r4432 - people/micah

Thu Oct 13 02:41:17 UTC 2005

Author: dannf
Date: 2005-10-13 02:41:17 +0000 (Thu, 13 Oct 2005)
New Revision: 4432

Modified:
   people/micah/pending_CVE_requests
Log:
add draft cve text & an additional url for sys_get_thread_area-leak.dpatch

Modified: people/micah/pending_CVE_requests
===================================================================

--- people/micah/pending_CVE_requests	2005-10-13 02:16:21 UTC (rev 4431)
+++ people/micah/pending_CVE_requests	2005-10-13 02:41:17 UTC (rev 4432)
@@ -96,8 +96,12 @@
 URL: http://linux.bkbits.net:8080/linux-2.6/cset@1.3596.79.35?nav=index.html|src/|src/net|src/net/ipv4|src/net/ipv4/netfilter|related/net/ipv4/netfilter/ip_conntrack_core.c
 
 * sys_get_thread_area-leak.dpatch
-TODO: CVE text
 URL: http://linux.bkbits.net:8080/linux-2.6/cset@1.3700.4.106?nav=index.html|src/|src/arch|src/arch/i386|src/arch/i386/kernel|related/arch/i386/kernel/process.c
+URL: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=71ae18ec690953e9ba7107c7cc44589c2cc0d9f1
+URL: http://lkml.org/lkml/2005/8/3/36
+Draft CVE Text:
+sys_get_thread_area() in Linux 2.6 kernels prior to 2.6.12.4 and 2.6.13 does not entirely clear a user_desc
+structure before copying it to userspace, resulting in a small information leak.
 
 * fs_ext2_ext3_xattr-sharing.dpatch
     [Security] Xattr sharing bug


