[kernel-sec-discuss] r3387 - active retired

Moritz Muehlenhoff jmm at moszumanska.debian.org
Wed Jun 11 13:13:47 UTC 2014 

Author: jmm
Date: 2014-06-11 13:13:47 +0000 (Wed, 11 Jun 2014)
New Revision: 3387

Added:
   retired/CVE-2014-2851
Removed:
   active/CVE-2014-2851
Log:
retire


Deleted: active/CVE-2014-2851
===================================================================
--- active/CVE-2014-2851	2014-06-11 13:13:30 UTC (rev 3386)
+++ active/CVE-2014-2851	2014-06-11 13:13:47 UTC (rev 3387)
@@ -1,14 +0,0 @@
-Description: memory leak in ping
-References:
- https://lkml.org/lkml/2014/4/10/736
-Notes:
- raphael: Appears to have been introduced with the support for IPPROTO_ICMP in 3.0-rc1
- bwh> Bug is in permission checks for creating ping sockets, so is exploitable
- bwh> even though the default permissions prevent them being created.
-Bugs:
-upstream: released (3.15-rc2) [b04c46190219a4f845e46a459e3102137b7f6cac]
-2.6.32-upstream-stable: N/A "Vulnerable code not present"
-sid: released (3.14.4-1) [bugfix/all/net-ipv4-current-group_info-should-be-put-after-usin.patch]
-3.2-wheezy-security: released (3.2.57-3+deb7u1) [bugfix/all/net-ipv4-current-group_info-should-be-put-after-usin.patch]
-2.6.32-squeeze-security: N/A "Vulnerable code not present"
-3.2-upstream-stable: released (3.2.60)

Copied: retired/CVE-2014-2851 (from rev 3386, active/CVE-2014-2851)
===================================================================
--- retired/CVE-2014-2851	                        (rev 0)
+++ retired/CVE-2014-2851	2014-06-11 13:13:47 UTC (rev 3387)
@@ -0,0 +1,14 @@
+Description: memory leak in ping
+References:
+ https://lkml.org/lkml/2014/4/10/736
+Notes:
+ raphael: Appears to have been introduced with the support for IPPROTO_ICMP in 3.0-rc1
+ bwh> Bug is in permission checks for creating ping sockets, so is exploitable
+ bwh> even though the default permissions prevent them being created.
+Bugs:
+upstream: released (3.15-rc2) [b04c46190219a4f845e46a459e3102137b7f6cac]
+2.6.32-upstream-stable: N/A "Vulnerable code not present"
+sid: released (3.14.4-1) [bugfix/all/net-ipv4-current-group_info-should-be-put-after-usin.patch]
+3.2-wheezy-security: released (3.2.57-3+deb7u1) [bugfix/all/net-ipv4-current-group_info-should-be-put-after-usin.patch]
+2.6.32-squeeze-security: N/A "Vulnerable code not present"
+3.2-upstream-stable: released (3.2.60)


Property changes on: retired/CVE-2014-2851
___________________________________________________________________
Added: svn:mergeinfo
   +

More information about the kernel-sec-discuss mailing list