diff options
author | Ben Hutchings <benh@debian.org> | 2013-04-02 03:39:39 +0000 |
---|---|---|
committer | Ben Hutchings <benh@debian.org> | 2013-04-02 03:39:39 +0000 |
commit | 6d52a0c7e9d7fc4dd291d107700d13b95d5ed26e (patch) | |
tree | 19fcaf10cfa85626fc3e5f71613c4ce956fa7d4f /retired | |
parent | 6bf196c7c16b9e01855b968f13aa09f5a166332c (diff) |
Mark CVE-2013-254{7,8} as not affecting 2.6.32/squeeze, and retire
git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@2897 e094ebfe-e918-0410-adfb-c712417f3574
Diffstat (limited to 'retired')
-rw-r--r-- | retired/CVE-2013-2547 | 12 | ||||
-rw-r--r-- | retired/CVE-2013-2548 | 12 |
2 files changed, 24 insertions, 0 deletions
diff --git a/retired/CVE-2013-2547 b/retired/CVE-2013-2547 new file mode 100644 index 000000000..aa463650a --- /dev/null +++ b/retired/CVE-2013-2547 @@ -0,0 +1,12 @@ +References: + http://seclists.org/oss-sec/2013/q1/598 +Description: information leak in crypto API +Notes: + jmm> This ID is about + jmm> crypto_report_one() does not initialize all field of struct crypto_user_alg. Fix this to fix the heap info leak. +Bugs: +upstream: released (3.9-rc1) [9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6] +2.6.32-upstream-stable: N/A "introduced in 3.2 commit a38f7907b926" +sid: released (3.2.41-1) +2.6.32-squeeze-security: N/A "introduced in 3.2 commit a38f7907b926" +3.2-upstream-stable: released (3.2.41) [crypto-user-fix-info-leaks-in-report-api.patch] diff --git a/retired/CVE-2013-2548 b/retired/CVE-2013-2548 new file mode 100644 index 000000000..a1b15a2d5 --- /dev/null +++ b/retired/CVE-2013-2548 @@ -0,0 +1,12 @@ +References: + http://seclists.org/oss-sec/2013/q1/598 +Description: information leak in crypto API +Notes: + jmm> This ID is about + jmm> For the module name we should copy only as many bytes as module_name() returns -- not as much as the destination buffer could hold. But the current code does not and therefore copies random data from behind the end of the module name, as the module name is always shorter than CRYPTO_MAX_ALG_NAME. +Bugs: +upstream: released (3.9-rc1) [9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6] +2.6.32-upstream-stable: N/A "introduced in 3.2 commit a38f7907b926" +sid: released (3.2.41-1) +2.6.32-squeeze-security: N/A "introduced in 3.2 commit a38f7907b926" +3.2-upstream-stable: released (3.2.41) [crypto-user-fix-info-leaks-in-report-api.patch]
\ No newline at end of file |