diff options
| author | Ben Hutchings <benh@debian.org> | 2013-04-02 03:39:39 +0000 |
|---|---|---|
| committer | Ben Hutchings <benh@debian.org> | 2013-04-02 03:39:39 +0000 |
| commit | 6d52a0c7e9d7fc4dd291d107700d13b95d5ed26e (patch) | |
| tree | 19fcaf10cfa85626fc3e5f71613c4ce956fa7d4f /retired/CVE-2013-2547 | |
| parent | 6bf196c7c16b9e01855b968f13aa09f5a166332c (diff) | |
Mark CVE-2013-254{7,8} as not affecting 2.6.32/squeeze, and retire
git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@2897 e094ebfe-e918-0410-adfb-c712417f3574
Diffstat (limited to 'retired/CVE-2013-2547')
| -rw-r--r-- | retired/CVE-2013-2547 | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/retired/CVE-2013-2547 b/retired/CVE-2013-2547 new file mode 100644 index 00000000..aa463650 --- /dev/null +++ b/retired/CVE-2013-2547 @@ -0,0 +1,12 @@ +References: + http://seclists.org/oss-sec/2013/q1/598 +Description: information leak in crypto API +Notes: + jmm> This ID is about + jmm> crypto_report_one() does not initialize all field of struct crypto_user_alg. Fix this to fix the heap info leak. +Bugs: +upstream: released (3.9-rc1) [9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6] +2.6.32-upstream-stable: N/A "introduced in 3.2 commit a38f7907b926" +sid: released (3.2.41-1) +2.6.32-squeeze-security: N/A "introduced in 3.2 commit a38f7907b926" +3.2-upstream-stable: released (3.2.41) [crypto-user-fix-info-leaks-in-report-api.patch] |