diff options
author | Ben Hutchings <benh@debian.org> | 2013-04-02 03:35:22 +0000 |
---|---|---|
committer | Ben Hutchings <benh@debian.org> | 2013-04-02 03:35:22 +0000 |
commit | 6bf196c7c16b9e01855b968f13aa09f5a166332c (patch) | |
tree | 7c118848c23b5e305e015b0297678b1a0e42eed2 /retired/CVE-2013-2546 | |
parent | 41230469b1ede12cc2e30c27ddc63dc125287dd0 (diff) |
Mark CVE-2013-2546 as not affecting 2.6.32/squeeze, and retire
git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@2896 e094ebfe-e918-0410-adfb-c712417f3574
Diffstat (limited to 'retired/CVE-2013-2546')
-rw-r--r-- | retired/CVE-2013-2546 | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/retired/CVE-2013-2546 b/retired/CVE-2013-2546 new file mode 100644 index 00000000..de54be23 --- /dev/null +++ b/retired/CVE-2013-2546 @@ -0,0 +1,12 @@ +References: + http://seclists.org/oss-sec/2013/q1/598 +Description: information leak in crypto API +Notes: + jmm> This ID is about + jmm> The structures used for the netlink based crypto algorithm report API are located on the stack. As snprintf() does not fill the remainder of the buffer with null bytes, those stack bytes will be disclosed to users of the API. Switch to strncpy() to fix this. +Bugs: +upstream: released (3.9-rc1) [9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6] +2.6.32-upstream-stable: N/A "introduced in 3.2 commit a38f7907b926 etc." +sid: released (3.2.41-1) +2.6.32-squeeze-security: N/A "introduced in 3.2 commit a38f7907b926 etc." +3.2-upstream-stable: released (3.2.41) [crypto-user-fix-info-leaks-in-report-api.patch] |