diff options
author | Ben Hutchings <benh@debian.org> | 2016-01-14 22:45:53 +0000 |
---|---|---|
committer | Ben Hutchings <benh@debian.org> | 2016-01-14 22:45:53 +0000 |
commit | 7e3933342996dbab974584a0ed9f1daa6d01e3a4 (patch) | |
tree | 36ed8b3f6776ba235eab46d5bd4bafed48b1dba5 /retired | |
parent | 3c4b155201ee6ff543ef3ed6964b18798b2df81d (diff) |
Retire various issues
All marked ignored, released or N/A for Debian
and ignored, released, pending or N/A for upstream.
git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@4090 e094ebfe-e918-0410-adfb-c712417f3574
Diffstat (limited to 'retired')
-rw-r--r-- | retired/CVE-2013-7446 | 16 | ||||
-rw-r--r-- | retired/CVE-2015-7990 | 13 | ||||
-rw-r--r-- | retired/CVE-2015-8550 | 12 | ||||
-rw-r--r-- | retired/CVE-2015-8551 | 12 | ||||
-rw-r--r-- | retired/CVE-2015-8552 | 12 | ||||
-rw-r--r-- | retired/CVE-2015-8569 | 14 |
6 files changed, 79 insertions, 0 deletions
diff --git a/retired/CVE-2013-7446 b/retired/CVE-2013-7446 new file mode 100644 index 00000000..1c844811 --- /dev/null +++ b/retired/CVE-2013-7446 @@ -0,0 +1,16 @@ +Description: Unix sockets use after free - peer_wait_queue prematurely freed +References: + - https://bugzilla.redhat.com/show_bug.cgi?id=1282688 + - http://www.openwall.com/lists/oss-security/2015/11/18/9 + - https://patchwork.ozlabs.org/patch/547061/ +Notes: + bwh> Patch claims this was introduced by commit ec0d215f9420, i.e. Linux 2.6.26 +Bugs: +upstream: released (4.4-rc4) [7d267278a9ece963d77eefec61630223fce08c6c] +3.16-upstream-stable: released (3.16.7-ckt22) +3.2-upstream-stable: released (3.2.75) [unix-avoid-use-after-free-in-ep_remove_wait_queue.patch] +2.6.32-upstream-stable: pending (2.6.32.70) +sid: released (4.2.6-2) [bugfix/all/unix-avoid-use-after-free-in-ep_remove_wait_queue.patch] +3.16-jessie-security: released (3.16.7-ckt20-1+deb8u1) [bugfix/all/unix-avoid-use-after-free-in-ep_remove_wait_queue.patch] +3.2-wheezy-security: released (3.2.73-2+deb7u1) [bugfix/all/unix-avoid-use-after-free-in-ep_remove_wait_queue.patch] +2.6.32-squeeze-security: released (2.6.32-48squeeze17) [bugfix/all/unix-avoid-use-after-free-in-ep_remove_wait_queue.patch] diff --git a/retired/CVE-2015-7990 b/retired/CVE-2015-7990 new file mode 100644 index 00000000..12f2f32c --- /dev/null +++ b/retired/CVE-2015-7990 @@ -0,0 +1,13 @@ +Description: Incomplete fix for CVE-2015-6937 +References: + https://lkml.org/lkml/2015/10/16/530 +Notes: +Bugs: +upstream: released (4.4-rc4) [8c7188b23474cca017b3ef354c4a58456f68303a] +3.16-upstream-stable: released (3.16.7-ckt22) +3.2-upstream-stable: released (3.2.75) [rds-fix-race-condition-when-sending-a-message-on-unbound-socket.patch] +2.6.32-upstream-stable: pending (2.6.32.70) +sid: released (4.2.6-1) [bugfix/all/rds-fix-race-condition-when-sending-a-message-on-unbound-socket.patch] +3.16-jessie-security: released (3.16.7-ckt11-1+deb8u6) [bugfix/all/rds-fix-race-condition-when-sending-a-message-on-unbound-socket.patch] +3.2-wheezy-security: released (3.2.68-1+deb7u6) [bugfix/all/rds-fix-race-condition-when-sending-a-message-on-unbound-socket.patch] +2.6.32-squeeze-security: released (2.6.32-48squeeze17) [bugfix/all/rds-fix-race-condition-when-sending-a-message-on-unbound-socket.patch] diff --git a/retired/CVE-2015-8550 b/retired/CVE-2015-8550 new file mode 100644 index 00000000..c579bfd4 --- /dev/null +++ b/retired/CVE-2015-8550 @@ -0,0 +1,12 @@ +Description: paravirtualized drivers incautious about shared memory contents +References: http://xenbits.xen.org/xsa/advisory-155.html +Notes: +Bugs: +upstream: released (4.4-rc6) [454d5d882c7e412b840e3c99010fe81a9862f6fb, 0f589967a73f1f30ab4ac4dd9ce0bb399b4d6357, 68a33bfd8403e4e22847165d149823a2e0e67c9c, 1f13d75ccb806260079e0679d55d9253e370ec8a, 18779149101c0dd43ded43669ae2a92d21b6f9cb, be69746ec12f35b484707da505c6c76ff06f97dc, 8135cf8b092723dbfcc611fe6fdcb3a36c9951c5] +3.16-upstream-stable: pending (3.16.7-ckt23) +3.2-upstream-stable: pending (3.2.76) [xen-add-ring_copy_request.patch, xen-netback-don-t-use-last-request-to-determine-minimum-tx-credit.patch, xen-netback-use-ring_copy_request-throughout.patch, xen-blkback-only-read-request-operation-from-shared-ring-once.patch, xen-pciback-save-xen_pci_op-commands-before-processing-it.patch#] +2.6.32-upstream-stable: N/A "Vulnerable code not present" +sid: released (4.3.3-3) [bugfix/all/xen-add-ring_copy_request.patch, bugfix/all/xen-netback-don-t-use-last-request-to-determine-mini.patch, bugfix/all/xen-netback-use-ring_copy_request-throughout.patch, bugfix/all/xen-blkback-only-read-request-operation-from-shared-.patch, bugfix/all/xen-blkback-read-from-indirect-descriptors-only-once.patch, bugfix/all/xen-scsiback-safely-copy-requests.patch, bugfix/all/xen-pciback-save-xen_pci_op-commands-before-processi.patch] +3.16-jessie-security: released (3.16.7-ckt20-1+deb8u2) [bugfix/all/xen-add-ring_copy_request.patch, bugfix/all/xen-netback-don-t-use-last-request-to-determine-mini.patch, bugfix/all/xen-netback-use-ring_copy_request-throughout.patch, bugfix/all/xen-blkback-only-read-request-operation-from-shared-.patch, bugfix/all/xen-blkback-read-from-indirect-descriptors-only-once.patch, bugfix/all/xen-pciback-save-xen_pci_op-commands-before-processi.patch] +3.2-wheezy-security: released (3.2.73-2+deb7u2) [bugfix/all/xen-add-ring_copy_request.patch, bugfix/all/xen-netback-don-t-use-last-request-to-determine-mini.patch, bugfix/all/xen-netback-use-ring_copy_request-throughout.patch, bugfix/all/xen-blkback-only-read-request-operation-from-shared-.patch, bugfix/all/xen-pciback-save-xen_pci_op-commands-before-processi.patch] +2.6.32-squeeze-security: ignored "Xen not supported in Squeeze LTS" diff --git a/retired/CVE-2015-8551 b/retired/CVE-2015-8551 new file mode 100644 index 00000000..d069c08c --- /dev/null +++ b/retired/CVE-2015-8551 @@ -0,0 +1,12 @@ +Description: Linux pciback missing sanity checks leading to crash +References: http://xenbits.xen.org/xsa/advisory-157.html +Notes: Same set of fixes as for CVE-2015-8552 +Bugs: +upstream: released (4.4-rc6) [56441f3c8e5bd45aab10dd9f8c505dd4bec03b0d, 5e0ce1455c09dd61d029b8ad45d82e1ac0b6c4c9, a396f3a210c3a61e94d6b87ec05a75d0be2a60d0, 7cfb905b9638982862f0331b36ccaaca5d383b49, 408fb0e5aa7fda0059db282ff58c3b2a4278baa0] +3.16-upstream-stable: pending (3.16.7-ckt23) +3.2-upstream-stable: pending (3.2.76) [xen-pciback-return-error-on-xen_pci_op_enable_msi-when-device-has.patch, xen-pciback-return-error-on-xen_pci_op_enable_msix-when-device-has.patch, xen-pciback-do-not-install-an-irq-handler-for-msi-interrupts.patch, xen-pciback-for-xen_pci_op_disable_msi-only-disable-if-device.patch, xen-pciback-don-t-allow-msi-x-ops-if-pci_command_memory-is-not-set.patch] +2.6.32-upstream-stable: N/A "Vulnerable code not present" +sid: released (4.3.3-3) [bugfix/all/xen-pciback-return-error-on-xen_pci_op_enable_msi-wh.patch, bugfix/all/xen-pciback-return-error-on-xen_pci_op_enable_msix-w.patch, bugfix/all/xen-pciback-do-not-install-an-irq-handler-for-msi-in.patch, bugfix/all/xen-pciback-for-xen_pci_op_disable_msi-x-only-disabl.patch, bugfix/all/xen-pciback-don-t-allow-msi-x-ops-if-pci_command_mem.patch] +3.16-jessie-security: released (3.16.7-ckt20-1+deb8u2) [bugfix/all/xen-pciback-return-error-on-xen_pci_op_enable_msi-wh.patch, bugfix/all/xen-pciback-return-error-on-xen_pci_op_enable_msix-w.patch, bugfix/all/xen-pciback-do-not-install-an-irq-handler-for-msi-in.patch, bugfix/all/xen-pciback-for-xen_pci_op_disable_msi-x-only-disabl.patch, bugfix/all/xen-pciback-don-t-allow-msi-x-ops-if-pci_command_mem.patch] +3.2-wheezy-security: released (3.2.73-2+deb7u2) [bugfix/all/xen-pciback-return-error-on-xen_pci_op_enable_msi-wh.patch, bugfix/all/xen-pciback-return-error-on-xen_pci_op_enable_msix-w.patch, bugfix/all/xen-pciback-do-not-install-an-irq-handler-for-msi-in.patch, bugfix/all/xen-pciback-for-xen_pci_op_disable_msi-x-only-disabl.patch, bugfix/all/xen-pciback-don-t-allow-msi-x-ops-if-pci_command_mem.patch] +2.6.32-squeeze-security: ignored "Xen not supported in Squeeze LTS" diff --git a/retired/CVE-2015-8552 b/retired/CVE-2015-8552 new file mode 100644 index 00000000..51645e79 --- /dev/null +++ b/retired/CVE-2015-8552 @@ -0,0 +1,12 @@ +Description: Linux pciback missing sanity checks leading to crash +References: http://xenbits.xen.org/xsa/advisory-157.html +Notes: Same set of fixes as for CVE-2015-8551 +Bugs: +upstream: released (4.4-rc6) [56441f3c8e5bd45aab10dd9f8c505dd4bec03b0d, 5e0ce1455c09dd61d029b8ad45d82e1ac0b6c4c9, a396f3a210c3a61e94d6b87ec05a75d0be2a60d0, 7cfb905b9638982862f0331b36ccaaca5d383b49, 408fb0e5aa7fda0059db282ff58c3b2a4278baa0] +3.16-upstream-stable: pending (3.16.7-ckt23) +3.2-upstream-stable: pending (3.2.76) [xen-pciback-return-error-on-xen_pci_op_enable_msi-when-device-has.patch, xen-pciback-return-error-on-xen_pci_op_enable_msix-when-device-has.patch, xen-pciback-do-not-install-an-irq-handler-for-msi-interrupts.patch, xen-pciback-for-xen_pci_op_disable_msi-only-disable-if-device.patch, xen-pciback-don-t-allow-msi-x-ops-if-pci_command_memory-is-not-set.patch] +2.6.32-upstream-stable: N/A "Vulnerable code not present" +sid: released (4.3.3-3) [bugfix/all/xen-pciback-return-error-on-xen_pci_op_enable_msi-wh.patch, bugfix/all/xen-pciback-return-error-on-xen_pci_op_enable_msix-w.patch, bugfix/all/xen-pciback-do-not-install-an-irq-handler-for-msi-in.patch, bugfix/all/xen-pciback-for-xen_pci_op_disable_msi-x-only-disabl.patch, bugfix/all/xen-pciback-don-t-allow-msi-x-ops-if-pci_command_mem.patch] +3.16-jessie-security: released (3.16.7-ckt20-1+deb8u2) [bugfix/all/xen-pciback-return-error-on-xen_pci_op_enable_msi-wh.patch, bugfix/all/xen-pciback-return-error-on-xen_pci_op_enable_msix-w.patch, bugfix/all/xen-pciback-do-not-install-an-irq-handler-for-msi-in.patch, bugfix/all/xen-pciback-for-xen_pci_op_disable_msi-x-only-disabl.patch, bugfix/all/xen-pciback-don-t-allow-msi-x-ops-if-pci_command_mem.patch] +3.2-wheezy-security: released (3.2.73-2+deb7u2) [bugfix/all/xen-pciback-return-error-on-xen_pci_op_enable_msi-wh.patch, bugfix/all/xen-pciback-return-error-on-xen_pci_op_enable_msix-w.patch, bugfix/all/xen-pciback-do-not-install-an-irq-handler-for-msi-in.patch, bugfix/all/xen-pciback-for-xen_pci_op_disable_msi-x-only-disabl.patch, bugfix/all/xen-pciback-don-t-allow-msi-x-ops-if-pci_command_mem.patch] +2.6.32-squeeze-security: ignored "Xen not supported in Squeeze LTS" diff --git a/retired/CVE-2015-8569 b/retired/CVE-2015-8569 new file mode 100644 index 00000000..96d238ea --- /dev/null +++ b/retired/CVE-2015-8569 @@ -0,0 +1,14 @@ +Description: information leak from pptp get{sock,peer}name +References: + - http://twitter.com/grsecurity/statuses/676744240802750464 + - https://lkml.org/lkml/2015/12/14/252 +Notes: +Bugs: +upstream: released (4.4-rc6) [09ccfd238e5a0e670d8178cf50180ea81ae09ae1] +3.16-upstream-stable: released (3.16.7-ckt22) +3.2-upstream-stable: released (3.2.75) [pptp-verify-sockaddr_len-in-pptp_bind-and-pptp_connect.patch] +2.6.32-upstream-stable: N/A "Vulnerable code not present" +sid: released (4.3.3-3) [bugfix/all/pptp-verify-sockaddr_len-in-pptp_bind-and-pptp_conne.patch] +3.16-jessie-security: released (3.16.7-ckt20-1+deb8u2) [bugfix/all/pptp-verify-sockaddr_len-in-pptp_bind-and-pptp_conne.patch] +3.2-wheezy-security: released (3.2.73-2+deb7u2) [bugfix/all/pptp-verify-sockaddr_len-in-pptp_bind-and-pptp_conne.patch] +2.6.32-squeeze-security: N/A "Vulnerable code not present" |