[kernel-sec-discuss] r3864 - active retired
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Mon Jul 20 14:56:12 UTC 2015
Author: jmm
Date: 2015-07-20 14:56:12 +0000 (Mon, 20 Jul 2015)
New Revision: 3864
Added:
retired/CVE-2011-5321
retired/CVE-2012-6689
retired/CVE-2014-3184
retired/CVE-2014-9683
retired/CVE-2014-9728
retired/CVE-2014-9729
retired/CVE-2014-9730
retired/CVE-2014-9731
Removed:
active/CVE-2011-5321
active/CVE-2012-6689
active/CVE-2014-3184
active/CVE-2014-9683
active/CVE-2014-9728
active/CVE-2014-9729
active/CVE-2014-9730
active/CVE-2014-9731
Log:
retire issues only pending in 2.6.32.x (these releases only
happen rarely)
Deleted: active/CVE-2011-5321
===================================================================
--- active/CVE-2011-5321 2015-07-20 14:53:40 UTC (rev 3863)
+++ active/CVE-2011-5321 2015-07-20 14:56:12 UTC (rev 3864)
@@ -1,14 +0,0 @@
-Description: tty: kobject reference leakage in tty_open
-References:
- Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c290f8358acaeffd8e0c551ddcc24d1206143376 (v3.2-rc1)
- Introduced by: Introduced by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4a2b5fddd53b80efcb3266ee36e23b8de28e761a (v2.6.28-rc1)
-Notes:
-Bugs:
-upstream: released (v3.2-rc1) [c290f8358acaeffd8e0c551ddcc24d1206143376]
-2.6.32-upstream-stable: pending (2.6.32.68)
-sid: released (3.2.1-1)
-3.16-jessie-security: N/A "Fixed before initial release"
-3.2-wheezy-security: N/A "Fixed before initial release"
-2.6.32-squeeze-security: released (2.6.32-48squeeze12) [bugfix/all/tty-drop-driver-reference-in-tty_open-fail-path.patch]
-3.16-upstream-stable: N/A "Fixed before initial release"
-3.2-upstream-stable: released (v3.2-rc1) [c290f8358acaeffd8e0c551ddcc24d1206143376]
Deleted: active/CVE-2012-6689
===================================================================
--- active/CVE-2012-6689 2015-07-20 14:53:40 UTC (rev 3863)
+++ active/CVE-2012-6689 2015-07-20 14:56:12 UTC (rev 3864)
@@ -1,12 +0,0 @@
-Description: incorrect validation of netlink message origin allows attackers to spoof netlink messages
-References:
-Notes:
-Bugs:
-upstream: released (v3.6-rc5) [20e1db19db5d6b9e4e83021595eab0dc8f107bef]
-2.6.32-upstream-stable: pending (2.6.32.68)
-sid: released (3.2.30-1)
-3.16-jessie-security: N/A "Fixed before initial release"
-3.2-wheezy-security: N/A "fixed before wheezy release"
-2.6.32-squeeze-security: released (2.6.32-48squeeze12) [bugfix/all/netlink-fix-possible-spoofing-from-non-root-processe.patch]
-3.16-upstream-stable: N/A "fixed before 3.16"
-3.2-upstream-stable: released (3.2.30)
Deleted: active/CVE-2014-3184
===================================================================
--- active/CVE-2014-3184 2015-07-20 14:53:40 UTC (rev 3863)
+++ active/CVE-2014-3184 2015-07-20 14:56:12 UTC (rev 3864)
@@ -1,13 +0,0 @@
-Description:
-References:
- https://code.google.com/p/google-security-research/issues/detail?id=91
-Notes:
-Bugs:
-upstream: released (3.17-rc2) [4ab25786c87eb20857bbb715c3ae34ec8fd6a214]
-2.6.32-upstream-stable: pending (2.6.32.68)
-sid: released (3.16.2-2)
-3.16-jessie-security: N/A "Fixed before initial release"
-3.2-wheezy-security: released (3.2.63-1)
-2.6.32-squeeze-security: released (2.6.32-48squeeze12) [bugfix/all/hid-fix-a-couple-of-off-by-ones.patch]
-3.16-upstream-stable: released (3.16.2)
-3.2-upstream-stable: released (3.2.63)
Deleted: active/CVE-2014-9683
===================================================================
--- active/CVE-2014-9683 2015-07-20 14:53:40 UTC (rev 3863)
+++ active/CVE-2014-9683 2015-07-20 14:56:12 UTC (rev 3864)
@@ -1,12 +0,0 @@
-Description: ecryptfs 1-byte overwrite
-References:
-Notes:
-Bugs:
-upstream: released (v3.19-rc1) [942080643bce061c3dd9d5718d3b745dcb39a8bc]
-2.6.32-upstream-stable: pending (2.6.32.68)
-sid: released (3.16.7-ckt4-1)
-3.16-jessie-security: N/A "Fixed before initial release"
-3.2-wheezy-security: released (3.2.65-1+deb7u2)
-2.6.32-squeeze-security: released (2.6.32-48squeeze11) [bugfix/all/ecryptfs-remove-buggy-and-unnecessary-write-in-file-.patch]
-3.16-upstream-stable: released (3.16.7-ckt4)
-3.2-upstream-stable: released (3.2.67)
Deleted: active/CVE-2014-9728
===================================================================
--- active/CVE-2014-9728 2015-07-20 14:53:40 UTC (rev 3863)
+++ active/CVE-2014-9728 2015-07-20 14:56:12 UTC (rev 3864)
@@ -1,12 +0,0 @@
-Description:
-References:
-Notes:
-Bugs:
-upstream: released (v3.19-rc3) [e159332b9af4b04d882dbcfe1bb0117f0a6d4b58, e237ec37ec154564f8690c5bd1795339955eeef9, a1d47b262952a45aae62bd49cfaf33dd76c11a2c]
-3.16-upstream-stable: released (3.16.7-ckt4)
-3.2-upstream-stable: released (3.2.67)
-2.6.32-upstream-stable: pending (2.6.32.68)
-sid: released (3.16.7-ckt4-1)
-3.16-jessie-security: N/A
-3.2-wheezy-security: released (3.2.68-1)
-2.6.32-squeeze-security: released (2.6.32-48squeeze12) [bugfix/all/udf-verify-i_size-when-loading-inode.patch, bugfix/all/udf-verify-symlink-size-before-loading-it.patch, bugfix/all/udf-check-component-length-before-reading-it.patch]
Deleted: active/CVE-2014-9729
===================================================================
--- active/CVE-2014-9729 2015-07-20 14:53:40 UTC (rev 3863)
+++ active/CVE-2014-9729 2015-07-20 14:56:12 UTC (rev 3864)
@@ -1,14 +0,0 @@
-Description:
-References:
-Notes:
- For the "iinfo->i_lenAlloc != inode->i_size" issue in
- https://marc.info/?l=oss-security&m=143335451223630&w=2
-Bugs:
-upstream: released (v3.19-rc3) [e159332b9af4b04d882dbcfe1bb0117f0a6d4b58]
-3.16-upstream-stable: released (3.16.7-ckt4)
-3.2-upstream-stable: released (3.2.67)
-2.6.32-upstream-stable: pending (2.6.32.68)
-sid: released (3.16.7-ckt4-1)
-3.16-jessie-security: N/A
-3.2-wheezy-security: released (3.2.68-1)
-2.6.32-squeeze-security: released (2.6.32-48squeeze12) [bugfix/all/udf-verify-i_size-when-loading-inode.patch]
Deleted: active/CVE-2014-9730
===================================================================
--- active/CVE-2014-9730 2015-07-20 14:53:40 UTC (rev 3863)
+++ active/CVE-2014-9730 2015-07-20 14:56:12 UTC (rev 3864)
@@ -1,15 +0,0 @@
-Description:
-References:
-Notes:
- For the "properly ignore component length for component types
- that do not use it" issue in:
- https://marc.info/?l=oss-security&m=143335451223630&w=2
-Bugs:
-upstream: released (v3.19-rc3) [e237ec37ec154564f8690c5bd1795339955eeef9]
-3.16-upstream-stable: released (3.16.7-ckt4)
-3.2-upstream-stable: released (3.2.67)
-2.6.32-upstream-stable: pending (2.6.32.68)
-sid: released (3.16.7-ckt4-1)
-3.16-jessie-security: N/A
-3.2-wheezy-security: released (3.2.68-1)
-2.6.32-squeeze-security: released (2.6.32-48squeeze12) [bugfix/all/udf-check-component-length-before-reading-it.patch]
Deleted: active/CVE-2014-9731
===================================================================
--- active/CVE-2014-9731 2015-07-20 14:53:40 UTC (rev 3863)
+++ active/CVE-2014-9731 2015-07-20 14:56:12 UTC (rev 3864)
@@ -1,12 +0,0 @@
-Description: udf: information leakage when reading symlink
-References:
-Notes:
-Bugs:
-upstream: released (v3.19-rc3) [0e5cc9a40ada6046e6bc3bdfcd0c0d7e4b706b14]
-3.16-upstream-stable: released (3.16.7-ckt4)
-3.2-upstream-stable: released (3.2.67)
-2.6.32-upstream-stable: pending (2.6.32.68)
-sid: released (3.16.7-ckt4-1)
-3.16-jessie-security: N/A
-3.2-wheezy-security: released (3.2.68-1)
-2.6.32-squeeze-security: released (2.6.32-48squeeze12) [bugfix/all/udf-check-path-length-when-reading-symlink.patch]
Copied: retired/CVE-2011-5321 (from rev 3863, active/CVE-2011-5321)
===================================================================
--- retired/CVE-2011-5321 (rev 0)
+++ retired/CVE-2011-5321 2015-07-20 14:56:12 UTC (rev 3864)
@@ -0,0 +1,14 @@
+Description: tty: kobject reference leakage in tty_open
+References:
+ Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c290f8358acaeffd8e0c551ddcc24d1206143376 (v3.2-rc1)
+ Introduced by: Introduced by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4a2b5fddd53b80efcb3266ee36e23b8de28e761a (v2.6.28-rc1)
+Notes:
+Bugs:
+upstream: released (v3.2-rc1) [c290f8358acaeffd8e0c551ddcc24d1206143376]
+2.6.32-upstream-stable: pending (2.6.32.68)
+sid: released (3.2.1-1)
+3.16-jessie-security: N/A "Fixed before initial release"
+3.2-wheezy-security: N/A "Fixed before initial release"
+2.6.32-squeeze-security: released (2.6.32-48squeeze12) [bugfix/all/tty-drop-driver-reference-in-tty_open-fail-path.patch]
+3.16-upstream-stable: N/A "Fixed before initial release"
+3.2-upstream-stable: released (v3.2-rc1) [c290f8358acaeffd8e0c551ddcc24d1206143376]
Copied: retired/CVE-2012-6689 (from rev 3863, active/CVE-2012-6689)
===================================================================
--- retired/CVE-2012-6689 (rev 0)
+++ retired/CVE-2012-6689 2015-07-20 14:56:12 UTC (rev 3864)
@@ -0,0 +1,12 @@
+Description: incorrect validation of netlink message origin allows attackers to spoof netlink messages
+References:
+Notes:
+Bugs:
+upstream: released (v3.6-rc5) [20e1db19db5d6b9e4e83021595eab0dc8f107bef]
+2.6.32-upstream-stable: pending (2.6.32.68)
+sid: released (3.2.30-1)
+3.16-jessie-security: N/A "Fixed before initial release"
+3.2-wheezy-security: N/A "fixed before wheezy release"
+2.6.32-squeeze-security: released (2.6.32-48squeeze12) [bugfix/all/netlink-fix-possible-spoofing-from-non-root-processe.patch]
+3.16-upstream-stable: N/A "fixed before 3.16"
+3.2-upstream-stable: released (3.2.30)
Copied: retired/CVE-2014-3184 (from rev 3863, active/CVE-2014-3184)
===================================================================
--- retired/CVE-2014-3184 (rev 0)
+++ retired/CVE-2014-3184 2015-07-20 14:56:12 UTC (rev 3864)
@@ -0,0 +1,13 @@
+Description:
+References:
+ https://code.google.com/p/google-security-research/issues/detail?id=91
+Notes:
+Bugs:
+upstream: released (3.17-rc2) [4ab25786c87eb20857bbb715c3ae34ec8fd6a214]
+2.6.32-upstream-stable: pending (2.6.32.68)
+sid: released (3.16.2-2)
+3.16-jessie-security: N/A "Fixed before initial release"
+3.2-wheezy-security: released (3.2.63-1)
+2.6.32-squeeze-security: released (2.6.32-48squeeze12) [bugfix/all/hid-fix-a-couple-of-off-by-ones.patch]
+3.16-upstream-stable: released (3.16.2)
+3.2-upstream-stable: released (3.2.63)
Copied: retired/CVE-2014-9683 (from rev 3863, active/CVE-2014-9683)
===================================================================
--- retired/CVE-2014-9683 (rev 0)
+++ retired/CVE-2014-9683 2015-07-20 14:56:12 UTC (rev 3864)
@@ -0,0 +1,12 @@
+Description: ecryptfs 1-byte overwrite
+References:
+Notes:
+Bugs:
+upstream: released (v3.19-rc1) [942080643bce061c3dd9d5718d3b745dcb39a8bc]
+2.6.32-upstream-stable: pending (2.6.32.68)
+sid: released (3.16.7-ckt4-1)
+3.16-jessie-security: N/A "Fixed before initial release"
+3.2-wheezy-security: released (3.2.65-1+deb7u2)
+2.6.32-squeeze-security: released (2.6.32-48squeeze11) [bugfix/all/ecryptfs-remove-buggy-and-unnecessary-write-in-file-.patch]
+3.16-upstream-stable: released (3.16.7-ckt4)
+3.2-upstream-stable: released (3.2.67)
Copied: retired/CVE-2014-9728 (from rev 3863, active/CVE-2014-9728)
===================================================================
--- retired/CVE-2014-9728 (rev 0)
+++ retired/CVE-2014-9728 2015-07-20 14:56:12 UTC (rev 3864)
@@ -0,0 +1,12 @@
+Description:
+References:
+Notes:
+Bugs:
+upstream: released (v3.19-rc3) [e159332b9af4b04d882dbcfe1bb0117f0a6d4b58, e237ec37ec154564f8690c5bd1795339955eeef9, a1d47b262952a45aae62bd49cfaf33dd76c11a2c]
+3.16-upstream-stable: released (3.16.7-ckt4)
+3.2-upstream-stable: released (3.2.67)
+2.6.32-upstream-stable: pending (2.6.32.68)
+sid: released (3.16.7-ckt4-1)
+3.16-jessie-security: N/A
+3.2-wheezy-security: released (3.2.68-1)
+2.6.32-squeeze-security: released (2.6.32-48squeeze12) [bugfix/all/udf-verify-i_size-when-loading-inode.patch, bugfix/all/udf-verify-symlink-size-before-loading-it.patch, bugfix/all/udf-check-component-length-before-reading-it.patch]
Copied: retired/CVE-2014-9729 (from rev 3863, active/CVE-2014-9729)
===================================================================
--- retired/CVE-2014-9729 (rev 0)
+++ retired/CVE-2014-9729 2015-07-20 14:56:12 UTC (rev 3864)
@@ -0,0 +1,14 @@
+Description:
+References:
+Notes:
+ For the "iinfo->i_lenAlloc != inode->i_size" issue in
+ https://marc.info/?l=oss-security&m=143335451223630&w=2
+Bugs:
+upstream: released (v3.19-rc3) [e159332b9af4b04d882dbcfe1bb0117f0a6d4b58]
+3.16-upstream-stable: released (3.16.7-ckt4)
+3.2-upstream-stable: released (3.2.67)
+2.6.32-upstream-stable: pending (2.6.32.68)
+sid: released (3.16.7-ckt4-1)
+3.16-jessie-security: N/A
+3.2-wheezy-security: released (3.2.68-1)
+2.6.32-squeeze-security: released (2.6.32-48squeeze12) [bugfix/all/udf-verify-i_size-when-loading-inode.patch]
Copied: retired/CVE-2014-9730 (from rev 3863, active/CVE-2014-9730)
===================================================================
--- retired/CVE-2014-9730 (rev 0)
+++ retired/CVE-2014-9730 2015-07-20 14:56:12 UTC (rev 3864)
@@ -0,0 +1,15 @@
+Description:
+References:
+Notes:
+ For the "properly ignore component length for component types
+ that do not use it" issue in:
+ https://marc.info/?l=oss-security&m=143335451223630&w=2
+Bugs:
+upstream: released (v3.19-rc3) [e237ec37ec154564f8690c5bd1795339955eeef9]
+3.16-upstream-stable: released (3.16.7-ckt4)
+3.2-upstream-stable: released (3.2.67)
+2.6.32-upstream-stable: pending (2.6.32.68)
+sid: released (3.16.7-ckt4-1)
+3.16-jessie-security: N/A
+3.2-wheezy-security: released (3.2.68-1)
+2.6.32-squeeze-security: released (2.6.32-48squeeze12) [bugfix/all/udf-check-component-length-before-reading-it.patch]
Copied: retired/CVE-2014-9731 (from rev 3863, active/CVE-2014-9731)
===================================================================
--- retired/CVE-2014-9731 (rev 0)
+++ retired/CVE-2014-9731 2015-07-20 14:56:12 UTC (rev 3864)
@@ -0,0 +1,12 @@
+Description: udf: information leakage when reading symlink
+References:
+Notes:
+Bugs:
+upstream: released (v3.19-rc3) [0e5cc9a40ada6046e6bc3bdfcd0c0d7e4b706b14]
+3.16-upstream-stable: released (3.16.7-ckt4)
+3.2-upstream-stable: released (3.2.67)
+2.6.32-upstream-stable: pending (2.6.32.68)
+sid: released (3.16.7-ckt4-1)
+3.16-jessie-security: N/A
+3.2-wheezy-security: released (3.2.68-1)
+2.6.32-squeeze-security: released (2.6.32-48squeeze12) [bugfix/all/udf-check-path-length-when-reading-symlink.patch]
More information about the kernel-sec-discuss
mailing list