[kernel-sec-discuss] r3593 - active retired
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Fri Dec 5 16:12:58 UTC 2014
Author: jmm
Date: 2014-12-05 16:12:58 +0000 (Fri, 05 Dec 2014)
New Revision: 3593
Added:
retired/CVE-2010-5313
retired/CVE-2014-3183
retired/CVE-2014-3535
retired/CVE-2014-3610
retired/CVE-2014-3611
retired/CVE-2014-3645
retired/CVE-2014-3647
retired/CVE-2014-3690
retired/CVE-2014-7842
Removed:
active/CVE-2010-5313
active/CVE-2014-3183
active/CVE-2014-3535
active/CVE-2014-3610
active/CVE-2014-3611
active/CVE-2014-3645
active/CVE-2014-3647
active/CVE-2014-3690
active/CVE-2014-7842
Log:
retire
Deleted: active/CVE-2010-5313
===================================================================
--- active/CVE-2010-5313 2014-12-05 15:55:08 UTC (rev 3592)
+++ active/CVE-2010-5313 2014-12-05 16:12:58 UTC (rev 3593)
@@ -1,13 +0,0 @@
-Description: kvm: reporting emulation failures to userspace
-References:
- https://bugzilla.redhat.com/show_bug.cgi?id=1163762
-Notes:
- relaed to CVE-2014-7842
-Bugs:
-upstream: released (2.6.38) [fc3a9157d3148ab91039c75423da8ef97be3e105]
-2.6.32-upstream-stable: ignored
-sid: released (2.6.38-1)
-3.2-wheezy-security: N/A
-2.6.32-squeeze-security: ignored "KVM not supported in squeeze LTS"
-3.16-upstream-stable: released (3.16.7-ckt2)
-3.2-upstream-stable: N/A
Deleted: active/CVE-2014-3183
===================================================================
--- active/CVE-2014-3183 2014-12-05 15:55:08 UTC (rev 3592)
+++ active/CVE-2014-3183 2014-12-05 16:12:58 UTC (rev 3593)
@@ -1,12 +0,0 @@
-Description:
-References:
- https://code.google.com/p/google-security-research/issues/detail?id=90
-Notes:
-Bugs:
-upstream: released (3.17-rc2) [6817ae225cd650fb1c3295d769298c38b1eba818]
-2.6.32-upstream-stable: N/A "Vulnerable code not present"
-sid: released (3.16.2-2)
-3.2-wheezy-security: released (3.2.63-1)
-2.6.32-squeeze-security: N/A "Vulnerable code not present"
-3.16-upstream-stable: released (3.16.2)
-3.2-upstream-stable: released (3.2.63)
Deleted: active/CVE-2014-3535
===================================================================
--- active/CVE-2014-3535 2014-12-05 15:55:08 UTC (rev 3592)
+++ active/CVE-2014-3535 2014-12-05 16:12:58 UTC (rev 3593)
@@ -1,11 +0,0 @@
-Description: NULL deref in logging VxLAN packets
-References:
-Notes:
-Bugs:
-upstream: released (2.6.36) [256df2f3879efdb2e9808bdb1b54b16fbb11fa38]
-2.6.32-upstream-stable: N/A "Introduced in 2.6.34 with b3d95c5c93d4b57eaea0ad3f582b08a6b5fb3eb1"
-sid: released (2.6.36-1)
-3.2-wheezy-security: N/A
-3.16-upstream-stable: N/A
-2.6.32-squeeze-security: N/A "Introduced in 2.6.34 with b3d95c5c93d4b57eaea0ad3f582b08a6b5fb3eb1"
-3.2-upstream-stable: N/A
Deleted: active/CVE-2014-3610
===================================================================
--- active/CVE-2014-3610 2014-12-05 15:55:08 UTC (rev 3592)
+++ active/CVE-2014-3610 2014-12-05 16:12:58 UTC (rev 3593)
@@ -1,11 +0,0 @@
-Description:
-References:
-Notes:
-Bugs:
-upstream: released (3.18-rc2) [854e8bb1aa06c578c2c9145fa6bfe3680ef63b23, 8b3c3104c3f4f706e99365c3e0d2aa61b95f969f]
-2.6.32-upstream-stable: ignored
-sid: released (3.16.7-1) [bugfix/x86/KVM-x86-Check-non-canonical-addresses-upon-WRMSR.patch, bugfix/x86/KVM-x86-Prevent-host-from-panicking-on-shared-MSR-wr.patch]
-3.2-wheezy-security: released (3.2.63-2+deb7u1) [bugfix/x86/KVM-x86-Check-non-canonical-addresses-upon-WRMSR.patch]
-2.6.32-squeeze-security: ignored "KVM not supported in squeeze LTS"
-3.16-upstream-stable: released (3.16.7-ckt1)
-3.2-upstream-stable: released (3.2.64)
Deleted: active/CVE-2014-3611
===================================================================
--- active/CVE-2014-3611 2014-12-05 15:55:08 UTC (rev 3592)
+++ active/CVE-2014-3611 2014-12-05 16:12:58 UTC (rev 3593)
@@ -1,11 +0,0 @@
-Description:
-References:
-Notes:
-Bugs:
-upstream: released (3.18-rc2) [2febc839133280d5a5e8e1179c94ea674489dae2]
-2.6.32-upstream-stable: ignored
-sid: released (3.16.7-1) [bugfix/x86/KVM-x86-Improve-thread-safety-in-pit.patch]
-3.2-wheezy-security: released (3.2.63-2+deb7u1) [bugfix/x86/KVM-x86-Improve-thread-safety-in-pit.patch]
-2.6.32-squeeze-security: ignored "KVM not supported in squeeze LTS"
-3.16-upstream-stable: released (3.16.7-ckt1)
-3.2-upstream-stable: released (3.2.64)
Deleted: active/CVE-2014-3645
===================================================================
--- active/CVE-2014-3645 2014-12-05 15:55:08 UTC (rev 3592)
+++ active/CVE-2014-3645 2014-12-05 16:12:58 UTC (rev 3593)
@@ -1,11 +0,0 @@
-Description:
-References:
-Notes:
-Bugs:
-upstream: released (3.12) [bfd0a56b90005f8c8a004baf407ad90045c2b11e]
-2.6.32-upstream-stable: ignored
-sid: released (3.12-1)
-3.2-wheezy-security: released (3.2.63-2+deb7u1) [bugfix/x86/nEPT-Nested-INVEPT.patch]
-2.6.32-squeeze-security: ignored "KVM not supported in squeeze LTS"
-3.16-upstream-stable: N/A
-3.2-upstream-stable: released (3.2.64)
Deleted: active/CVE-2014-3647
===================================================================
--- active/CVE-2014-3647 2014-12-05 15:55:08 UTC (rev 3592)
+++ active/CVE-2014-3647 2014-12-05 16:12:58 UTC (rev 3593)
@@ -1,11 +0,0 @@
-Description:
-References:
-Notes:
-Bugs:
-upstream: released (3.18-rc2) [234f3ce485d54017f15cf5e0699cff4100121601, d1442d85cc30ea75f7d399474ca738e0bc96f715]
-2.6.32-upstream-stable: ignored
-sid: released (3.16.7-1) [bugfix/x86/KVM-x86-Fix-wrong-masking-on-relative-jump-call.patch, bugfix/x86/KVM-x86-Emulator-fixes-for-eip-canonical-checks-on-n.patch, bugfix/x86/KVM-x86-Handle-errors-when-RIP-is-set-during-far-jum.patch]
-3.2-wheezy-security: released (3.2.63-2+deb7u1) [bugfix/x86/KVM-x86-emulator-Use-opcode-execute-for-CALL.patch, bugfix/x86/KVM-x86-Fix-wrong-masking-on-relative-jump-call.patch, bugfix/x86/KVM-x86-Emulator-fixes-for-eip-canonical-checks-on-n.patch, bugfix/x86/KVM-x86-use-new-CS.RPL-as-CPL-during-task-switch.patch, bugfix/x86/KVM-x86-Handle-errors-when-RIP-is-set-during-far-jum.patch]
-2.6.32-squeeze-security: ignored "KVM not supported in squeeze LTS"
-3.16-upstream-stable: released (3.16.7-ckt1)
-3.2-upstream-stable: released (3.2.64)
Deleted: active/CVE-2014-3690
===================================================================
--- active/CVE-2014-3690 2014-12-05 15:55:08 UTC (rev 3592)
+++ active/CVE-2014-3690 2014-12-05 16:12:58 UTC (rev 3593)
@@ -1,12 +0,0 @@
-Description: [kvm DoS]
-References:
- http://seclists.org/oss-sec/2014/q4/416
-Notes:
-Bugs:
-upstream: released (3.18-rc1) [d974baa398f34393db76be45f7d4d04fbdbb4a0a]
-2.6.32-upstream-stable: ignored
-sid: released (3.16.7-1)
-3.2-wheezy-security: released (3.2.63-2+deb7u1) [bugfix/x86/x86-kvm-vmx-Preserve-CR4-across-VM-entry.patch]
-2.6.32-squeeze-security: ignored "KVM not supported in squeeze LTS"
-3.16-upstream-stable: released (3.16.7)
-3.2-upstream-stable: released (3.2.64)
Deleted: active/CVE-2014-7842
===================================================================
--- active/CVE-2014-7842 2014-12-05 15:55:08 UTC (rev 3592)
+++ active/CVE-2014-7842 2014-12-05 16:12:58 UTC (rev 3593)
@@ -1,13 +0,0 @@
-Description: kvm: reporting emulation failures to userspace
-References:
- https://bugzilla.redhat.com/show_bug.cgi?id=1163762
-Notes:
- related to CVE-2010-5313
-Bugs:
-upstream: released (3.18-rc1) [a2b9e6c1a35afcc0973acb72e591c714e78885ff]
-2.6.32-upstream-stable: ignored
-sid: needed
-3.2-wheezy-security:
-2.6.32-squeeze-security: ignored "KVM not supported in squeeze LTS"
-3.16-upstream-stable: released (3.16.7-ckt2)
-3.2-upstream-stable:
Copied: retired/CVE-2010-5313 (from rev 3592, active/CVE-2010-5313)
===================================================================
--- retired/CVE-2010-5313 (rev 0)
+++ retired/CVE-2010-5313 2014-12-05 16:12:58 UTC (rev 3593)
@@ -0,0 +1,13 @@
+Description: kvm: reporting emulation failures to userspace
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=1163762
+Notes:
+ relaed to CVE-2014-7842
+Bugs:
+upstream: released (2.6.38) [fc3a9157d3148ab91039c75423da8ef97be3e105]
+2.6.32-upstream-stable: ignored
+sid: released (2.6.38-1)
+3.2-wheezy-security: N/A
+2.6.32-squeeze-security: ignored "KVM not supported in squeeze LTS"
+3.16-upstream-stable: released (3.16.7-ckt2)
+3.2-upstream-stable: N/A
Property changes on: retired/CVE-2010-5313
___________________________________________________________________
Added: svn:mergeinfo
+
Copied: retired/CVE-2014-3183 (from rev 3592, active/CVE-2014-3183)
===================================================================
--- retired/CVE-2014-3183 (rev 0)
+++ retired/CVE-2014-3183 2014-12-05 16:12:58 UTC (rev 3593)
@@ -0,0 +1,12 @@
+Description:
+References:
+ https://code.google.com/p/google-security-research/issues/detail?id=90
+Notes:
+Bugs:
+upstream: released (3.17-rc2) [6817ae225cd650fb1c3295d769298c38b1eba818]
+2.6.32-upstream-stable: N/A "Vulnerable code not present"
+sid: released (3.16.2-2)
+3.2-wheezy-security: released (3.2.63-1)
+2.6.32-squeeze-security: N/A "Vulnerable code not present"
+3.16-upstream-stable: released (3.16.2)
+3.2-upstream-stable: released (3.2.63)
Property changes on: retired/CVE-2014-3183
___________________________________________________________________
Added: svn:mergeinfo
+
Copied: retired/CVE-2014-3535 (from rev 3592, active/CVE-2014-3535)
===================================================================
--- retired/CVE-2014-3535 (rev 0)
+++ retired/CVE-2014-3535 2014-12-05 16:12:58 UTC (rev 3593)
@@ -0,0 +1,11 @@
+Description: NULL deref in logging VxLAN packets
+References:
+Notes:
+Bugs:
+upstream: released (2.6.36) [256df2f3879efdb2e9808bdb1b54b16fbb11fa38]
+2.6.32-upstream-stable: N/A "Introduced in 2.6.34 with b3d95c5c93d4b57eaea0ad3f582b08a6b5fb3eb1"
+sid: released (2.6.36-1)
+3.2-wheezy-security: N/A
+3.16-upstream-stable: N/A
+2.6.32-squeeze-security: N/A "Introduced in 2.6.34 with b3d95c5c93d4b57eaea0ad3f582b08a6b5fb3eb1"
+3.2-upstream-stable: N/A
Property changes on: retired/CVE-2014-3535
___________________________________________________________________
Added: svn:mergeinfo
+
Copied: retired/CVE-2014-3610 (from rev 3592, active/CVE-2014-3610)
===================================================================
--- retired/CVE-2014-3610 (rev 0)
+++ retired/CVE-2014-3610 2014-12-05 16:12:58 UTC (rev 3593)
@@ -0,0 +1,11 @@
+Description:
+References:
+Notes:
+Bugs:
+upstream: released (3.18-rc2) [854e8bb1aa06c578c2c9145fa6bfe3680ef63b23, 8b3c3104c3f4f706e99365c3e0d2aa61b95f969f]
+2.6.32-upstream-stable: ignored
+sid: released (3.16.7-1) [bugfix/x86/KVM-x86-Check-non-canonical-addresses-upon-WRMSR.patch, bugfix/x86/KVM-x86-Prevent-host-from-panicking-on-shared-MSR-wr.patch]
+3.2-wheezy-security: released (3.2.63-2+deb7u1) [bugfix/x86/KVM-x86-Check-non-canonical-addresses-upon-WRMSR.patch]
+2.6.32-squeeze-security: ignored "KVM not supported in squeeze LTS"
+3.16-upstream-stable: released (3.16.7-ckt1)
+3.2-upstream-stable: released (3.2.64)
Property changes on: retired/CVE-2014-3610
___________________________________________________________________
Added: svn:mergeinfo
+
Copied: retired/CVE-2014-3611 (from rev 3592, active/CVE-2014-3611)
===================================================================
--- retired/CVE-2014-3611 (rev 0)
+++ retired/CVE-2014-3611 2014-12-05 16:12:58 UTC (rev 3593)
@@ -0,0 +1,11 @@
+Description:
+References:
+Notes:
+Bugs:
+upstream: released (3.18-rc2) [2febc839133280d5a5e8e1179c94ea674489dae2]
+2.6.32-upstream-stable: ignored
+sid: released (3.16.7-1) [bugfix/x86/KVM-x86-Improve-thread-safety-in-pit.patch]
+3.2-wheezy-security: released (3.2.63-2+deb7u1) [bugfix/x86/KVM-x86-Improve-thread-safety-in-pit.patch]
+2.6.32-squeeze-security: ignored "KVM not supported in squeeze LTS"
+3.16-upstream-stable: released (3.16.7-ckt1)
+3.2-upstream-stable: released (3.2.64)
Property changes on: retired/CVE-2014-3611
___________________________________________________________________
Added: svn:mergeinfo
+
Copied: retired/CVE-2014-3645 (from rev 3592, active/CVE-2014-3645)
===================================================================
--- retired/CVE-2014-3645 (rev 0)
+++ retired/CVE-2014-3645 2014-12-05 16:12:58 UTC (rev 3593)
@@ -0,0 +1,11 @@
+Description:
+References:
+Notes:
+Bugs:
+upstream: released (3.12) [bfd0a56b90005f8c8a004baf407ad90045c2b11e]
+2.6.32-upstream-stable: ignored
+sid: released (3.12-1)
+3.2-wheezy-security: released (3.2.63-2+deb7u1) [bugfix/x86/nEPT-Nested-INVEPT.patch]
+2.6.32-squeeze-security: ignored "KVM not supported in squeeze LTS"
+3.16-upstream-stable: N/A
+3.2-upstream-stable: released (3.2.64)
Property changes on: retired/CVE-2014-3645
___________________________________________________________________
Added: svn:mergeinfo
+
Copied: retired/CVE-2014-3647 (from rev 3592, active/CVE-2014-3647)
===================================================================
--- retired/CVE-2014-3647 (rev 0)
+++ retired/CVE-2014-3647 2014-12-05 16:12:58 UTC (rev 3593)
@@ -0,0 +1,11 @@
+Description:
+References:
+Notes:
+Bugs:
+upstream: released (3.18-rc2) [234f3ce485d54017f15cf5e0699cff4100121601, d1442d85cc30ea75f7d399474ca738e0bc96f715]
+2.6.32-upstream-stable: ignored
+sid: released (3.16.7-1) [bugfix/x86/KVM-x86-Fix-wrong-masking-on-relative-jump-call.patch, bugfix/x86/KVM-x86-Emulator-fixes-for-eip-canonical-checks-on-n.patch, bugfix/x86/KVM-x86-Handle-errors-when-RIP-is-set-during-far-jum.patch]
+3.2-wheezy-security: released (3.2.63-2+deb7u1) [bugfix/x86/KVM-x86-emulator-Use-opcode-execute-for-CALL.patch, bugfix/x86/KVM-x86-Fix-wrong-masking-on-relative-jump-call.patch, bugfix/x86/KVM-x86-Emulator-fixes-for-eip-canonical-checks-on-n.patch, bugfix/x86/KVM-x86-use-new-CS.RPL-as-CPL-during-task-switch.patch, bugfix/x86/KVM-x86-Handle-errors-when-RIP-is-set-during-far-jum.patch]
+2.6.32-squeeze-security: ignored "KVM not supported in squeeze LTS"
+3.16-upstream-stable: released (3.16.7-ckt1)
+3.2-upstream-stable: released (3.2.64)
Property changes on: retired/CVE-2014-3647
___________________________________________________________________
Added: svn:mergeinfo
+
Copied: retired/CVE-2014-3690 (from rev 3592, active/CVE-2014-3690)
===================================================================
--- retired/CVE-2014-3690 (rev 0)
+++ retired/CVE-2014-3690 2014-12-05 16:12:58 UTC (rev 3593)
@@ -0,0 +1,12 @@
+Description: [kvm DoS]
+References:
+ http://seclists.org/oss-sec/2014/q4/416
+Notes:
+Bugs:
+upstream: released (3.18-rc1) [d974baa398f34393db76be45f7d4d04fbdbb4a0a]
+2.6.32-upstream-stable: ignored
+sid: released (3.16.7-1)
+3.2-wheezy-security: released (3.2.63-2+deb7u1) [bugfix/x86/x86-kvm-vmx-Preserve-CR4-across-VM-entry.patch]
+2.6.32-squeeze-security: ignored "KVM not supported in squeeze LTS"
+3.16-upstream-stable: released (3.16.7)
+3.2-upstream-stable: released (3.2.64)
Property changes on: retired/CVE-2014-3690
___________________________________________________________________
Added: svn:mergeinfo
+
Copied: retired/CVE-2014-7842 (from rev 3592, active/CVE-2014-7842)
===================================================================
--- retired/CVE-2014-7842 (rev 0)
+++ retired/CVE-2014-7842 2014-12-05 16:12:58 UTC (rev 3593)
@@ -0,0 +1,13 @@
+Description: kvm: reporting emulation failures to userspace
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=1163762
+Notes:
+ related to CVE-2010-5313
+Bugs:
+upstream: released (3.18-rc1) [a2b9e6c1a35afcc0973acb72e591c714e78885ff]
+2.6.32-upstream-stable: ignored
+sid: needed
+3.2-wheezy-security:
+2.6.32-squeeze-security: ignored "KVM not supported in squeeze LTS"
+3.16-upstream-stable: released (3.16.7-ckt2)
+3.2-upstream-stable:
Property changes on: retired/CVE-2014-7842
___________________________________________________________________
Added: svn:mergeinfo
+
More information about the kernel-sec-discuss
mailing list