[kernel-sec-discuss] r3704 - active
Ben Hutchings
benh at moszumanska.debian.org
Wed Feb 25 19:34:00 UTC 2015
Author: benh
Date: 2015-02-25 19:34:00 +0000 (Wed, 25 Feb 2015)
New Revision: 3704
Modified:
active/CVE-2015-2041
active/CVE-2015-2042
Log:
Fill in affected versions for CVE-2015-204{1,2}
Modified: active/CVE-2015-2041
===================================================================
--- active/CVE-2015-2041 2015-02-25 19:18:55 UTC (rev 3703)
+++ active/CVE-2015-2041 2015-02-25 19:34:00 UTC (rev 3704)
@@ -1,11 +1,13 @@
Description: incorrect data type in llc2_timeout_table
References:
Notes:
+ bwh> Bug introduced when sysctls were added in 2.6.14. Security impact
+ bwh> is minimal: leaks 4 bytes of static data on 64-bit architectures.
Bugs:
upstream: released (v3.19-rc7) [6b8d9117ccb4f81b1244aafa7bc70ef8fa45fc49]
-2.6.32-upstream-stable:
-sid:
-3.2-wheezy-security:
-2.6.32-squeeze-security:
+2.6.32-upstream-stable: needed
+sid: needed
+3.2-wheezy-security: needed
+2.6.32-squeeze-security: needed
3.16-upstream-stable: pending (3.16.7-ckt8)
-3.2-upstream-stable:
+3.2-upstream-stable: needed
Modified: active/CVE-2015-2042
===================================================================
--- active/CVE-2015-2042 2015-02-25 19:18:55 UTC (rev 3703)
+++ active/CVE-2015-2042 2015-02-25 19:34:00 UTC (rev 3704)
@@ -1,11 +1,13 @@
Description: incorrect data type in rds_sysctl_rds_table
References:
Notes:
+ bwh> Bug introduced when sysctls were added in 2.6.30. Security impact
+ bwh> is minimal: leaks 4 bytes of static data on 64-bit architectures.
Bugs:
upstream: released (v3.19) [db27ebb111e9f69efece08e4cb6a34ff980f8896]
-2.6.32-upstream-stable:
-sid:
-3.2-wheezy-security:
-2.6.32-squeeze-security:
+2.6.32-upstream-stable: needed
+sid: needed
+3.2-wheezy-security: needed
+2.6.32-squeeze-security: needed
3.16-upstream-stable: pending (3.16.7-ckt8)
-3.2-upstream-stable:
+3.2-upstream-stable: needed
More information about the kernel-sec-discuss
mailing list