[kernel-sec-discuss] r3281 - active retired

Ben Hutchings benh at moszumanska.debian.org
Mon Mar 31 22:20:34 UTC 2014


Author: benh
Date: 2014-03-31 22:19:30 +0000 (Mon, 31 Mar 2014)
New Revision: 3281

Modified:
   active/CVE-2013-7263
   active/CVE-2013-7264
   active/CVE-2013-7265
   retired/CVE-2013-7281
Log:
Fix descriptions of the various pieces of CVE-2013-6405

Update the one-line description to include which families the CVE refers to.
Fix typo in the list of CVE IDs.
Mark CVE-2013-7264 as not affecting squeeze.
Update list of patches for squeeze.


Modified: active/CVE-2013-7263
===================================================================
--- active/CVE-2013-7263	2014-03-31 21:46:42 UTC (rev 3280)
+++ active/CVE-2013-7263	2014-03-31 22:19:30 UTC (rev 3281)
@@ -1,11 +1,11 @@
-Description: net: uninitialised memory leakage
+Description: ipv4,ipv6: uninitialised memory leakage
 References:
 Notes:
- jmm> Originally CVE-2013-6405, was split into CVE-2013-736[345] and CVE-2013-7281
+ jmm> Originally CVE-2013-6405, was split into CVE-2013-726[345] and CVE-2013-7281
 Bugs:
 upstream: released (3.13-rc2) [bceaa90240b6019ed73b49965eac7d167610be69, 85fbaa75037d0b6b786ff18658ddf0b4014ce2a4]
 2.6.32-upstream-stable:
 sid: released (3.12.4-1)
 3.2-wheezy-security: released (3.2.54-1) [linux_3.2.54.orig.tar.xz]
-2.6.32-squeeze-security: pending (2.6.32-48squeeze5)
+2.6.32-squeeze-security: pending (2.6.32-48squeeze5) [bugfix/all/CVE-2013-6405-1.patch, bugfix/all/CVE-2013-6405-2.patch]
 3.2-upstream-stable: released (3.2.54) [b38ecb9bbbb42b71833ff4439283f51120a35c1a, b38ecb9bbbb42b71833ff4439283f51120a35c1a]

Modified: active/CVE-2013-7264
===================================================================
--- active/CVE-2013-7264	2014-03-31 21:46:42 UTC (rev 3280)
+++ active/CVE-2013-7264	2014-03-31 22:19:30 UTC (rev 3281)
@@ -1,11 +1,11 @@
-Description: net: uninitialised memory leakage
+Description: l2tp: uninitialised memory leakage
 References:
 Notes:
- jmm> Originally CVE-2013-6405, was split into CVE-2013-736[345] and CVE-2013-7281
+ jmm> Originally CVE-2013-6405, was split into CVE-2013-726[345] and CVE-2013-7281
 Bugs:
 upstream: released (3.13-rc2) [bceaa90240b6019ed73b49965eac7d167610be69, 85fbaa75037d0b6b786ff18658ddf0b4014ce2a4]
-2.6.32-upstream-stable:
+2.6.32-upstream-stable: N/A "vulnerable code introduced in 2.6.35"
 sid: released (3.12.4-1)
 3.2-wheezy-security: released (3.2.54-1) [linux_3.2.54.orig.tar.xz]
-2.6.32-squeeze-security: pending (2.6.32-48squeeze5)
+2.6.32-squeeze-security: N/A "vulnerable code introduced in 2.6.35"
 3.2-upstream-stable: released (3.2.54) [b38ecb9bbbb42b71833ff4439283f51120a35c1a, b38ecb9bbbb42b71833ff4439283f51120a35c1a]

Modified: active/CVE-2013-7265
===================================================================
--- active/CVE-2013-7265	2014-03-31 21:46:42 UTC (rev 3280)
+++ active/CVE-2013-7265	2014-03-31 22:19:30 UTC (rev 3281)
@@ -1,11 +1,11 @@
-Description: net: uninitialised memory leakage
+Description: phonet: uninitialised memory leakage
 References:
 Notes:
- jmm> Originally CVE-2013-6405, was split into CVE-2013-736[345] and CVE-2013-7281
+ jmm> Originally CVE-2013-6405, was split into CVE-2013-726[345] and CVE-2013-7281
 Bugs:
-upstream: released (3.13-rc2) [bceaa90240b6019ed73b49965eac7d167610be69, 85fbaa75037d0b6b786ff18658ddf0b4014ce2a4]
+upstream: released (3.13-rc2) [bceaa90240b6019ed73b49965eac7d167610be69]
 2.6.32-upstream-stable:
 sid: released (3.12.4-1)
 3.2-wheezy-security: released (3.2.54-1) [linux_3.2.54.orig.tar.xz]
-2.6.32-squeeze-security: pending (2.6.32-48squeeze5)
-3.2-upstream-stable: released (3.2.54) [b38ecb9bbbb42b71833ff4439283f51120a35c1a, b38ecb9bbbb42b71833ff4439283f51120a35c1a]
+2.6.32-squeeze-security: pending (2.6.32-48squeeze5) [bugfix/all/CVE-2013-6405-1.patch]
+3.2-upstream-stable: released (3.2.54) [b38ecb9bbbb42b71833ff4439283f51120a35c1a]

Modified: retired/CVE-2013-7281
===================================================================
--- retired/CVE-2013-7281	2014-03-31 21:46:42 UTC (rev 3280)
+++ retired/CVE-2013-7281	2014-03-31 22:19:30 UTC (rev 3281)
@@ -1,7 +1,7 @@
-Description: net: uninitialised memory leakage
+Description: ieee802154: uninitialised memory leakage
 References:
 Notes:
- jmm> Originally CVE-2013-6405, was split into CVE-2013-736[345] and CVE-2013-7281
+ jmm> Originally CVE-2013-6405, was split into CVE-2013-726[345] and CVE-2013-7281
 Bugs:
 upstream: released (3.13-rc2) [bceaa90240b6019ed73b49965eac7d167610be69, 85fbaa75037d0b6b786ff18658ddf0b4014ce2a4]
 2.6.32-upstream-stable: N/A "vulnerable code not present; introduced in 3.10"




More information about the kernel-sec-discuss mailing list