[kernel-sec-discuss] r4014 - active retired
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Thu Nov 19 14:26:18 UTC 2015
Author: jmm
Date: 2015-11-19 14:26:18 +0000 (Thu, 19 Nov 2015)
New Revision: 4014
Added:
retired/CVE-2015-7872
retired/CVE-2015-8019
Removed:
active/CVE-2015-7872
active/CVE-2015-8019
Log:
retire
Deleted: active/CVE-2015-7872
===================================================================
--- active/CVE-2015-7872 2015-11-19 14:25:26 UTC (rev 4013)
+++ active/CVE-2015-7872 2015-11-19 14:26:18 UTC (rev 4014)
@@ -1,15 +0,0 @@
-Description: crash when attempt to garbage collect an uninstantiated keyring
-References:
-Notes:
- Introduced by fdd1b94581782a2ddf9124414e5b7a5f48ce2f9c
-Bugs:
- https://bugzilla.redhat.com/show_bug.cgi?id=1272371
- https://bugzilla.redhat.com/show_bug.cgi?id=1272172
-upstream: released (v4.3-rc7) [f05819df10d7b09f6d1eb6f8534a8f68e5a4fe61]
-3.16-upstream-stable: released (3.16.7-ckt19)
-3.2-upstream-stable: released (3.2.73) [keys-fix-crash-when-attempt-to-garbage-collect-an-uninstantiated.patch]
-2.6.32-upstream-stable: N/A "vulnerable code not present"
-sid: released (4.2.5-1) [bugfix/all/KEYS-Fix-crash-when-attempt-to-garbage-collect-an-un.patch]
-3.16-jessie-security: released (3.16.7-ckt11-1+deb8u6) [bugfix/all/KEYS-Fix-crash-when-attempt-to-garbage-collect-an-un.patch]
-3.2-wheezy-security: released (3.2.68-1+deb7u6) [bugfix/all/KEYS-Fix-crash-when-attempt-to-garbage-collect-an-un.patch]
-2.6.32-squeeze-security: N/A "vulnerable code not present"
Deleted: active/CVE-2015-8019
===================================================================
--- active/CVE-2015-8019 2015-11-19 14:25:26 UTC (rev 4013)
+++ active/CVE-2015-8019 2015-11-19 14:26:18 UTC (rev 4014)
@@ -1,19 +0,0 @@
-Description: Buffer overflow when copying data from skbuff to userspace
-References:
- http://www.openwall.com/lists/oss-security/2015/10/27/11
- http://patchwork.ozlabs.org/patch/530642/
-Notes:
- For all stable kernels before v3.19 which have backported commit
- 89c22d8c3b27 ("net: Fix skb csum races when peeking") but are lacking
- the ioviter conversion.
- .
- Only 3.16.7-ckt17-1 (jessie-p-u) is still affected and needs to be updated.
-Bugs:
-upstream: N/A "Vulnerable code not present"
-3.16-upstream-stable: released (v3.16.7-ckt19) [fa89ae5548ed282f0ceb4660b3b93e4e2ee875f3]
-3.2-upstream-stable: released (3.2.73) [net-add-length-argument-to-skb_copy_and_csum_datagram_iovec.patch]
-2.6.32-upstream-stable: N/A "Vulnerable code not present"
-sid: N/A "Vulnerable code not present"
-3.16-jessie-security: N/A "Vulnerable code not present"
-3.2-wheezy-security: N/A "Vulnerable code not present"
-2.6.32-squeeze-security: N/A "Vulnerable code not present"
Copied: retired/CVE-2015-7872 (from rev 4013, active/CVE-2015-7872)
===================================================================
--- retired/CVE-2015-7872 (rev 0)
+++ retired/CVE-2015-7872 2015-11-19 14:26:18 UTC (rev 4014)
@@ -0,0 +1,15 @@
+Description: crash when attempt to garbage collect an uninstantiated keyring
+References:
+Notes:
+ Introduced by fdd1b94581782a2ddf9124414e5b7a5f48ce2f9c
+Bugs:
+ https://bugzilla.redhat.com/show_bug.cgi?id=1272371
+ https://bugzilla.redhat.com/show_bug.cgi?id=1272172
+upstream: released (v4.3-rc7) [f05819df10d7b09f6d1eb6f8534a8f68e5a4fe61]
+3.16-upstream-stable: released (3.16.7-ckt19)
+3.2-upstream-stable: released (3.2.73) [keys-fix-crash-when-attempt-to-garbage-collect-an-uninstantiated.patch]
+2.6.32-upstream-stable: N/A "vulnerable code not present"
+sid: released (4.2.5-1) [bugfix/all/KEYS-Fix-crash-when-attempt-to-garbage-collect-an-un.patch]
+3.16-jessie-security: released (3.16.7-ckt11-1+deb8u6) [bugfix/all/KEYS-Fix-crash-when-attempt-to-garbage-collect-an-un.patch]
+3.2-wheezy-security: released (3.2.68-1+deb7u6) [bugfix/all/KEYS-Fix-crash-when-attempt-to-garbage-collect-an-un.patch]
+2.6.32-squeeze-security: N/A "vulnerable code not present"
Copied: retired/CVE-2015-8019 (from rev 4013, active/CVE-2015-8019)
===================================================================
--- retired/CVE-2015-8019 (rev 0)
+++ retired/CVE-2015-8019 2015-11-19 14:26:18 UTC (rev 4014)
@@ -0,0 +1,19 @@
+Description: Buffer overflow when copying data from skbuff to userspace
+References:
+ http://www.openwall.com/lists/oss-security/2015/10/27/11
+ http://patchwork.ozlabs.org/patch/530642/
+Notes:
+ For all stable kernels before v3.19 which have backported commit
+ 89c22d8c3b27 ("net: Fix skb csum races when peeking") but are lacking
+ the ioviter conversion.
+ .
+ Only 3.16.7-ckt17-1 (jessie-p-u) is still affected and needs to be updated.
+Bugs:
+upstream: N/A "Vulnerable code not present"
+3.16-upstream-stable: released (v3.16.7-ckt19) [fa89ae5548ed282f0ceb4660b3b93e4e2ee875f3]
+3.2-upstream-stable: released (3.2.73) [net-add-length-argument-to-skb_copy_and_csum_datagram_iovec.patch]
+2.6.32-upstream-stable: N/A "Vulnerable code not present"
+sid: N/A "Vulnerable code not present"
+3.16-jessie-security: N/A "Vulnerable code not present"
+3.2-wheezy-security: N/A "Vulnerable code not present"
+2.6.32-squeeze-security: N/A "Vulnerable code not present"
More information about the kernel-sec-discuss
mailing list