[kernel-sec-discuss] r4225 - active retired
Ben Hutchings
benh at moszumanska.debian.org
Fri Mar 4 13:56:51 UTC 2016
Author: benh
Date: 2016-03-04 13:56:51 +0000 (Fri, 04 Mar 2016)
New Revision: 4225
Added:
retired/CVE-2015-8812
retired/CVE-2016-2384
Removed:
active/CVE-2015-8812
active/CVE-2016-2384
Log:
Mark two more issues pending for 2.6.32-upstream and retire them
Deleted: active/CVE-2015-8812
===================================================================
--- active/CVE-2015-8812 2016-03-04 13:51:36 UTC (rev 4224)
+++ active/CVE-2015-8812 2016-03-04 13:56:51 UTC (rev 4225)
@@ -1,14 +0,0 @@
-Description: Use-after-free in iw_cxgb3
-References: http://www.openwall.com/lists/oss-security/2016/02/11/1
-Notes:
- Introduced in 04b5d028f50ff05a8f9ae049ee71f8fdfcf1f5de (v2.6.30-rc2).
- Partially fixed in 2.6.35 with 73a203d2014f50d874b9e40083ad481ca70408e8.
-Bugs:
-upstream: released (v4.5-rc1) [67f1aee6f45059fd6b0f5b0ecb2c97ad0451f6b3]
-3.16-upstream-stable: released (3.16.7-ckt25)
-3.2-upstream-stable: released (3.2.78) [iw_cxgb3-fix-incorrectly-returning-error-on-success.patch]
-2.6.32-upstream-stable: needed
-sid: released (4.4.2-1) [bugfix/all/iw_cxgb3-Fix-incorrectly-returning-error-on-success.patch]
-3.16-jessie-security: released (3.16.7-ckt20-1+deb8u4) [bugfix/all/iw_cxgb3-Fix-incorrectly-returning-error-on-success.patch]
-3.2-wheezy-security: released (3.2.73-2+deb7u3) [bugfix/all/iw_cxgb3-Fix-incorrectly-returning-error-on-success.patch]
-2.6.32-squeeze-security: released (2.6.32-48squeeze20) [bugfix/all/rdma-cxgb3-don-t-free-skbs-on-net_xmit_-indications-.patch, bugfix/all/iw_cxgb3-Fix-incorrectly-returning-error-on-success.patch]
Deleted: active/CVE-2016-2384
===================================================================
--- active/CVE-2016-2384 2016-03-04 13:51:36 UTC (rev 4224)
+++ active/CVE-2016-2384 2016-03-04 13:56:51 UTC (rev 4225)
@@ -1,12 +0,0 @@
-Description: Double-free in snd-usbmidi-lib triggered by invalid USB descriptor
-References:
-Notes:
-Bugs:
-upstream: released (4.5-rc4) [07d86ca93db7e5cdf4743564d98292042ec21af7]
-3.16-upstream-stable: released (3.16.7-ckt25)
-3.2-upstream-stable: released (3.2.78) [alsa-usb-audio-avoid-freeing-umidi-object-twice.patch]
-2.6.32-upstream-stable: needed
-sid: released (4.4.2-1) [bugfix/all/alsa-usb-audio-avoid-freeing-umidi-object-twice.patch]
-3.16-jessie-security: released (3.16.7-ckt20-1+deb8u4) [bugfix/all/alsa-usb-audio-avoid-freeing-umidi-object-twice.patch]
-3.2-wheezy-security: released (3.2.73-2+deb7u3) [bugfix/all/alsa-usb-audio-avoid-freeing-umidi-object-twice.patch]
-2.6.32-squeeze-security: released (2.6.32-48squeeze20) [bugfix/all/alsa-usb-audio-avoid-freeing-umidi-object-twice.patch]
Copied: retired/CVE-2015-8812 (from rev 4224, active/CVE-2015-8812)
===================================================================
--- retired/CVE-2015-8812 (rev 0)
+++ retired/CVE-2015-8812 2016-03-04 13:56:51 UTC (rev 4225)
@@ -0,0 +1,14 @@
+Description: Use-after-free in iw_cxgb3
+References: http://www.openwall.com/lists/oss-security/2016/02/11/1
+Notes:
+ Introduced in 04b5d028f50ff05a8f9ae049ee71f8fdfcf1f5de (v2.6.30-rc2).
+ Partially fixed in 2.6.35 with 73a203d2014f50d874b9e40083ad481ca70408e8.
+Bugs:
+upstream: released (v4.5-rc1) [67f1aee6f45059fd6b0f5b0ecb2c97ad0451f6b3]
+3.16-upstream-stable: released (3.16.7-ckt25)
+3.2-upstream-stable: released (3.2.78) [iw_cxgb3-fix-incorrectly-returning-error-on-success.patch]
+2.6.32-upstream-stable: pending (2.6.32.71)
+sid: released (4.4.2-1) [bugfix/all/iw_cxgb3-Fix-incorrectly-returning-error-on-success.patch]
+3.16-jessie-security: released (3.16.7-ckt20-1+deb8u4) [bugfix/all/iw_cxgb3-Fix-incorrectly-returning-error-on-success.patch]
+3.2-wheezy-security: released (3.2.73-2+deb7u3) [bugfix/all/iw_cxgb3-Fix-incorrectly-returning-error-on-success.patch]
+2.6.32-squeeze-security: released (2.6.32-48squeeze20) [bugfix/all/rdma-cxgb3-don-t-free-skbs-on-net_xmit_-indications-.patch, bugfix/all/iw_cxgb3-Fix-incorrectly-returning-error-on-success.patch]
Copied: retired/CVE-2016-2384 (from rev 4224, active/CVE-2016-2384)
===================================================================
--- retired/CVE-2016-2384 (rev 0)
+++ retired/CVE-2016-2384 2016-03-04 13:56:51 UTC (rev 4225)
@@ -0,0 +1,12 @@
+Description: Double-free in snd-usbmidi-lib triggered by invalid USB descriptor
+References:
+Notes:
+Bugs:
+upstream: released (4.5-rc4) [07d86ca93db7e5cdf4743564d98292042ec21af7]
+3.16-upstream-stable: released (3.16.7-ckt25)
+3.2-upstream-stable: released (3.2.78) [alsa-usb-audio-avoid-freeing-umidi-object-twice.patch]
+2.6.32-upstream-stable: pending (2.6.32.71)
+sid: released (4.4.2-1) [bugfix/all/alsa-usb-audio-avoid-freeing-umidi-object-twice.patch]
+3.16-jessie-security: released (3.16.7-ckt20-1+deb8u4) [bugfix/all/alsa-usb-audio-avoid-freeing-umidi-object-twice.patch]
+3.2-wheezy-security: released (3.2.73-2+deb7u3) [bugfix/all/alsa-usb-audio-avoid-freeing-umidi-object-twice.patch]
+2.6.32-squeeze-security: released (2.6.32-48squeeze20) [bugfix/all/alsa-usb-audio-avoid-freeing-umidi-object-twice.patch]
More information about the kernel-sec-discuss
mailing list