[kernel-sec-discuss] r3824 - active

Moritz Muehlenhoff jmm at moszumanska.debian.org
Wed Jun 10 09:08:24 UTC 2015 

Author: jmm
Date: 2015-06-10 09:08:24 +0000 (Wed, 10 Jun 2015)
New Revision: 3824

Added:
   active/CVE-2015-4001
   active/CVE-2015-4003
   active/CVE-2015-4004
Log:
three more ozspan issues


Added: active/CVE-2015-4001
===================================================================
--- active/CVE-2015-4001	                        (rev 0)
+++ active/CVE-2015-4001	2015-06-10 09:08:24 UTC (rev 3824)
@@ -0,0 +1,13 @@
+Description: ozwpan: Use unsigned ints to prevent heap overflow
+References:
+Notes:
+ jmm> unsupported staging driver
+Bugs:
+upstream: released (4.1-rc7) [b1bb5b49373b61bf9d2c73a4d30058ba6f069e4c]
+3.16-upstream-stable:
+3.2-upstream-stable: N/A "Vulnerable code not present"
+2.6.32-upstream-stable: N/A "Vulnerable code not present"
+sid:
+3.16-jessie-security: 
+3.2-wheezy-security: N/A "Vulnerable code not present"
+2.6.32-squeeze-security: N/A "Vulnerable code not present"

Added: active/CVE-2015-4003
===================================================================
--- active/CVE-2015-4003	                        (rev 0)
+++ active/CVE-2015-4003	2015-06-10 09:08:24 UTC (rev 3824)
@@ -0,0 +1,13 @@
+Description: ozwpan: divide-by-zero leading to panic
+References:
+Notes:
+ jmm> unsupported staging driver
+Bugs:
+upstream: released (4.1-rc7) [4bf464a5dfd9ade0dda918e44366c2c61fce80b]
+3.16-upstream-stable:
+3.2-upstream-stable: N/A "Vulnerable code not present"
+2.6.32-upstream-stable: N/A "Vulnerable code not present"
+sid:
+3.16-jessie-security: 
+3.2-wheezy-security: N/A "Vulnerable code not present"
+2.6.32-squeeze-security: N/A "Vulnerable code not present"

Added: active/CVE-2015-4004
===================================================================
--- active/CVE-2015-4004	                        (rev 0)
+++ active/CVE-2015-4004	2015-06-10 09:08:24 UTC (rev 3824)
@@ -0,0 +1,13 @@
+Description: ozwpan: lack of a check for whether a length value (elt->length or len) was too small
+References:
+Notes:
+ jmm> unsupported staging driver
+Bugs:
+upstream:
+3.16-upstream-stable:
+3.2-upstream-stable: N/A "Vulnerable code not present"
+2.6.32-upstream-stable: N/A "Vulnerable code not present"
+sid:
+3.16-jessie-security: 
+3.2-wheezy-security: N/A "Vulnerable code not present"
+2.6.32-squeeze-security: N/A "Vulnerable code not present"

More information about the kernel-sec-discuss mailing list