[kernel-sec-discuss] r5032 - active retired

Ben Hutchings benh at moszumanska.debian.org
Sun Mar 5 18:49:03 UTC 2017 

Author: benh
Date: 2017-03-05 18:49:03 +0000 (Sun, 05 Mar 2017)
New Revision: 5032

Added:
   retired/CVE-2014-9900
Removed:
   active/CVE-2014-9900
Log:
Mark CVE-2014-9900 as ignored in all branches, and retire

Deleted: active/CVE-2014-9900
===================================================================
--- active/CVE-2014-9900	2017-03-04 10:46:52 UTC (rev 5031)
+++ active/CVE-2014-9900	2017-03-05 18:49:03 UTC (rev 5032)
@@ -1,15 +0,0 @@
-Description:
-References:
- https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=63c317dbee97983004dffdd9f742a20d17150071
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9900
- http://source.android.com/security/bulletin/2016-08-01.html
-Notes:
- jmm> Fixed in Android 3.10 kernel, but this is still unfixed in current mainline
-Bugs:
-upstream: needed
-4.9-upstream-stable: needed
-3.16-upstream-stable: needed
-3.2-upstream-stable: needed
-sid: needed
-3.16-jessie-security: needed
-3.2-wheezy-security: needed

Copied: retired/CVE-2014-9900 (from rev 5031, active/CVE-2014-9900)
===================================================================
--- retired/CVE-2014-9900	                        (rev 0)
+++ retired/CVE-2014-9900	2017-03-05 18:49:03 UTC (rev 5032)
@@ -0,0 +1,18 @@
+Description: Potential info-leak in ethtool_get_wol()
+References:
+ https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=63c317dbee97983004dffdd9f742a20d17150071
+ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9900
+ http://source.android.com/security/bulletin/2016-08-01.html
+ https://lkml.org/lkml/2016/8/23/314
+Notes:
+ jmm> Fixed in Android 3.10 kernel, but this is still unfixed in current mainline
+ bwh> This is compiler-dependent, and doesn't appear to have been demonstrated
+ bwh> as an actual leak (yet).
+Bugs:
+upstream: ignored "minor and as-yet theoretical issue"
+4.9-upstream-stable: ignored "upstream first"
+3.16-upstream-stable: ignored "upstream first"
+3.2-upstream-stable: ignored "upstream first"
+sid: ignored "minor and as-yet theoretical issue"
+3.16-jessie-security: ignored "minor and as-yet theoretical issue"
+3.2-wheezy-security: ignored "minor and as-yet theoretical issue

More information about the kernel-sec-discuss mailing list