summaryrefslogtreecommitdiffstats
path: root/retired
diff options
context:
space:
mode:
authorMoritz Muehlenhoff <jmm@debian.org>2015-07-20 14:56:12 +0000
committerMoritz Muehlenhoff <jmm@debian.org>2015-07-20 14:56:12 +0000
commit226a2d82fa924f1e5ea68a6865c63c8df551c56b (patch)
tree5300a0111451b9377843d275916427eca3d8d08c /retired
parent85c7d7078187ff9756eaccf2944e00b710fab512 (diff)
retire issues only pending in 2.6.32.x (these releases only
happen rarely) git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@3864 e094ebfe-e918-0410-adfb-c712417f3574
Diffstat (limited to 'retired')
-rw-r--r--retired/CVE-2011-532114
-rw-r--r--retired/CVE-2012-668912
-rw-r--r--retired/CVE-2014-318413
-rw-r--r--retired/CVE-2014-968312
-rw-r--r--retired/CVE-2014-972812
-rw-r--r--retired/CVE-2014-972914
-rw-r--r--retired/CVE-2014-973015
-rw-r--r--retired/CVE-2014-973112
8 files changed, 104 insertions, 0 deletions
diff --git a/retired/CVE-2011-5321 b/retired/CVE-2011-5321
new file mode 100644
index 00000000..c85f0c55
--- /dev/null
+++ b/retired/CVE-2011-5321
@@ -0,0 +1,14 @@
+Description: tty: kobject reference leakage in tty_open
+References:
+ Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c290f8358acaeffd8e0c551ddcc24d1206143376 (v3.2-rc1)
+ Introduced by: Introduced by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4a2b5fddd53b80efcb3266ee36e23b8de28e761a (v2.6.28-rc1)
+Notes:
+Bugs:
+upstream: released (v3.2-rc1) [c290f8358acaeffd8e0c551ddcc24d1206143376]
+2.6.32-upstream-stable: pending (2.6.32.68)
+sid: released (3.2.1-1)
+3.16-jessie-security: N/A "Fixed before initial release"
+3.2-wheezy-security: N/A "Fixed before initial release"
+2.6.32-squeeze-security: released (2.6.32-48squeeze12) [bugfix/all/tty-drop-driver-reference-in-tty_open-fail-path.patch]
+3.16-upstream-stable: N/A "Fixed before initial release"
+3.2-upstream-stable: released (v3.2-rc1) [c290f8358acaeffd8e0c551ddcc24d1206143376]
diff --git a/retired/CVE-2012-6689 b/retired/CVE-2012-6689
new file mode 100644
index 00000000..94ee6ccb
--- /dev/null
+++ b/retired/CVE-2012-6689
@@ -0,0 +1,12 @@
+Description: incorrect validation of netlink message origin allows attackers to spoof netlink messages
+References:
+Notes:
+Bugs:
+upstream: released (v3.6-rc5) [20e1db19db5d6b9e4e83021595eab0dc8f107bef]
+2.6.32-upstream-stable: pending (2.6.32.68)
+sid: released (3.2.30-1)
+3.16-jessie-security: N/A "Fixed before initial release"
+3.2-wheezy-security: N/A "fixed before wheezy release"
+2.6.32-squeeze-security: released (2.6.32-48squeeze12) [bugfix/all/netlink-fix-possible-spoofing-from-non-root-processe.patch]
+3.16-upstream-stable: N/A "fixed before 3.16"
+3.2-upstream-stable: released (3.2.30)
diff --git a/retired/CVE-2014-3184 b/retired/CVE-2014-3184
new file mode 100644
index 00000000..169965eb
--- /dev/null
+++ b/retired/CVE-2014-3184
@@ -0,0 +1,13 @@
+Description:
+References:
+ https://code.google.com/p/google-security-research/issues/detail?id=91
+Notes:
+Bugs:
+upstream: released (3.17-rc2) [4ab25786c87eb20857bbb715c3ae34ec8fd6a214]
+2.6.32-upstream-stable: pending (2.6.32.68)
+sid: released (3.16.2-2)
+3.16-jessie-security: N/A "Fixed before initial release"
+3.2-wheezy-security: released (3.2.63-1)
+2.6.32-squeeze-security: released (2.6.32-48squeeze12) [bugfix/all/hid-fix-a-couple-of-off-by-ones.patch]
+3.16-upstream-stable: released (3.16.2)
+3.2-upstream-stable: released (3.2.63)
diff --git a/retired/CVE-2014-9683 b/retired/CVE-2014-9683
new file mode 100644
index 00000000..c401fa8c
--- /dev/null
+++ b/retired/CVE-2014-9683
@@ -0,0 +1,12 @@
+Description: ecryptfs 1-byte overwrite
+References:
+Notes:
+Bugs:
+upstream: released (v3.19-rc1) [942080643bce061c3dd9d5718d3b745dcb39a8bc]
+2.6.32-upstream-stable: pending (2.6.32.68)
+sid: released (3.16.7-ckt4-1)
+3.16-jessie-security: N/A "Fixed before initial release"
+3.2-wheezy-security: released (3.2.65-1+deb7u2)
+2.6.32-squeeze-security: released (2.6.32-48squeeze11) [bugfix/all/ecryptfs-remove-buggy-and-unnecessary-write-in-file-.patch]
+3.16-upstream-stable: released (3.16.7-ckt4)
+3.2-upstream-stable: released (3.2.67)
diff --git a/retired/CVE-2014-9728 b/retired/CVE-2014-9728
new file mode 100644
index 00000000..884d74cb
--- /dev/null
+++ b/retired/CVE-2014-9728
@@ -0,0 +1,12 @@
+Description:
+References:
+Notes:
+Bugs:
+upstream: released (v3.19-rc3) [e159332b9af4b04d882dbcfe1bb0117f0a6d4b58, e237ec37ec154564f8690c5bd1795339955eeef9, a1d47b262952a45aae62bd49cfaf33dd76c11a2c]
+3.16-upstream-stable: released (3.16.7-ckt4)
+3.2-upstream-stable: released (3.2.67)
+2.6.32-upstream-stable: pending (2.6.32.68)
+sid: released (3.16.7-ckt4-1)
+3.16-jessie-security: N/A
+3.2-wheezy-security: released (3.2.68-1)
+2.6.32-squeeze-security: released (2.6.32-48squeeze12) [bugfix/all/udf-verify-i_size-when-loading-inode.patch, bugfix/all/udf-verify-symlink-size-before-loading-it.patch, bugfix/all/udf-check-component-length-before-reading-it.patch]
diff --git a/retired/CVE-2014-9729 b/retired/CVE-2014-9729
new file mode 100644
index 00000000..97259305
--- /dev/null
+++ b/retired/CVE-2014-9729
@@ -0,0 +1,14 @@
+Description:
+References:
+Notes:
+ For the "iinfo->i_lenAlloc != inode->i_size" issue in
+ https://marc.info/?l=oss-security&m=143335451223630&w=2
+Bugs:
+upstream: released (v3.19-rc3) [e159332b9af4b04d882dbcfe1bb0117f0a6d4b58]
+3.16-upstream-stable: released (3.16.7-ckt4)
+3.2-upstream-stable: released (3.2.67)
+2.6.32-upstream-stable: pending (2.6.32.68)
+sid: released (3.16.7-ckt4-1)
+3.16-jessie-security: N/A
+3.2-wheezy-security: released (3.2.68-1)
+2.6.32-squeeze-security: released (2.6.32-48squeeze12) [bugfix/all/udf-verify-i_size-when-loading-inode.patch]
diff --git a/retired/CVE-2014-9730 b/retired/CVE-2014-9730
new file mode 100644
index 00000000..0605551e
--- /dev/null
+++ b/retired/CVE-2014-9730
@@ -0,0 +1,15 @@
+Description:
+References:
+Notes:
+ For the "properly ignore component length for component types
+ that do not use it" issue in:
+ https://marc.info/?l=oss-security&m=143335451223630&w=2
+Bugs:
+upstream: released (v3.19-rc3) [e237ec37ec154564f8690c5bd1795339955eeef9]
+3.16-upstream-stable: released (3.16.7-ckt4)
+3.2-upstream-stable: released (3.2.67)
+2.6.32-upstream-stable: pending (2.6.32.68)
+sid: released (3.16.7-ckt4-1)
+3.16-jessie-security: N/A
+3.2-wheezy-security: released (3.2.68-1)
+2.6.32-squeeze-security: released (2.6.32-48squeeze12) [bugfix/all/udf-check-component-length-before-reading-it.patch]
diff --git a/retired/CVE-2014-9731 b/retired/CVE-2014-9731
new file mode 100644
index 00000000..ac961bfd
--- /dev/null
+++ b/retired/CVE-2014-9731
@@ -0,0 +1,12 @@
+Description: udf: information leakage when reading symlink
+References:
+Notes:
+Bugs:
+upstream: released (v3.19-rc3) [0e5cc9a40ada6046e6bc3bdfcd0c0d7e4b706b14]
+3.16-upstream-stable: released (3.16.7-ckt4)
+3.2-upstream-stable: released (3.2.67)
+2.6.32-upstream-stable: pending (2.6.32.68)
+sid: released (3.16.7-ckt4-1)
+3.16-jessie-security: N/A
+3.2-wheezy-security: released (3.2.68-1)
+2.6.32-squeeze-security: released (2.6.32-48squeeze12) [bugfix/all/udf-check-path-length-when-reading-symlink.patch]

© 2014-2024 Faster IT GmbH | imprint | privacy policy