[kernel-sec-discuss] r3372 - active

Ben Hutchings benh at moszumanska.debian.org
Wed Jun 4 21:18:26 UTC 2014


Author: benh
Date: 2014-06-04 21:18:26 +0000 (Wed, 04 Jun 2014)
New Revision: 3372

Modified:
   active/CVE-2014-3145
Log:
CVE-2014-3145 was only half-fixed in 3.14.4-1

Modified: active/CVE-2014-3145
===================================================================
--- active/CVE-2014-3145	2014-06-04 14:34:05 UTC (rev 3371)
+++ active/CVE-2014-3145	2014-06-04 21:18:26 UTC (rev 3372)
@@ -2,10 +2,13 @@
 References:
  http://www.openwall.com/lists/oss-security/2014/05/09/5
 Notes:
+ Thought to be fixed in 3.14.4-1 by patch
+ bugfix/all/filter-prevent-nla-extensions-to-peek-beyond-the-end.patch,
+ but two hunks are applied in the same place so the bug is only half-fixed.
 Bugs:
 upstream: released (v3.15-rc2) [05ab8f2647e4221cbdb3856dd7d32bd5407316b3]
 2.6.32-upstream-stable: needed
-sid: released (3.14.4-1) [bugfix/all/filter-prevent-nla-extensions-to-peek-beyond-the-end.patch]
+sid: pending (3.14.5-1)
 3.2-wheezy-security: needed
 2.6.32-squeeze-security: needed
 3.2-upstream-stable: needed




More information about the kernel-sec-discuss mailing list