Mark CVE-2013-2546 as not affecting 2.6.32/squeeze, and retire

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@2896 e094ebfe-e918-0410-adfb-c712417f3574
author: Ben Hutchings <benh@debian.org> 2013-04-02 03:35:22 +0000
committer: Ben Hutchings <benh@debian.org> 2013-04-02 03:35:22 +0000
commit: 6bf196c7c16b9e01855b968f13aa09f5a166332c (patch)
tree: 7c118848c23b5e305e015b0297678b1a0e42eed2 /retired/CVE-2013-2546
parent: 41230469b1ede12cc2e30c27ddc63dc125287dd0 (diff)
1 files changed, 12 insertions, 0 deletions
diff --git a/retired/CVE-2013-2546 b/retired/CVE-2013-2546
new file mode 100644
index 00000000..de54be23
--- /dev/null
+++ b/retired/CVE-2013-2546
@@ -0,0 +1,12 @@
+References:
+ http://seclists.org/oss-sec/2013/q1/598
+Description: information leak in crypto API
+Notes:
+ jmm> This ID is about
+ jmm> The structures used for the netlink based crypto algorithm report API are located on the stack. As snprintf() does not fill the remainder of the buffer with null bytes, those stack bytes will be disclosed to users of the API. Switch to strncpy() to fix this.
+Bugs:
+upstream: released (3.9-rc1) [9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6]
+2.6.32-upstream-stable: N/A "introduced in 3.2 commit a38f7907b926 etc."
+sid: released (3.2.41-1)
+2.6.32-squeeze-security: N/A "introduced in 3.2 commit a38f7907b926 etc."
+3.2-upstream-stable: released (3.2.41) [crypto-user-fix-info-leaks-in-report-api.patch]
author	Ben Hutchings <benh@debian.org>	2013-04-02 03:35:22 +0000
committer	Ben Hutchings <benh@debian.org>	2013-04-02 03:35:22 +0000
commit	6bf196c7c16b9e01855b968f13aa09f5a166332c (patch)
tree	7c118848c23b5e305e015b0297678b1a0e42eed2 /retired/CVE-2013-2546
parent	41230469b1ede12cc2e30c27ddc63dc125287dd0 (diff)