diff options
author | Moritz Muehlenhoff <jmm@debian.org> | 2014-07-14 10:16:14 +0000 |
---|---|---|
committer | Moritz Muehlenhoff <jmm@debian.org> | 2014-07-14 10:16:14 +0000 |
commit | 62a92f5f266664476bac215626961ab647075056 (patch) | |
tree | 27f05669d005f5a7457e2e1a54710427a0a922d4 /retired | |
parent | fc1e12a588f67532c94cb9c2ef71c2f53efb4911 (diff) |
retire issues which have been submitted to 2.6.32.x LTS and which are fixed in
all other suites, 2.6.32.x releases at much slower pace, no need to wait here
git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@3442 e094ebfe-e918-0410-adfb-c712417f3574
Diffstat (limited to 'retired')
-rw-r--r-- | retired/CVE-2014-0203 | 10 | ||||
-rw-r--r-- | retired/CVE-2014-2678 | 11 | ||||
-rw-r--r-- | retired/CVE-2014-3122 | 10 | ||||
-rw-r--r-- | retired/CVE-2014-3144 | 14 | ||||
-rw-r--r-- | retired/CVE-2014-3145 | 11 | ||||
-rw-r--r-- | retired/CVE-2014-4656 | 10 |
6 files changed, 66 insertions, 0 deletions
diff --git a/retired/CVE-2014-0203 b/retired/CVE-2014-0203 new file mode 100644 index 00000000..efd29d55 --- /dev/null +++ b/retired/CVE-2014-0203 @@ -0,0 +1,10 @@ +Description: SLAB corruption in do_filp_open() +References: +Notes: +Bugs: +upstream: released (2.6.33-rc4) [86acdca1b63e6890540fa19495cfc708beff3d8b] +2.6.32-upstream-stable: pending (2.6.32.64) +sid: released (2.6.33-1~experimental.5) +3.2-wheezy-security: N/A +2.6.32-squeeze-security: released (2.6.32-48squeeze8) +3.2-upstream-stable: N/A diff --git a/retired/CVE-2014-2678 b/retired/CVE-2014-2678 new file mode 100644 index 00000000..9b7d5ec7 --- /dev/null +++ b/retired/CVE-2014-2678 @@ -0,0 +1,11 @@ +Description: rds: prevent dereference of a NULL device in rds_iw_laddr_check +References: + https://lkml.org/lkml/2014/3/29/188 +Notes: +Bugs: +upstream: released (3.15-rc1) [bf39b4247b8799935ea91d90db250ab608a58e50] +2.6.32-upstream-stable: pending (2.6.32.64) +sid: released (3.13.10-1) +3.2-wheezy-security: released (3.2.57-1) [bugfix/all/rds-prevent-dereference-of-a-null-device-in-rds_iw_laddr_check.patch] +2.6.32-squeeze-security: released (2.6.32-48squeeze8) +3.2-upstream-stable: released (3.2.58) [rds-prevent-dereference-of-a-null-device-in-rds_iw_laddr_check.patch] diff --git a/retired/CVE-2014-3122 b/retired/CVE-2014-3122 new file mode 100644 index 00000000..f6563ff0 --- /dev/null +++ b/retired/CVE-2014-3122 @@ -0,0 +1,10 @@ +Description: DoS in memory management +References: +Notes: +Bugs: 747326 +upstream: released (3.15-rc1) [57e68e9cd65b4b8eb4045a1e0d0746458502554c] +2.6.32-upstream-stable: pending (2.6.32.64) +sid: released (3.14.4-1) +3.2-wheezy-security: released (3.2.57-3+deb7u1) [bugfix/all/mm-try_to_unmap_cluster-should-lock_page-before-mloc.patch] +2.6.32-squeeze-security: released (2.6.32-48squeeze8) +3.2-upstream-stable: released (3.2.58) diff --git a/retired/CVE-2014-3144 b/retired/CVE-2014-3144 new file mode 100644 index 00000000..015d0976 --- /dev/null +++ b/retired/CVE-2014-3144 @@ -0,0 +1,14 @@ +Description: The BPF_S_ANC_NLATTR and BPF_S_ANC_NLATTR_NEST extensions fail to check for a minimal message length +References: + http://www.openwall.com/lists/oss-security/2014/05/09/5 +Notes: + Thought to be fixed in 3.14.4-1 by patch + bugfix/all/filter-prevent-nla-extensions-to-peek-beyond-the-end.patch, + but two hunks are applied in the same place so the bug is only half-fixed. +Bugs: +upstream: released (v3.15-rc2) [05ab8f2647e4221cbdb3856dd7d32bd5407316b3] +2.6.32-upstream-stable: pending (2.6.32.64) +sid: released (3.14.5-1) +3.2-wheezy-security: released (3.2.57-3+deb7u2) [bugfix/all/filter-prevent-nla-extensions-to-peek-beyond-the-end.patch] +2.6.32-squeeze-security: released (2.6.32-48squeeze8) +3.2-upstream-stable: released (3.2.60) diff --git a/retired/CVE-2014-3145 b/retired/CVE-2014-3145 new file mode 100644 index 00000000..2ad3ccdf --- /dev/null +++ b/retired/CVE-2014-3145 @@ -0,0 +1,11 @@ +Description: The remainder calculation for the BPF_S_ANC_NLATTR_NEST extension is also wrong. It has the minuend and subtrahend mixed up +References: + http://www.openwall.com/lists/oss-security/2014/05/09/5 +Notes: +Bugs: +upstream: released (v3.15-rc2) [05ab8f2647e4221cbdb3856dd7d32bd5407316b3] +2.6.32-upstream-stable: pending (2.6.32.64) +sid: released (3.14.4-1) [bugfix/all/filter-prevent-nla-extensions-to-peek-beyond-the-end.patch] +3.2-wheezy-security: released (3.2.57-3+deb7u2) [bugfix/all/filter-prevent-nla-extensions-to-peek-beyond-the-end.patch] +2.6.32-squeeze-security: released (2.6.32-48squeeze8) +3.2-upstream-stable: released (3.2.60) diff --git a/retired/CVE-2014-4656 b/retired/CVE-2014-4656 new file mode 100644 index 00000000..eb4fb0e0 --- /dev/null +++ b/retired/CVE-2014-4656 @@ -0,0 +1,10 @@ +Description: ALSA user controls integer overflows +References: +Notes: +Bugs: +upstream: released (3.16-rc2) [883a1d49f0d77d30012f114b2e19fc141beb3e8e, ac902c112d90a89e59916f751c2745f4dbdbb4bd] +2.6.32-upstream-stable: pending (2.6.32.64) +sid: released (3.14.9-1) +3.2-wheezy-security: released (3.2.60-1) [bugfix/all/ALSA-control-Make-sure-that-id-index-does-not-overfl.patch, bugfix/all/ALSA-control-Handle-numid-overflow.patch] +2.6.32-squeeze-security: released (2.6.32-48squeeze8) +3.2-upstream-stable: released (3.2.61) [alsa-control-make-sure-that-id-index-does-not-overflow.patch, alsa-control-handle-numid-overflow.patch] |