.32-upstream-stable: pending
+sid: released (3.12.4-1)
+3.2-wheezy-security: released (3.2.54-1) [linux_3.2.54.orig.tar.xz]
+2.6.32-squeeze-security: released (2.6.32-48squeeze5) [bugfix/all/CVE-2013-6405-1.patch, bugfix/all/CVE-2013-6405-2.patch]
+3.2-upstream-stable: released (3.2.54) [b38ecb9bbbb42b71833ff4439283f51120a35c1a, b38ecb9bbbb42b71833ff4439283f51120a35c1a]
Property changes on: retired/CVE-2013-7263
___________________________________________________________________
Added: svn:mergeinfo
+
Copied: retired/CVE-2013-7265 (from rev 3333, active/CVE-2013-7265)
===================================================================
--- retired/CVE-2013-7265 (rev 0)
+++ retired/CVE-2013-7265 2014-04-29 15:02:58 UTC (rev 3334)
@@ -0,0 +1,11 @@
+Description: phonet: uninitialised memory leakage
+References:
+Notes:
+ jmm> Originally CVE-2013-6405, was split into CVE-2013-726[345] and CVE-2013-7281
+Bugs:
+upstream: released (3.13-rc2) [bceaa90240b6019ed73b49965eac7d167610be69]
+2.6.32-upstream-stable: pending
+sid: released (3.12.4-1)
+3.2-wheezy-security: released (3.2.54-1) [linux_3.2.54.orig.tar.xz]
+2.6.32-squeeze-security: released (2.6.32-48squeeze5) [bugfix/all/CVE-2013-6405-1.patch]
+3.2-upstream-stable: released (3.2.54) [b38ecb9bbbb42b71833ff4439283f51120a35c1a]
Property changes on: retired/CVE-2013-7265
___________________________________________________________________
Added: svn:mergeinfo
+
Copied: retired/CVE-2013-7339 (from rev 3333, active/CVE-2013-7339)
===================================================================
--- retired/CVE-2013-7339 (rev 0)
+++ retired/CVE-2013-7339 2014-04-29 15:02:58 UTC (rev 3334)
@@ -0,0 +1,10 @@
+Description: rds: prevent dereference of a NULL device
+References:
+Notes:
+Bugs:
+upstream: released (3.13-rc4)
+2.6.32-upstream-stable: pending
+sid: released (3.13-1~exp1)
+3.2-wheezy-security: released (3.2.56-1)
+2.6.32-squeeze-security: released (2.6.32-48squeeze5) [bugfix/all/rds-prevent-dereference-of-a-NULL-device.patch]
+3.2-upstream-stable: released (3.2.55)
Property changes on: retired/CVE-2013-7339
___________________________________________________________________
Added: svn:mergeinfo
+
Copied: retired/CVE-2014-0101 (from rev 3333, active/CVE-2014-0101)
===================================================================
--- retired/CVE-2014-0101 (rev 0)
+++ retired/CVE-2014-0101 2014-04-29 15:02:58 UTC (rev 3334)
@@ -0,0 +1,11 @@
+Description: net: sctp: null pointer dereference when processing authenticated cookie_echo chunk
+References:
+ http://patchwork.ozlabs.org/patch/325898/
+Notes:
+Bugs:
+upstream: released (3.14-rc3) [ec0223ec48a90cb605244b45f7c62de856403729]
+2.6.32-upstream-stable: pending
+sid: released (3.13.6-1) [bugfix/all/net-sctp-fix-sctp_sf_do_5_1D_ce-to-verify-if-we-peer.patch]
+3.2-wheezy-security: released (3.2.56-1)
+2.6.32-squeeze-security: released (2.6.32-48squeeze5) [bugfix/all/net-sctp-fix-sctp_sf_do_5_1D_ce-to-verify-if-we-peer.patch]
+3.2-upstream-stable: released (3.2.56)
Property changes on: retired/CVE-2014-0101
___________________________________________________________________
Added: svn:mergeinfo
+
Copied: retired/CVE-2014-1444 (from rev 3333, active/CVE-2014-1444)
===================================================================
--- retired/CVE-2014-1444 (rev 0)
+++ retired/CVE-2014-1444 2014-04-29 15:02:58 UTC (rev 3334)
@@ -0,0 +1,10 @@
+Description: farsync: fix info leak in ioctl
+References:
+Notes:
+Bugs:
+upstream: released (3.13-rc1) [96b340406724d87e4621284ebac5e059d67b2194]
+2.6.32-upstream-stable: pending
+sid: released (3.12.6-1)
+3.2-wheezy-security: released (3.2.53)
+2.6.32-squeeze-security: released (2.6.32-48squeeze5) [bugfix/all/farsync-fix-info-leak-in-ioctl.patch]
+3.2-upstream-stable: released (3.2.51-1)
Property changes on: retired/CVE-2014-1444
___________________________________________________________________
Added: svn:mergeinfo
+
Copied: retired/CVE-2014-1445 (from rev 3333, active/CVE-2014-1445)
===================================================================
--- retired/CVE-2014-1445 (rev 0)
+++ retired/CVE-2014-1445 2014-04-29 15:02:58 UTC (rev 3334)
@@ -0,0 +1,10 @@
+Description: wanxl: fix info leak in ioctl
+References:
+Notes:
+Bugs:
+upstream: released (3.13-rc1) [2b13d06c9584b4eb773f1e80bbaedab9a1c344e1]
+2.6.32-upstream-stable: pending
+sid: released (3.12.6-1)
+3.2-wheezy-security: released (3.2.53)
+2.6.32-squeeze-security: released (2.6.32-48squeeze5) [bugfix/all/wanxl-fix-info-leak-in-ioctl.patch]
+3.2-upstream-stable: released (3.2.51-1)
Property changes on: retired/CVE-2014-1445
___________________________________________________________________
Added: svn:mergeinfo
+
More information about the kernel-sec-discuss
mailing list