[kernel-sec-discuss] r3839 - active retired
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Wed Jun 17 07:01:43 UTC 2015
Author: jmm
Date: 2015-06-17 07:01:43 +0000 (Wed, 17 Jun 2015)
New Revision: 3839
Added:
retired/CVE-2014-8159
retired/CVE-2015-2041
retired/CVE-2015-2042
retired/CVE-2015-2830
Removed:
active/CVE-2014-8159
active/CVE-2015-2041
active/CVE-2015-2042
active/CVE-2015-2830
Log:
retire
Deleted: active/CVE-2014-8159
===================================================================
--- active/CVE-2014-8159 2015-06-17 07:00:54 UTC (rev 3838)
+++ active/CVE-2014-8159 2015-06-17 07:01:43 UTC (rev 3839)
@@ -1,13 +0,0 @@
-Description: infiniband: uverbs: unprotected physical memory access
-References:
- https://marc.info/?l=oss-security&m=142672196502144&w=2
-Notes:
-Bugs:
-upstream: released (4.0) [8494057ab5e40df590ef6ef7d66324d3ae33356b]
-2.6.32-upstream-stable: released (2.6.32.66)
-sid: released (3.16.7-ckt9-1) [bugfix/all/ib-core-prevent-integer-overflow-in-ib_umem_get.patch]
-3.16-jessie-security: N/A "Fixed before initial release"
-3.2-wheezy-security: released (3.2.68-1+deb7u1) [bugfix/all/ib-core-prevent-integer-overflow-in-ib_umem_get.patch]
-2.6.32-squeeze-security: released (2.6.32-48squeeze12) [bugfix/all/ib-core-prevent-integer-overflow-in-ib_umem_get.patch]
-3.16-upstream-stable: released (3.16.7-ckt10)
-3.2-upstream-stable: released (3.2.69) [ib-uverbs-prevent-integer-overflow-in-ib_umem_get-address-arithmetic.patch]
Deleted: active/CVE-2015-2041
===================================================================
--- active/CVE-2015-2041 2015-06-17 07:00:54 UTC (rev 3838)
+++ active/CVE-2015-2041 2015-06-17 07:01:43 UTC (rev 3839)
@@ -1,14 +0,0 @@
-Description: incorrect data type in llc2_timeout_table
-References:
-Notes:
- bwh> Bug introduced when sysctls were added in 2.6.14. Security impact
- bwh> is minimal: leaks 4 bytes of static data on 64-bit architectures.
-Bugs:
-upstream: released (v3.19-rc7) [6b8d9117ccb4f81b1244aafa7bc70ef8fa45fc49]
-2.6.32-upstream-stable: released (2.6.32.66)
-sid: released (3.16.7-ckt9-1)
-3.16-jessie-security: N/A "Fixed before initial release"
-3.2-wheezy-security: released (3.2.68-1+deb7u1) [bugfix/all/net-llc-use-correct-size-for-sysctl-timeout-entries.patch]
-2.6.32-squeeze-security: released (2.6.32-48squeeze12) [bugfix/all/net-llc-use-correct-size-for-sysctl-timeout-entries.patch]
-3.16-upstream-stable: released (3.16.7-ckt8)
-3.2-upstream-stable: released (3.2.69) [net-llc-use-correct-size-for-sysctl-timeout-entries.patch]
Deleted: active/CVE-2015-2042
===================================================================
--- active/CVE-2015-2042 2015-06-17 07:00:54 UTC (rev 3838)
+++ active/CVE-2015-2042 2015-06-17 07:01:43 UTC (rev 3839)
@@ -1,14 +0,0 @@
-Description: incorrect data type in rds_sysctl_rds_table
-References:
-Notes:
- bwh> Bug introduced when sysctls were added in 2.6.30. Security impact
- bwh> is minimal: leaks 4 bytes of static data on 64-bit architectures.
-Bugs:
-upstream: released (v3.19) [db27ebb111e9f69efece08e4cb6a34ff980f8896]
-2.6.32-upstream-stable: released (2.6.32.66)
-sid: released (3.16.7-ckt9-1)
-3.16-jessie-security: N/A "Fixed before initial release"
-3.2-wheezy-security: released (3.2.68-1+deb7u1) [bugfix/all/net-rds-use-correct-size-for-max-unacked-packets-and.patch]
-2.6.32-squeeze-security: released (2.6.32-48squeeze12) [bugfix/all/net-rds-use-correct-size-for-max-unacked-packets-and.patch]
-3.16-upstream-stable: released (3.16.7-ckt8)
-3.2-upstream-stable: released (3.2.69) [net-rds-use-correct-size-for-max-unacked-packets-and-bytes.patch]
Deleted: active/CVE-2015-2830
===================================================================
--- active/CVE-2015-2830 2015-06-17 07:00:54 UTC (rev 3838)
+++ active/CVE-2015-2830 2015-06-17 07:01:43 UTC (rev 3839)
@@ -1,12 +0,0 @@
-Description: mishandles int80 fork from 64-bit tasks
-References:
-Notes:
-Bugs:
-upstream: released (v4.0-rc3) [956421fbb74c3a6261903f3836c0740187cf038b]
-2.6.32-upstream-stable: released (2.6.32.66)
-sid: released (3.16.7-ckt9-1)
-3.16-jessie-security: N/A "Fixed before initial release"
-3.2-wheezy-security: released (3.2.68-1+deb7u1) [bugfix/x86/x86-asm-entry-64-remove-a-bogus-ret_from_fork-optimi.patch]
-2.6.32-squeeze-security: released (2.6.32-48squeeze12) [bugfix/x86/x86-asm-entry-64-remove-a-bogus-ret_from_fork-optimi.patch]
-3.16-upstream-stable: released (3.16.7-ckt9)
-3.2-upstream-stable: released (3.2.69) [x86-asm-entry-64-remove-a-bogus-ret_from_fork-optimization.patch]
Copied: retired/CVE-2014-8159 (from rev 3838, active/CVE-2014-8159)
===================================================================
--- retired/CVE-2014-8159 (rev 0)
+++ retired/CVE-2014-8159 2015-06-17 07:01:43 UTC (rev 3839)
@@ -0,0 +1,13 @@
+Description: infiniband: uverbs: unprotected physical memory access
+References:
+ https://marc.info/?l=oss-security&m=142672196502144&w=2
+Notes:
+Bugs:
+upstream: released (4.0) [8494057ab5e40df590ef6ef7d66324d3ae33356b]
+2.6.32-upstream-stable: released (2.6.32.66)
+sid: released (3.16.7-ckt9-1) [bugfix/all/ib-core-prevent-integer-overflow-in-ib_umem_get.patch]
+3.16-jessie-security: N/A "Fixed before initial release"
+3.2-wheezy-security: released (3.2.68-1+deb7u1) [bugfix/all/ib-core-prevent-integer-overflow-in-ib_umem_get.patch]
+2.6.32-squeeze-security: released (2.6.32-48squeeze12) [bugfix/all/ib-core-prevent-integer-overflow-in-ib_umem_get.patch]
+3.16-upstream-stable: released (3.16.7-ckt10)
+3.2-upstream-stable: released (3.2.69) [ib-uverbs-prevent-integer-overflow-in-ib_umem_get-address-arithmetic.patch]
Copied: retired/CVE-2015-2041 (from rev 3838, active/CVE-2015-2041)
===================================================================
--- retired/CVE-2015-2041 (rev 0)
+++ retired/CVE-2015-2041 2015-06-17 07:01:43 UTC (rev 3839)
@@ -0,0 +1,14 @@
+Description: incorrect data type in llc2_timeout_table
+References:
+Notes:
+ bwh> Bug introduced when sysctls were added in 2.6.14. Security impact
+ bwh> is minimal: leaks 4 bytes of static data on 64-bit architectures.
+Bugs:
+upstream: released (v3.19-rc7) [6b8d9117ccb4f81b1244aafa7bc70ef8fa45fc49]
+2.6.32-upstream-stable: released (2.6.32.66)
+sid: released (3.16.7-ckt9-1)
+3.16-jessie-security: N/A "Fixed before initial release"
+3.2-wheezy-security: released (3.2.68-1+deb7u1) [bugfix/all/net-llc-use-correct-size-for-sysctl-timeout-entries.patch]
+2.6.32-squeeze-security: released (2.6.32-48squeeze12) [bugfix/all/net-llc-use-correct-size-for-sysctl-timeout-entries.patch]
+3.16-upstream-stable: released (3.16.7-ckt8)
+3.2-upstream-stable: released (3.2.69) [net-llc-use-correct-size-for-sysctl-timeout-entries.patch]
Copied: retired/CVE-2015-2042 (from rev 3838, active/CVE-2015-2042)
===================================================================
--- retired/CVE-2015-2042 (rev 0)
+++ retired/CVE-2015-2042 2015-06-17 07:01:43 UTC (rev 3839)
@@ -0,0 +1,14 @@
+Description: incorrect data type in rds_sysctl_rds_table
+References:
+Notes:
+ bwh> Bug introduced when sysctls were added in 2.6.30. Security impact
+ bwh> is minimal: leaks 4 bytes of static data on 64-bit architectures.
+Bugs:
+upstream: released (v3.19) [db27ebb111e9f69efece08e4cb6a34ff980f8896]
+2.6.32-upstream-stable: released (2.6.32.66)
+sid: released (3.16.7-ckt9-1)
+3.16-jessie-security: N/A "Fixed before initial release"
+3.2-wheezy-security: released (3.2.68-1+deb7u1) [bugfix/all/net-rds-use-correct-size-for-max-unacked-packets-and.patch]
+2.6.32-squeeze-security: released (2.6.32-48squeeze12) [bugfix/all/net-rds-use-correct-size-for-max-unacked-packets-and.patch]
+3.16-upstream-stable: released (3.16.7-ckt8)
+3.2-upstream-stable: released (3.2.69) [net-rds-use-correct-size-for-max-unacked-packets-and-bytes.patch]
Copied: retired/CVE-2015-2830 (from rev 3838, active/CVE-2015-2830)
===================================================================
--- retired/CVE-2015-2830 (rev 0)
+++ retired/CVE-2015-2830 2015-06-17 07:01:43 UTC (rev 3839)
@@ -0,0 +1,12 @@
+Description: mishandles int80 fork from 64-bit tasks
+References:
+Notes:
+Bugs:
+upstream: released (v4.0-rc3) [956421fbb74c3a6261903f3836c0740187cf038b]
+2.6.32-upstream-stable: released (2.6.32.66)
+sid: released (3.16.7-ckt9-1)
+3.16-jessie-security: N/A "Fixed before initial release"
+3.2-wheezy-security: released (3.2.68-1+deb7u1) [bugfix/x86/x86-asm-entry-64-remove-a-bogus-ret_from_fork-optimi.patch]
+2.6.32-squeeze-security: released (2.6.32-48squeeze12) [bugfix/x86/x86-asm-entry-64-remove-a-bogus-ret_from_fork-optimi.patch]
+3.16-upstream-stable: released (3.16.7-ckt9)
+3.2-upstream-stable: released (3.2.69) [x86-asm-entry-64-remove-a-bogus-ret_from_fork-optimization.patch]
More information about the kernel-sec-discuss
mailing list