[kernel-sec-discuss] r3698 - active retired

Ben Hutchings benh at moszumanska.debian.org
Tue Feb 24 00:22:01 UTC 2015 

Author: benh
Date: 2015-02-24 00:21:46 +0000 (Tue, 24 Feb 2015)
New Revision: 3698

Added:
   retired/CVE-2013-7421
   retired/CVE-2014-8559
   retired/CVE-2014-9644
Removed:
   active/CVE-2013-7421
   active/CVE-2014-8559
   active/CVE-2014-9644
Log:
Retire CVE-2013-7421/CVE-2014-9644 and CVE-2014-8559

Deleted: active/CVE-2013-7421
===================================================================
--- active/CVE-2013-7421	2015-02-24 00:19:11 UTC (rev 3697)
+++ active/CVE-2013-7421	2015-02-24 00:21:46 UTC (rev 3698)
@@ -1,13 +0,0 @@
-Description: crypto api unprivileged arbitrary module load
-References:
-Notes:
- jmm> The thread at http://www.openwall.com/lists/oss-security/2015/01/24/4
- jmm> provides some hairsplitting, but essentially CVE-2013-7421 and CVE-2014-9644 are identical
-Bugs:
-upstream: released (3.19-rc6) [5d26a105b5a73e5635eae0629b42fa0a90e07b7b, 4943ba16bbc2db05115707b3ff7b4874e9e3c560, 3e14dcf7cb80b34a1f38b55bc96f02d23fdaaaaf]
-2.6.32-upstream-stable: N/A "Introduced in 2.6.38"
-sid: released (3.16.7-ckt4-2) [bugfix/all/crypto-prefix-module-autoloading-with-crypto.patch, bugfix/all/crypto-include-crypto-module-prefix-in-template.patch, +bugfix/all/crypto-add-missing-crypto-module-aliases.patch]
-3.2-wheezy-security: released (3.2.65-1+deb7u2) [bugfix/all/crypto-prefix-module-autoloading-with-crypto.patch, bugfix/all/crypto-include-crypto-module-prefix-in-template.patch, +bugfix/all/crypto-add-missing-crypto-module-aliases.patch]
-2.6.32-squeeze-security: N/A "Introduced in 2.6.38"
-3.16-upstream-stable: released (3.16.7-ckt6)
-3.2-upstream-stable: released (3.2.67) [crypto-prefix-module-autoloading-with-crypto.patch, crypto-include-crypto-module-prefix-in-template.patch, crypto-add-missing-crypto-module-aliases.patch]

Deleted: active/CVE-2014-8559
===================================================================
--- active/CVE-2014-8559	2015-02-24 00:19:11 UTC (rev 3697)
+++ active/CVE-2014-8559	2015-02-24 00:21:46 UTC (rev 3698)
@@ -1,20 +0,0 @@
-Description: dead lock in dcache
-References:
- https://lkml.org/lkml/2014/10/25/171
- https://lkml.org/lkml/2014/10/25/179
- https://lkml.org/lkml/2014/10/25/180
- https://lkml.org/lkml/2014/10/26/101
- https://lkml.org/lkml/2014/10/26/116
- https://lkml.org/lkml/2014/10/26/129
-Notes:
- According to https://lkml.org/lkml/2014/10/25/179 this was introduced
- by "fs: dcache avoid starvation in dcache multi-step operations", i.e.
- commit 58db63d08679 in 2.6.38-rc1.
-Bugs:
-upstream: released (3.19-rc1) [946e51f2bf37f1656916eb75bd0742ba33983c28, ca5358ef75fc69fee5322a38a340f5739d997c10]
-2.6.32-upstream-stable: N/A
-sid: released (3.16.7-ckt4-1)
-3.2-wheezy-security: released (3.2.65-1+deb7u2) [bugfix/all/move-d_rcu-from-overlapping-d_child-to-overlapping-d_alias.patch, bugfix/all/deal-with-deadlock-in-d_walk.patch, bugfix/all/dcache-fix-locking-bugs-in-backported-deal-with-deadlock-in-d_walk.patch]
-2.6.32-squeeze-security: N/A
-3.16-upstream-stable: released (3.16.7-ckt4)
-3.2-upstream-stable: released (3.2.66) [move-d_rcu-from-overlapping-d_child-to-overlapping-d_alias.patch, deal-with-deadlock-in-d_walk.patch]

Deleted: active/CVE-2014-9644
===================================================================
--- active/CVE-2014-9644	2015-02-24 00:19:11 UTC (rev 3697)
+++ active/CVE-2014-9644	2015-02-24 00:21:46 UTC (rev 3698)
@@ -1,13 +0,0 @@
-Description: crypto api unprivileged arbitrary module load
-References:
-Notes:
- jmm> The thread at http://www.openwall.com/lists/oss-security/2015/01/24/4
- jmm> provides some hairsplitting, but essentially CVE-2013-7421 and CVE-2014-9644 are identical
-Bugs:
-upstream: released (3.19-rc6) [5d26a105b5a73e5635eae0629b42fa0a90e07b7b, 4943ba16bbc2db05115707b3ff7b4874e9e3c560, 3e14dcf7cb80b34a1f38b55bc96f02d23fdaaaaf]
-2.6.32-upstream-stable: N/A "Introduced in 2.6.38"
-sid: released (3.16.7-ckt4-2) [bugfix/all/crypto-prefix-module-autoloading-with-crypto.patch, bugfix/all/crypto-include-crypto-module-prefix-in-template.patch, +bugfix/all/crypto-add-missing-crypto-module-aliases.patch]
-3.2-wheezy-security: released (3.2.65-1+deb7u2) [bugfix/all/crypto-prefix-module-autoloading-with-crypto.patch, bugfix/all/crypto-include-crypto-module-prefix-in-template.patch, +bugfix/all/crypto-add-missing-crypto-module-aliases.patch]
-2.6.32-squeeze-security: N/A "Introduced in 2.6.38"
-3.16-upstream-stable: released (3.16.7-ckt6)
-3.2-upstream-stable: released (3.2.67) [crypto-prefix-module-autoloading-with-crypto.patch, crypto-include-crypto-module-prefix-in-template.patch, crypto-add-missing-crypto-module-aliases.patch]

Copied: retired/CVE-2013-7421 (from rev 3697, active/CVE-2013-7421)
===================================================================
--- retired/CVE-2013-7421	                        (rev 0)
+++ retired/CVE-2013-7421	2015-02-24 00:21:46 UTC (rev 3698)
@@ -0,0 +1,13 @@
+Description: crypto api unprivileged arbitrary module load
+References:
+Notes:
+ jmm> The thread at http://www.openwall.com/lists/oss-security/2015/01/24/4
+ jmm> provides some hairsplitting, but essentially CVE-2013-7421 and CVE-2014-9644 are identical
+Bugs:
+upstream: released (3.19-rc6) [5d26a105b5a73e5635eae0629b42fa0a90e07b7b, 4943ba16bbc2db05115707b3ff7b4874e9e3c560, 3e14dcf7cb80b34a1f38b55bc96f02d23fdaaaaf]
+2.6.32-upstream-stable: N/A "Introduced in 2.6.38"
+sid: released (3.16.7-ckt4-2) [bugfix/all/crypto-prefix-module-autoloading-with-crypto.patch, bugfix/all/crypto-include-crypto-module-prefix-in-template.patch, +bugfix/all/crypto-add-missing-crypto-module-aliases.patch]
+3.2-wheezy-security: released (3.2.65-1+deb7u2) [bugfix/all/crypto-prefix-module-autoloading-with-crypto.patch, bugfix/all/crypto-include-crypto-module-prefix-in-template.patch, +bugfix/all/crypto-add-missing-crypto-module-aliases.patch]
+2.6.32-squeeze-security: N/A "Introduced in 2.6.38"
+3.16-upstream-stable: released (3.16.7-ckt6)
+3.2-upstream-stable: released (3.2.67) [crypto-prefix-module-autoloading-with-crypto.patch, crypto-include-crypto-module-prefix-in-template.patch, crypto-add-missing-crypto-module-aliases.patch]

Copied: retired/CVE-2014-8559 (from rev 3697, active/CVE-2014-8559)
===================================================================
--- retired/CVE-2014-8559	                        (rev 0)
+++ retired/CVE-2014-8559	2015-02-24 00:21:46 UTC (rev 3698)
@@ -0,0 +1,20 @@
+Description: dead lock in dcache
+References:
+ https://lkml.org/lkml/2014/10/25/171
+ https://lkml.org/lkml/2014/10/25/179
+ https://lkml.org/lkml/2014/10/25/180
+ https://lkml.org/lkml/2014/10/26/101
+ https://lkml.org/lkml/2014/10/26/116
+ https://lkml.org/lkml/2014/10/26/129
+Notes:
+ According to https://lkml.org/lkml/2014/10/25/179 this was introduced
+ by "fs: dcache avoid starvation in dcache multi-step operations", i.e.
+ commit 58db63d08679 in 2.6.38-rc1.
+Bugs:
+upstream: released (3.19-rc1) [946e51f2bf37f1656916eb75bd0742ba33983c28, ca5358ef75fc69fee5322a38a340f5739d997c10]
+2.6.32-upstream-stable: N/A
+sid: released (3.16.7-ckt4-1)
+3.2-wheezy-security: released (3.2.65-1+deb7u2) [bugfix/all/move-d_rcu-from-overlapping-d_child-to-overlapping-d_alias.patch, bugfix/all/deal-with-deadlock-in-d_walk.patch, bugfix/all/dcache-fix-locking-bugs-in-backported-deal-with-deadlock-in-d_walk.patch]
+2.6.32-squeeze-security: N/A
+3.16-upstream-stable: released (3.16.7-ckt4)
+3.2-upstream-stable: released (3.2.66) [move-d_rcu-from-overlapping-d_child-to-overlapping-d_alias.patch, deal-with-deadlock-in-d_walk.patch]

Copied: retired/CVE-2014-9644 (from rev 3697, active/CVE-2014-9644)
===================================================================
--- retired/CVE-2014-9644	                        (rev 0)
+++ retired/CVE-2014-9644	2015-02-24 00:21:46 UTC (rev 3698)
@@ -0,0 +1,13 @@
+Description: crypto api unprivileged arbitrary module load
+References:
+Notes:
+ jmm> The thread at http://www.openwall.com/lists/oss-security/2015/01/24/4
+ jmm> provides some hairsplitting, but essentially CVE-2013-7421 and CVE-2014-9644 are identical
+Bugs:
+upstream: released (3.19-rc6) [5d26a105b5a73e5635eae0629b42fa0a90e07b7b, 4943ba16bbc2db05115707b3ff7b4874e9e3c560, 3e14dcf7cb80b34a1f38b55bc96f02d23fdaaaaf]
+2.6.32-upstream-stable: N/A "Introduced in 2.6.38"
+sid: released (3.16.7-ckt4-2) [bugfix/all/crypto-prefix-module-autoloading-with-crypto.patch, bugfix/all/crypto-include-crypto-module-prefix-in-template.patch, +bugfix/all/crypto-add-missing-crypto-module-aliases.patch]
+3.2-wheezy-security: released (3.2.65-1+deb7u2) [bugfix/all/crypto-prefix-module-autoloading-with-crypto.patch, bugfix/all/crypto-include-crypto-module-prefix-in-template.patch, +bugfix/all/crypto-add-missing-crypto-module-aliases.patch]
+2.6.32-squeeze-security: N/A "Introduced in 2.6.38"
+3.16-upstream-stable: released (3.16.7-ckt6)
+3.2-upstream-stable: released (3.2.67) [crypto-prefix-module-autoloading-with-crypto.patch, crypto-include-crypto-module-prefix-in-template.patch, crypto-add-missing-crypto-module-aliases.patch]

More information about the kernel-sec-discuss mailing list