[kernel-sec-discuss] r3375 - active

Ben Hutchings benh at moszumanska.debian.org
Thu Jun 5 12:51:35 UTC 2014


Author: benh
Date: 2014-06-05 12:51:35 +0000 (Thu, 05 Jun 2014)
New Revision: 3375

Modified:
   active/CVE-2014-3144
   active/CVE-2014-3145
Log:
CVE-2014-3145 is fixed in 3.14.4-1 whereas the related CVE-2014-3144 is not

Modified: active/CVE-2014-3144
===================================================================
--- active/CVE-2014-3144	2014-06-05 07:55:14 UTC (rev 3374)
+++ active/CVE-2014-3144	2014-06-05 12:51:35 UTC (rev 3375)
@@ -2,10 +2,13 @@
 References:
  http://www.openwall.com/lists/oss-security/2014/05/09/5
 Notes:
+ Thought to be fixed in 3.14.4-1 by patch
+ bugfix/all/filter-prevent-nla-extensions-to-peek-beyond-the-end.patch,
+ but two hunks are applied in the same place so the bug is only half-fixed.
 Bugs:
 upstream: released (v3.15-rc2) [05ab8f2647e4221cbdb3856dd7d32bd5407316b3]
 2.6.32-upstream-stable: needed
-sid: released (3.14.4-1) [bugfix/all/filter-prevent-nla-extensions-to-peek-beyond-the-end.patch]
+sid: pending (3.14.5-1)
 3.2-wheezy-security: needed
 2.6.32-squeeze-security: needed
 3.2-upstream-stable: needed

Modified: active/CVE-2014-3145
===================================================================
--- active/CVE-2014-3145	2014-06-05 07:55:14 UTC (rev 3374)
+++ active/CVE-2014-3145	2014-06-05 12:51:35 UTC (rev 3375)
@@ -2,13 +2,10 @@
 References:
  http://www.openwall.com/lists/oss-security/2014/05/09/5
 Notes:
- Thought to be fixed in 3.14.4-1 by patch
- bugfix/all/filter-prevent-nla-extensions-to-peek-beyond-the-end.patch,
- but two hunks are applied in the same place so the bug is only half-fixed.
 Bugs:
 upstream: released (v3.15-rc2) [05ab8f2647e4221cbdb3856dd7d32bd5407316b3]
 2.6.32-upstream-stable: needed
-sid: pending (3.14.5-1)
+sid: released (3.14.4-1) [bugfix/all/filter-prevent-nla-extensions-to-peek-beyond-the-end.patch]
 3.2-wheezy-security: needed
 2.6.32-squeeze-security: needed
 3.2-upstream-stable: needed




More information about the kernel-sec-discuss mailing list