[kernel-sec-discuss] r3571 - active
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Fri Nov 28 19:34:08 UTC 2014
Author: jmm
Date: 2014-11-28 19:34:08 +0000 (Fri, 28 Nov 2014)
New Revision: 3571
Modified:
active/CVE-2014-4608
Log:
fixed in 2.6.32.64,thus also pending for squeeze
Modified: active/CVE-2014-4608
===================================================================
--- active/CVE-2014-4608 2014-11-28 19:33:32 UTC (rev 3570)
+++ active/CVE-2014-4608 2014-11-28 19:34:08 UTC (rev 3571)
@@ -4,9 +4,9 @@
jmm> Not exploiable according to http://fastcompression.blogspot.fr/2014/06/debunking-lz4-20-years-old-bug-myth.html
Bugs:
upstream: released (3.16-rc3) [206a81c18401c0cde6e579164f752c4b147324ce]
-2.6.32-upstream-stable:
+2.6.32-upstream-stable: released (2.6.32.64)
sid: released (3.14.9-1)
3.2-wheezy-security: released (3.2.63-1)
3.16-upstream-stable: N/A
-2.6.32-squeeze-security:
+2.6.32-squeeze-security: pending (2.6.32-48squeeze9)
3.2-upstream-stable: released (3.2.61) [lib-lzo-rename-lzo1x_decompress.c-to-lzo1x_decompress_safe.c.patch, lib-lzo-update-lzo-compression-to-current-upstream-version.patch, lzo-properly-check-for-overruns.patch]
More information about the kernel-sec-discuss
mailing list