Retire CVE-2013-7421/CVE-2014-9644 and CVE-2014-8559

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@3698 e094ebfe-e918-0410-adfb-c712417f3574

1 files changed, 13 insertions, 0 deletions

diff --git a/retired/CVE-2013-7421 b/retired/CVE-2013-7421
new file mode 100644
index 00000000..682dd209
--- /dev/null
+++ b/retired/CVE-2013-7421
@@ -0,0 +1,13 @@
+Description: crypto api unprivileged arbitrary module load
+References:
+Notes:
+ jmm> The thread at http://www.openwall.com/lists/oss-security/2015/01/24/4
+ jmm> provides some hairsplitting, but essentially CVE-2013-7421 and CVE-2014-9644 are identical
+Bugs:
+upstream: released (3.19-rc6) [5d26a105b5a73e5635eae0629b42fa0a90e07b7b, 4943ba16bbc2db05115707b3ff7b4874e9e3c560, 3e14dcf7cb80b34a1f38b55bc96f02d23fdaaaaf]
+2.6.32-upstream-stable: N/A "Introduced in 2.6.38"
+sid: released (3.16.7-ckt4-2) [bugfix/all/crypto-prefix-module-autoloading-with-crypto.patch, bugfix/all/crypto-include-crypto-module-prefix-in-template.patch, +bugfix/all/crypto-add-missing-crypto-module-aliases.patch]
+3.2-wheezy-security: released (3.2.65-1+deb7u2) [bugfix/all/crypto-prefix-module-autoloading-with-crypto.patch, bugfix/all/crypto-include-crypto-module-prefix-in-template.patch, +bugfix/all/crypto-add-missing-crypto-module-aliases.patch]
+2.6.32-squeeze-security: N/A "Introduced in 2.6.38"
+3.16-upstream-stable: released (3.16.7-ckt6)
+3.2-upstream-stable: released (3.2.67) [crypto-prefix-module-autoloading-with-crypto.patch, crypto-include-crypto-module-prefix-in-template.patch, crypto-add-missing-crypto-module-aliases.patch]