Retire CVE-2013-7348

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@3291 e094ebfe-e918-0410-adfb-c712417f3574
author: Ben Hutchings <benh@debian.org> 2014-04-03 23:54:49 +0000
committer: Ben Hutchings <benh@debian.org> 2014-04-03 23:54:49 +0000
commit: c512a89c1d6b81d1005cdd5604833bef87a93b2e (patch)
tree: 3da36224be19c78fe842e47b2a55beac7b0b7ea5 /retired/CVE-2013-7348
parent: 3726f80e12d9a1a9cc5d1a6a0bf977278f57de0a (diff)
1 files changed, 16 insertions, 0 deletions
diff --git a/retired/CVE-2013-7348 b/retired/CVE-2013-7348
new file mode 100644
index 00000000..48c3aa82
--- /dev/null
+++ b/retired/CVE-2013-7348
@@ -0,0 +1,16 @@
+Description: aio: prevent double free in ioctx_alloc
+References:
+Notes:
+ bwh> So far as I can see, this was introduced by commit e34ecee2ae79
+ bwh> "aio: Fix a trinity splat" and fixed by commit d558023207e0, both
+ bwh> of which went into 3.13-rc3 and 3.12.4.  So no releases appear to
+ bwh> be affected and this CVE is entirely bogus.
+ bwh> There was another regression caused by "aio: Fix a trinity splat",
+ bwh> fixed by commit 200067a3f3e7 "aio: fix kioctx leak ..."
+Bugs:
+upstream: N/A "vulnerable code not present"
+2.6.32-upstream-stable: N/A "vulnerable code not present"
+sid: N/A "vulnerable code not present"
+3.2-wheezy-security: N/A "vulnerable code not present"
+2.6.32-squeeze-security: N/A "vulnerable code not present"
+3.2-upstream-stable: N/A "vulnerable code not present"
author	Ben Hutchings <benh@debian.org>	2014-04-03 23:54:49 +0000
committer	Ben Hutchings <benh@debian.org>	2014-04-03 23:54:49 +0000
commit	c512a89c1d6b81d1005cdd5604833bef87a93b2e (patch)
tree	3da36224be19c78fe842e47b2a55beac7b0b7ea5 /retired/CVE-2013-7348
parent	3726f80e12d9a1a9cc5d1a6a0bf977278f57de0a (diff)