[kernel-sec-discuss] r3352 - active
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Fri May 16 19:59:21 UTC 2014
Author: jmm
Date: 2014-05-16 19:59:21 +0000 (Fri, 16 May 2014)
New Revision: 3352
Added:
active/CVE-2013-4483
Modified:
active/CVE-2013-4470
active/CVE-2014-0196
active/CVE-2014-1438
active/CVE-2014-1737
active/CVE-2014-1738
Log:
fixes pending for 2.6.32.62 and 3.2.59
Modified: active/CVE-2013-4470
===================================================================
--- active/CVE-2013-4470 2014-05-15 06:37:09 UTC (rev 3351)
+++ active/CVE-2013-4470 2014-05-16 19:59:21 UTC (rev 3352)
@@ -3,7 +3,7 @@
Notes:
Bugs:
upstream: released (3.12) [c547dbf55d5f8cf615ccc0e7265e98db27d3fb8b, e93b7d748be887cd7639b113ba7d7ef792a7efb9]
-2.6.32-upstream-stable: needed
+2.6.32-upstream-stable: pending (2.6.32.62)
sid: released (3.11.7-1)
3.2-wheezy-security: released (3.2.53-1)
2.6.32-squeeze-security: needed
Copied: active/CVE-2013-4483 (from rev 3304, active/CVE-2013-4483)
===================================================================
--- active/CVE-2013-4483 (rev 0)
+++ active/CVE-2013-4483 2014-05-16 19:59:21 UTC (rev 3352)
@@ -0,0 +1,12 @@
+Description: ipc: ipc_rcu_putref refcount races
+References:
+Notes:
+ jmm> https://bugzilla.redhat.com/show_bug.cgi?id=1024854 claims RHEL kernels are
+ jmm> not affected, but the code seems to be present in all older kernels?
+Bugs:
+upstream: released (3.10) [6062a8dc0517bce23e3c2f7d2fea5e22411269a3]
+2.6.32-upstream-stable: ignored "too intrusive to backport"
+sid: released (3.10-1)
+3.2-wheezy-security: pending (3.2.57-1) [bugfix/all/ipc-msg-fix-race-around-refcount.patch]
+2.6.32-squeeze-security: ignored "too intrusive to backport"
+3.2-upstream-stable: released (3.2.57) [ipc-msg-fix-race-around-refcount.patch]
Modified: active/CVE-2014-0196
===================================================================
--- active/CVE-2014-0196 2014-05-15 06:37:09 UTC (rev 3351)
+++ active/CVE-2014-0196 2014-05-16 19:59:21 UTC (rev 3352)
@@ -3,8 +3,8 @@
Notes:
Bugs: 747166
upstream: released (3.15-rc5) [4291086b1f081b869c6d79e5b7441633dc3ace00]
-2.6.32-upstream-stable: pending
+2.6.32-upstream-stable: pending (2.6.32.62)
sid: released (3.14.4-1)
-3.2-wheezy-security: released (3.2.57-3+deb7u1) [bugfix/all/n_tty-Fix-n_tty_write-crash-when-echoing-in-raw-mode.patch]
+3.2-wheezy-security: pending (3.2.57-3+deb7u1) [bugfix/all/n_tty-Fix-n_tty_write-crash-when-echoing-in-raw-mode.patch]
2.6.32-squeeze-security: pending
-3.2-upstream-stable: needed
+3.2-upstream-stable: pending (3.2.59)
\ No newline at end of file
Modified: active/CVE-2014-1438
===================================================================
--- active/CVE-2014-1438 2014-05-15 06:37:09 UTC (rev 3351)
+++ active/CVE-2014-1438 2014-05-16 19:59:21 UTC (rev 3352)
@@ -4,7 +4,7 @@
Notes:
Bugs:
upstream: released (3.13-rc8) [26bef1318adc1b3a530ecc807ef99346db2aa8b0]
-2.6.32-upstream-stable:
+2.6.32-upstream-stable: pending (2.6.32.62)
sid: released (3.12.8-1)
3.2-wheezy-security: released (3.2.54-1) [bugfix/x86/fpu-amd-Clear-exceptions-in-AMD-FXSAVE-workaroun.patch]
2.6.32-squeeze-security: "is it safe to just add fnclex w/o switching from alternatives?"
Modified: active/CVE-2014-1737
===================================================================
--- active/CVE-2014-1737 2014-05-15 06:37:09 UTC (rev 3351)
+++ active/CVE-2014-1737 2014-05-16 19:59:21 UTC (rev 3352)
@@ -3,8 +3,8 @@
Notes:
Bugs:
upstream: released (3.15-rc4) [ef87dbe7614341c2e7bfe8d32fcb7028cc97442c]
-2.6.32-upstream-stable: needed
+2.6.32-upstream-stable: pending (2.6.32.62)
sid: released (3.14.4-1)
3.2-wheezy-security: released (3.2.57-3+deb7u1) [bugfix/all/floppy-ignore-kernel-only-members-in-FDRAWCMD-ioctl-.patch]
2.6.32-squeeze-security: needed
-3.2-upstream-stable: needed
+3.2-upstream-stable: pending (3.2.59)
Modified: active/CVE-2014-1738
===================================================================
--- active/CVE-2014-1738 2014-05-15 06:37:09 UTC (rev 3351)
+++ active/CVE-2014-1738 2014-05-16 19:59:21 UTC (rev 3352)
@@ -3,8 +3,8 @@
Notes:
Bugs:
upstream: released (3.15-rc4) [2145e15e0557a01b9195d1c7199a1b92cb9be81f]
-2.6.32-upstream-stable: needed
+2.6.32-upstream-stable: pending (2.6.32.62)
sid: released (3.14.4-1)
3.2-wheezy-security: released (3.2.57-3+deb7u1) [bugfix/all/floppy-don-t-write-kernel-only-members-to-FDRAWCMD-i.patch]
2.6.32-squeeze-security: needed
-3.2-upstream-stable: needed
+3.2-upstream-stable: pending (3.2.59)
More information about the kernel-sec-discuss
mailing list