[kernel-sec-discuss] r3201 - active retired

Moritz Muehlenhoff jmm at moszumanska.debian.org
Fri Jan 3 09:33:06 UTC 2014 

Author: jmm
Date: 2014-01-03 09:32:03 +0000 (Fri, 03 Jan 2014)
New Revision: 3201

Added:
   retired/CVE-2013-2897
   retired/CVE-2013-6376
Removed:
   active/CVE-2013-2897
   active/CVE-2013-6376
Log:
retire


Deleted: active/CVE-2013-2897
===================================================================
--- active/CVE-2013-2897	2014-01-03 09:29:28 UTC (rev 3200)
+++ active/CVE-2013-2897	2014-01-03 09:32:03 UTC (rev 3201)
@@ -1,12 +0,0 @@
-Description: HID multitouch heap overwrite / NULL deref
-References:
- http://marc.info/?l=linux-input&m=137772190214635&w=1
-Notes:
- bwh> First patch is in 3.2.52, second is not in 3.2.y yet
-Bugs:
-upstream: released (3.12-rc2) [cc6b54aa54bf40b762cab45a9fc8aa81653146eb, 8821f5dc187bdf16cfb32ef5aa8c3035273fa79a]
-2.6.32-upstream-stable: N/A "Introduced in 2.6.38 with 5519cab477b61326963c8d523520db0342862b63"
-sid: released (3.11.5-1)
-3.2-wheezy-security: released (3.2.53-1) [bugfix/all/HID-multitouch-validate-indexes-details.patch]
-2.6.32-squeeze-security: N/A "Introduced in 2.6.38 with 5519cab477b61326963c8d523520db0342862b63"
-3.2-upstream-stable: released (3.2.54)

Deleted: active/CVE-2013-6376
===================================================================
--- active/CVE-2013-6376	2014-01-03 09:29:28 UTC (rev 3200)
+++ active/CVE-2013-6376	2014-01-03 09:32:03 UTC (rev 3201)
@@ -1,15 +0,0 @@
-Description: kvm: BUG_ON() in apic_cluster_id()
-References:
- http://seclists.org/oss-sec/2013/q4/494
-Notes:
- bwh> This appears to have been introduced in 3.7 by commit 1e08ec4a130e
- bwh> ('KVM: optimize apic interrupt delivery') but I can't tell for sure
- bwh> without a reproducer.
- jmm> ^ confirmed by Google engineer who discovered the bug
-Bugs:
-upstream: released (3.13-rc4) [17d68b763f09a9ce824ae23eb62c9efc57b69271]
-2.6.32-upstream-stable: N/A "Introduced in 3.7 by commit 1e08ec4a130e"
-sid: released (3.12.6-1)
-3.2-wheezy-security: N/A "Introduced in 3.7 by commit 1e08ec4a130e"
-2.6.32-squeeze-security: N/A "Introduced in 3.7 by commit 1e08ec4a130e"
-3.2-upstream-stable: N/A "Introduced in 3.7 by commit 1e08ec4a130e"

Copied: retired/CVE-2013-2897 (from rev 3200, active/CVE-2013-2897)
===================================================================
--- retired/CVE-2013-2897	                        (rev 0)
+++ retired/CVE-2013-2897	2014-01-03 09:32:03 UTC (rev 3201)
@@ -0,0 +1,12 @@
+Description: HID multitouch heap overwrite / NULL deref
+References:
+ http://marc.info/?l=linux-input&m=137772190214635&w=1
+Notes:
+ bwh> First patch is in 3.2.52, second is not in 3.2.y yet
+Bugs:
+upstream: released (3.12-rc2) [cc6b54aa54bf40b762cab45a9fc8aa81653146eb, 8821f5dc187bdf16cfb32ef5aa8c3035273fa79a]
+2.6.32-upstream-stable: N/A "Introduced in 2.6.38 with 5519cab477b61326963c8d523520db0342862b63"
+sid: released (3.11.5-1)
+3.2-wheezy-security: released (3.2.53-1) [bugfix/all/HID-multitouch-validate-indexes-details.patch]
+2.6.32-squeeze-security: N/A "Introduced in 2.6.38 with 5519cab477b61326963c8d523520db0342862b63"
+3.2-upstream-stable: released (3.2.54)


Property changes on: retired/CVE-2013-2897
___________________________________________________________________
Added: svn:mergeinfo
   + 

Copied: retired/CVE-2013-6376 (from rev 3199, active/CVE-2013-6376)
===================================================================
--- retired/CVE-2013-6376	                        (rev 0)
+++ retired/CVE-2013-6376	2014-01-03 09:32:03 UTC (rev 3201)
@@ -0,0 +1,15 @@
+Description: kvm: BUG_ON() in apic_cluster_id()
+References:
+ http://seclists.org/oss-sec/2013/q4/494
+Notes:
+ bwh> This appears to have been introduced in 3.7 by commit 1e08ec4a130e
+ bwh> ('KVM: optimize apic interrupt delivery') but I can't tell for sure
+ bwh> without a reproducer.
+ jmm> ^ confirmed by Google engineer who discovered the bug
+Bugs:
+upstream: released (3.13-rc4) [17d68b763f09a9ce824ae23eb62c9efc57b69271]
+2.6.32-upstream-stable: N/A "Introduced in 3.7 by commit 1e08ec4a130e"
+sid: released (3.12.6-1)
+3.2-wheezy-security: N/A "Introduced in 3.7 by commit 1e08ec4a130e"
+2.6.32-squeeze-security: N/A "Introduced in 3.7 by commit 1e08ec4a130e"
+3.2-upstream-stable: N/A "Introduced in 3.7 by commit 1e08ec4a130e"


Property changes on: retired/CVE-2013-6376
___________________________________________________________________
Added: svn:mergeinfo
   +

More information about the kernel-sec-discuss mailing list