[kernel-sec-discuss] r3927 - active retired

Ben Hutchings benh at moszumanska.debian.org
Mon Sep 21 22:19:24 UTC 2015 

Author: benh
Date: 2015-09-21 22:19:24 +0000 (Mon, 21 Sep 2015)
New Revision: 3927

Added:
   retired/CVE-2015-1805
   retired/CVE-2015-6252
Removed:
   active/CVE-2015-1805
   active/CVE-2015-6252
Log:
Retire CVE-2015-1805 and CVE-2015-6252, fixed on all branches

Deleted: active/CVE-2015-1805
===================================================================
--- active/CVE-2015-1805	2015-09-21 17:33:16 UTC (rev 3926)
+++ active/CVE-2015-1805	2015-09-21 22:19:24 UTC (rev 3927)
@@ -1,14 +0,0 @@
-Description: pipe: iovec overrun leading to memory corruption
-References:
- https://bugzilla.redhat.com/show_bug.cgi?id=1202855
- http://www.openwall.com/lists/oss-security/2015/06/06/2  
-Notes:
-Bugs: 
-upstream: released (v3.16-rc1) [637b58c2887e5e57850865839cc75f59184b23d1, f0d1bec9d58d4c038d0ac958c9af82be6eb18045]
-3.2-upstream-stable: released (3.2.70) [pipe-iovec-fix-memory-corruption-when-retrying-atomic-copy-as-non-atomic.patch]
-3.16-jessie-security: N/A
-2.6.32-upstream-stable: needed
-sid: released (3.16.2-2)
-3.2-wheezy-security: released (3.2.68-1+deb7u2) [bugfix/all/pipe-iovec-fix-memory-corruption-when-retrying-atomi.patch]
-3.16-upstream-stable: N/A
-2.6.32-squeeze-security: released (2.6.32-48squeeze12) [bugfix/all/pipe-iovec-fix-memory-corruption-when-retrying-atomi.patch]

Deleted: active/CVE-2015-6252
===================================================================
--- active/CVE-2015-6252	2015-09-21 17:33:16 UTC (rev 3926)
+++ active/CVE-2015-6252	2015-09-21 22:19:24 UTC (rev 3927)
@@ -1,13 +0,0 @@
-Description: linux kernel:fd leak in vhost ioctl VHOST_SET_LOG_FD
-References:
- - https://lkml.org/lkml/2015/8/10/375
-Notes:
-Bugs:
-upstream: released (4.2-rc5) [7932c0bd7740f4cd2aa168d3ce0199e7af7d72d5]
-3.16-upstream-stable: released (3.16.7-ckt17)
-3.2-upstream-stable: released (3.2.71)
-2.6.32-upstream-stable: N/A ("Vulnerable code not present")
-sid: released (4.1.5-1)
-3.16-jessie-security: released (3.16.7-ckt11-1+deb8u4) [bugfix/all/vhost-actually-track-log-eventfd-file.patch]
-3.2-wheezy-security: released (3.2.68-1+deb7u4) [bugfix/all/vhost-actually-track-log-eventfd-file.patch]
-2.6.32-squeeze-security: N/A ("Vulnerable code not present")

Copied: retired/CVE-2015-1805 (from rev 3926, active/CVE-2015-1805)
===================================================================
--- retired/CVE-2015-1805	                        (rev 0)
+++ retired/CVE-2015-1805	2015-09-21 22:19:24 UTC (rev 3927)
@@ -0,0 +1,14 @@
+Description: pipe: iovec overrun leading to memory corruption
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=1202855
+ http://www.openwall.com/lists/oss-security/2015/06/06/2  
+Notes:
+Bugs: 
+upstream: released (v3.16-rc1) [637b58c2887e5e57850865839cc75f59184b23d1, f0d1bec9d58d4c038d0ac958c9af82be6eb18045]
+3.2-upstream-stable: released (3.2.70) [pipe-iovec-fix-memory-corruption-when-retrying-atomic-copy-as-non-atomic.patch]
+3.16-jessie-security: N/A
+2.6.32-upstream-stable: released (2.6.32.68)
+sid: released (3.16.2-2)
+3.2-wheezy-security: released (3.2.68-1+deb7u2) [bugfix/all/pipe-iovec-fix-memory-corruption-when-retrying-atomi.patch]
+3.16-upstream-stable: N/A
+2.6.32-squeeze-security: released (2.6.32-48squeeze12) [bugfix/all/pipe-iovec-fix-memory-corruption-when-retrying-atomi.patch]

Copied: retired/CVE-2015-6252 (from rev 3926, active/CVE-2015-6252)
===================================================================
--- retired/CVE-2015-6252	                        (rev 0)
+++ retired/CVE-2015-6252	2015-09-21 22:19:24 UTC (rev 3927)
@@ -0,0 +1,13 @@
+Description: linux kernel:fd leak in vhost ioctl VHOST_SET_LOG_FD
+References:
+ - https://lkml.org/lkml/2015/8/10/375
+Notes:
+Bugs:
+upstream: released (4.2-rc5) [7932c0bd7740f4cd2aa168d3ce0199e7af7d72d5]
+3.16-upstream-stable: released (3.16.7-ckt17)
+3.2-upstream-stable: released (3.2.71)
+2.6.32-upstream-stable: N/A ("Vulnerable code not present")
+sid: released (4.1.5-1)
+3.16-jessie-security: released (3.16.7-ckt11-1+deb8u4) [bugfix/all/vhost-actually-track-log-eventfd-file.patch]
+3.2-wheezy-security: released (3.2.68-1+deb7u4) [bugfix/all/vhost-actually-track-log-eventfd-file.patch]
+2.6.32-squeeze-security: N/A ("Vulnerable code not present")

More information about the kernel-sec-discuss mailing list