diff options
author | Moritz Muehlenhoff <jmm@debian.org> | 2013-06-11 19:03:15 +0000 |
---|---|---|
committer | Moritz Muehlenhoff <jmm@debian.org> | 2013-06-11 19:03:15 +0000 |
commit | 80031abfd7f10f35f770c17fa4b621029073f72d (patch) | |
tree | a094381bf394d8279c1173e13420f2b5cb6c2f42 /retired | |
parent | dd75b0cc7e820ddf9cf80e795107adae91d6bc8e (diff) |
retire
git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@2985 e094ebfe-e918-0410-adfb-c712417f3574
Diffstat (limited to 'retired')
-rw-r--r-- | retired/CVE-2013-1774 | 10 | ||||
-rw-r--r-- | retired/CVE-2013-1792 | 12 | ||||
-rw-r--r-- | retired/CVE-2013-1796 | 10 | ||||
-rw-r--r-- | retired/CVE-2013-1798 | 10 | ||||
-rw-r--r-- | retired/CVE-2013-1826 | 11 | ||||
-rw-r--r-- | retired/CVE-2013-1860 | 10 | ||||
-rw-r--r-- | retired/CVE-2013-1928 | 12 | ||||
-rw-r--r-- | retired/CVE-2013-2015 | 12 | ||||
-rw-r--r-- | retired/CVE-2013-2058 | 10 | ||||
-rw-r--r-- | retired/CVE-2013-2634 | 10 | ||||
-rw-r--r-- | retired/CVE-2013-3222 | 11 | ||||
-rw-r--r-- | retired/CVE-2013-3223 | 10 | ||||
-rw-r--r-- | retired/CVE-2013-3224 | 10 | ||||
-rw-r--r-- | retired/CVE-2013-3225 | 10 | ||||
-rw-r--r-- | retired/CVE-2013-3228 | 10 | ||||
-rw-r--r-- | retired/CVE-2013-3229 | 10 | ||||
-rw-r--r-- | retired/CVE-2013-3231 | 10 | ||||
-rw-r--r-- | retired/CVE-2013-3234 | 10 | ||||
-rw-r--r-- | retired/CVE-2013-3235 | 10 |
19 files changed, 198 insertions, 0 deletions
diff --git a/retired/CVE-2013-1774 b/retired/CVE-2013-1774 new file mode 100644 index 00000000..44902bd6 --- /dev/null +++ b/retired/CVE-2013-1774 @@ -0,0 +1,10 @@ +Description: USB io_ti driver NULL pointer dereference in routine chase_port +References: +Notes: +Bugs: +upstream: released (3.8) [1ee0a224bc9aad1de496c795f96bc6ba2c394811] +2.6.32-upstream-stable: released (2.6.32.61) +sid: released (3.2.38-1) +2.6.32-squeeze-security: released (2.6.32-48squeeze2) [bugfix/all/USB-io_ti-Fix-Null-dereference-in-chase-port.patch] +3.2-upstream-stable: released (3.2.38) [7b4992729ddd232f6026c109f93d8296ca58b3ed] +3.2-wheezy-security: released (3.2.39-1) diff --git a/retired/CVE-2013-1792 b/retired/CVE-2013-1792 new file mode 100644 index 00000000..a990edb1 --- /dev/null +++ b/retired/CVE-2013-1792 @@ -0,0 +1,12 @@ +Description: install_user_keyrings() race +References: + http://lkml.org/lkml/2013/3/6/535 +Notes: +Bugs: +upstream: released (3.9-rc3) [0da9dfdd2cd9889201bc6f6f43580c99165cd087] +2.6.32-upstream-stable: released (2.6.32.61) +sid: released (3.2.41-1) +2.6.32-squeeze-security: released (2.6.32-48squeeze2) [bugfix/all/keys-fix-race-with-concurrent-install_user_keyrings.patch] +3.2-upstream-stable: released (3.2.41) [keys-fix-race-with-concurrent-install_user_keyrings.patch] +3.2-wheezy-security: released (3.2.41-1) + diff --git a/retired/CVE-2013-1796 b/retired/CVE-2013-1796 new file mode 100644 index 00000000..0fe516f6 --- /dev/null +++ b/retired/CVE-2013-1796 @@ -0,0 +1,10 @@ +Description: buffer overflow in handling of MSR_KVM_SYSTEM_TIME +References: +Notes: +Bugs: +upstream: released (3.9-rc3) [c300aa64ddf57d9c5d9c898a64b36877345dd4a9] +2.6.32-upstream-stable: released (2.6.32.61) +sid: released (3.2.41-2) [bugfix/x86/KVM-x86-fix-for-buffer-overflow-in-handling-of-MSR_K.patch] +2.6.32-squeeze-security: released (2.6.32-48squeeze2) [bugfix/x86/KVM-x86-fix-for-buffer-overflow-in-handling-of-MSR_K.patch, bugfix/x86/KVM-x86-relax-MSR_KVM_SYSTEM_TIME-alignment-check.patch] +3.2-upstream-stable: released (3.2.44) +3.2-wheezy-security: released (3.2.41-2) diff --git a/retired/CVE-2013-1798 b/retired/CVE-2013-1798 new file mode 100644 index 00000000..8869187d --- /dev/null +++ b/retired/CVE-2013-1798 @@ -0,0 +1,10 @@ +Description: insufficient bounds checking in ioapic indirect register reads +References: +Notes: +Bugs: +upstream: released (3.9-rc3) [a2c118bfab8bc6b8bb213abfc35201e441693d55] +2.6.32-upstream-stable: released (2.6.32.61) +sid: released (3.2.41-2) [bugfix/all/KVM-Fix-bounds-checking-in-ioapic-indirect-register-.patch] +2.6.32-squeeze-security: released (2.6.32-48squeeze2) [bugfix/all/KVM-Fix-bounds-checking-in-ioapic-indirect-register-.patch] +3.2-upstream-stable: released (3.2.44) +3.2-wheezy-security: released (3.2.41-2) diff --git a/retired/CVE-2013-1826 b/retired/CVE-2013-1826 new file mode 100644 index 00000000..bdbfb280 --- /dev/null +++ b/retired/CVE-2013-1826 @@ -0,0 +1,11 @@ +Description: xfrm_user: NULL pointer deref +References: + http://seclists.org/oss-sec/2013/q1/598 +Notes: +Bugs: +upstream: released (3.6) [864745d291b5ba80ea0bd0edcbe67273de368836, c25463722509fef0ed630b271576a8c9a70236f3] +2.6.32-upstream-stable: released (2.6.32.61) +sid: released (3.2.32-1) +2.6.32-squeeze-security: released (2.6.32-48squeeze2) [bugfix/all/xfrm_user-return-error-pointer-instead-of-NULL.patch, bugfix/all/xfrm_user-return-error-pointer-instead-of-NULL-2.patch] +3.2-upstream-stable: released (3.2.31) [468bf9f70353872173b11b92dc15fe84d3dacbb4, 61819032c7d98c35d2f475032f3c9e30948feaf4] +3.2-wheezy-security: released (3.2.32-1) diff --git a/retired/CVE-2013-1860 b/retired/CVE-2013-1860 new file mode 100644 index 00000000..a62d85f3 --- /dev/null +++ b/retired/CVE-2013-1860 @@ -0,0 +1,10 @@ +Description: usb: cdc-wdm buffer overflow triggered by device +References: +Notes: +Bugs: +upstream: released (3.9-rc3) [c0f5ecee4e741667b2493c742b60b6218d40b3aa] +2.6.32-upstream-stable: released (2.6.32.61) +sid: released (3.2.41-1) +2.6.32-squeeze-security: released (2.6.32-48squeeze2) [bugfix/all/USB-cdc-wdm-fix-buffer-overflow.patch] +3.2-upstream-stable: released (3.2.41) [usb-cdc-wdm-fix-buffer-overflow.patch] +3.2-wheezy-security: released (3.2.41-1) diff --git a/retired/CVE-2013-1928 b/retired/CVE-2013-1928 new file mode 100644 index 00000000..402ac030 --- /dev/null +++ b/retired/CVE-2013-1928 @@ -0,0 +1,12 @@ +Description: + fs/compat_ioctl.c: VIDEO_SET_SPU_PALETTE missing error check +References: + http://marc.info/?l=oss-security&m=136520688407674&w=2 +Notes: +Bugs: +upstream: released (3.7-rc3) [12176503366885edd542389eed3aaf94be163fdb] +2.6.32-upstream-stable: released (2.6.32.61) +sid: released (3.2.35-1) +2.6.32-squeeze-security: released (2.6.32-48squeeze2) [bugfix/all/fs-compat_ioctl.c-VIDEO_SET_SPU_PALETTE-missing-erro.patch] +3.2-upstream-stable: released (3.2.33) [5bbeedc3110bbb1b5c6b01fc1f027ab5d2eb40d6] +3.2-wheezy-security: released (3.2.35-1) diff --git a/retired/CVE-2013-2015 b/retired/CVE-2013-2015 new file mode 100644 index 00000000..87da0034 --- /dev/null +++ b/retired/CVE-2013-2015 @@ -0,0 +1,12 @@ +Description: ext4: avoid hang when mounting non-journal filesystems with orphan list +References: +Notes: + raphael: FTR, I believe that this is the commit that introduced the ext4 issue: https://github.com/torvalds/linux/commit/c9b92530a723ac5ef8e352885a1862b18f31b2f5 + dannf> Verified that reproducer hangs on 2.6.32 +Bugs: +upstream: released (3.8) [0e9a9a1ad619e7e987815d20262d36a2f95717ca] +2.6.32-upstream-stable: released (2.6.32.61) +sid: released (3.8-1) +3.2-wheezy-security: released (3.2.41-2+deb7u1) [bugfix/all/ext4-make-orphan-functions-be-no-op-in-no-journal-mo.patch, bugfix/all/ext4-avoid-hang-when-mounting-non-journal-filesystem.patch] +2.6.32-squeeze-security: released (2.6.32-48squeeze2) [bugfix/all/ext4-make-orphan-functions-be-no-op-in-no-journal-mo.patch, bugfix/all/ext4-avoid-hang-when-mounting-non-journal-filesystem.patch] +3.2-upstream-stable: diff --git a/retired/CVE-2013-2058 b/retired/CVE-2013-2058 new file mode 100644 index 00000000..ccf38e11 --- /dev/null +++ b/retired/CVE-2013-2058 @@ -0,0 +1,10 @@ +Description: inux kernel: chipidea: allow disabling streaming in host mode +References: +Notes: +Bugs: +upstream: released (3.8) [929473ea05db455ad88cdc081f2adc556b8dc48f] +2.6.32-upstream-stable: N/A "Vulnerable code not present" +sid: released (3.8-1) +3.2-wheezy-security: N/A "Introduced in 3.5 with eb70e5ab8f95a81283623c03d2c99dfc59fcb319" +2.6.32-squeeze-security: N/A "Vulnerable code not present" +3.2-upstream-stable: N/A "Introduced in 3.5 with eb70e5ab8f95a81283623c03d2c99dfc59fcb319" diff --git a/retired/CVE-2013-2634 b/retired/CVE-2013-2634 new file mode 100644 index 00000000..066304c3 --- /dev/null +++ b/retired/CVE-2013-2634 @@ -0,0 +1,10 @@ +Description: netlink info leaks +References: +Notes: +Bugs: +upstream: released (3.9-rc3) [29cd8ae0e1a39e239a3a7b67da1986add1199fc0] +2.6.32-upstream-stable: released (2.6.32.61) +sid: released (3.2.41-1) [bugfix/all/dcbnl-fix-various-netlink-info-leaks.patch] +2.6.32-squeeze-security: released (2.6.32-48squeeze2) [bugfix/all/dcbnl-fix-various-netlink-info-leaks.patch] +3.2-upstream-stable: released (3.2.42) [dcbnl-fix-various-netlink-info-leaks.patch] +3.2-wheezy-security: released (3.2.41-1) diff --git a/retired/CVE-2013-3222 b/retired/CVE-2013-3222 new file mode 100644 index 00000000..67496b1f --- /dev/null +++ b/retired/CVE-2013-3222 @@ -0,0 +1,11 @@ +Description: atm: info leak +References: +Notes: +Bugs: +upstream: released (3.9) [9b3e617f3df53822345a8573b6d358f6b9e5ed87] +2.6.32-upstream-stable: released (2.6.32.61) +sid: released (3.8.11-1) +2.6.32-squeeze-security: released (2.6.32-48squeeze2) [bugfix/all/atm-update-msg_namelen-in-vcc_recvmsg.patch] +3.2-upstream-stable: released (3.2.45) [2a8c07b253bac436358adb9eb96a37dd223ef120] +3.2-wheezy-security: released (3.2.41-2+deb7u1) [bugfix/all/atm-update-msg_namelen-in-vcc_recvmsg.patch] + diff --git a/retired/CVE-2013-3223 b/retired/CVE-2013-3223 new file mode 100644 index 00000000..37713df3 --- /dev/null +++ b/retired/CVE-2013-3223 @@ -0,0 +1,10 @@ +Description: ax25 info leak +References: +Notes: +Bugs: +upstream: released (3.9) [ef3313e84acbf349caecae942ab3ab731471f1a1] +2.6.32-upstream-stable: released (2.6.32.61) +sid: released (3.8.11-1) +2.6.32-squeeze-security: released (2.6.32-48squeeze2) [bugfix/all/ax25-fix-info-leak-via-msg_name-in-ax25_recvmsg.patch] +3.2-upstream-stable: released (3.2.45) [e72f86d5b6602c86efb08443c58086c40228b81b] +3.2-wheezy-security: released (3.2.41-2+deb7u1) [bugfix/all/ax25-fix-info-leak-via-msg_name-in-ax25_recvmsg.patch] diff --git a/retired/CVE-2013-3224 b/retired/CVE-2013-3224 new file mode 100644 index 00000000..2cccc4c8 --- /dev/null +++ b/retired/CVE-2013-3224 @@ -0,0 +1,10 @@ +Description: bluetooth info leak +References: +Notes: +Bugs: +upstream: released (3.9) [4683f42fde3977bdb4e8a09622788cc8b5313778] +2.6.32-upstream-stable: released (2.6.32.61) +sid: released (3.8.11-1) +2.6.32-squeeze-security: released (2.6.32-48squeeze2) [bugfix/all/Bluetooth-fix-possible-info-leak-in-bt_sock_recvmsg.patch] +3.2-upstream-stable: released (3.2.45) [95ee0fb7a014cdf80be37b329fa462ff3847f7c0] +3.2-wheezy-security: released (3.2.41-2+deb7u1) [bugfix/all/Bluetooth-fix-possible-info-leak-in-bt_sock_recvmsg.patch] diff --git a/retired/CVE-2013-3225 b/retired/CVE-2013-3225 new file mode 100644 index 00000000..ea7a8748 --- /dev/null +++ b/retired/CVE-2013-3225 @@ -0,0 +1,10 @@ +Description: bluetooth info leak +References: +Notes: +Bugs: +upstream: released (3.9) [e11e0455c0d7d3d62276a0c55d9dfbc16779d691] +2.6.32-upstream-stable: released (2.6.32.61) +sid: released (3.8.11-1) +2.6.32-squeeze-security: released (2.6.32-48squeeze2) [bugfix/all/Bluetooth-RFCOMM-Fix-missing-msg_namelen-update-in-r.patch] +3.2-upstream-stable: released (3.2.45) [bbad6f725f1d1b92e5eb3a7c6a8875eeec955747] +3.2-wheezy-security: released (3.2.41-2+deb7u1) [bugfix/all/Bluetooth-RFCOMM-Fix-missing-msg_namelen-update-in-r.patch] diff --git a/retired/CVE-2013-3228 b/retired/CVE-2013-3228 new file mode 100644 index 00000000..3899ef71 --- /dev/null +++ b/retired/CVE-2013-3228 @@ -0,0 +1,10 @@ +Description: irda info leak +References: +Notes: +Bugs: +upstream: released (3.9) [5ae94c0d2f0bed41d6718be743985d61b7f5c47d] +2.6.32-upstream-stable: released (2.6.32.61) +sid: released (3.8.11-1) +2.6.32-squeeze-security: released (2.6.32-48squeeze2) [bugfix/all/irda-Fix-missing-msg_namelen-update-in-irda_recvmsg_.patch] +3.2-upstream-stable: released (3.2.45) [402fb9f974f158d747e6c6944336cd9af7f349b2] +3.2-wheezy-security: released (3.2.41-2+deb7u1) [bugfix/all/irda-Fix-missing-msg_namelen-update-in-irda_recvmsg_.patch] diff --git a/retired/CVE-2013-3229 b/retired/CVE-2013-3229 new file mode 100644 index 00000000..3bcb2be1 --- /dev/null +++ b/retired/CVE-2013-3229 @@ -0,0 +1,10 @@ +Description: iucv info leak +References: +Notes: +Bugs: +upstream: released (3.9) [a5598bd9c087dc0efc250a5221e5d0e6f584ee88] +2.6.32-upstream-stable: released (2.6.32.61) +sid: released (3.8.11-1) +2.6.32-squeeze-security: released (2.6.32-48squeeze2) [bugfix/all/iucv-Fix-missing-msg_namelen-update-in-iucv_sock_rec.patch] +3.2-upstream-stable: released (3.2.45) [40c157ba78681c45cc62dabde406b44ca3c76c2b] +3.2-wheezy-security: released (3.2.41-2+deb7u1) [bugfix/all/iucv-Fix-missing-msg_namelen-update-in-iucv_sock_rec.patch] diff --git a/retired/CVE-2013-3231 b/retired/CVE-2013-3231 new file mode 100644 index 00000000..ad057684 --- /dev/null +++ b/retired/CVE-2013-3231 @@ -0,0 +1,10 @@ +Description: llc info leak +References: +Notes: +Bugs: +upstream: released (3.9) [c77a4b9cffb6215a15196ec499490d116dfad181] +2.6.32-upstream-stable: released (2.6.32.61) +sid: released (3.8.11-1) +2.6.32-squeeze-security: released (2.6.32-48squeeze2) [bugfix/all/llc-Fix-missing-msg_namelen-update-in-llc_ui_recvmsg.patch] +3.2-upstream-stable: released (3.2.45) [d0dd0a3d5d31807eea0d54bd561cf178c45a24ca] +3.2-wheezy-security: released (3.2.41-2+deb7u1) [bugfix/all/llc-Fix-missing-msg_namelen-update-in-llc_ui_recvmsg.patch] diff --git a/retired/CVE-2013-3234 b/retired/CVE-2013-3234 new file mode 100644 index 00000000..1b239d27 --- /dev/null +++ b/retired/CVE-2013-3234 @@ -0,0 +1,10 @@ +Description: ROSE info leak +References: +Notes: +Bugs: +upstream: released (3.9) [4a184233f21645cf0b719366210ed445d1024d72] +2.6.32-upstream-stable: released (2.6.32.61) +sid: released (3.8.11-1) +2.6.32-squeeze-security: released (2.6.32-48squeeze2) [bugfix/all/rose-fix-info-leak-via-msg_name-in-rose_recvmsg.patch] +3.2-upstream-stable: released (3.2.45) [f05503a9ef115c505b36fcd75f77b341811e9169] +3.2-wheezy-security: released (3.2.41-2+deb7u1) [bugfix/all/rose-fix-info-leak-via-msg_name-in-rose_recvmsg.patch] diff --git a/retired/CVE-2013-3235 b/retired/CVE-2013-3235 new file mode 100644 index 00000000..bb9f388c --- /dev/null +++ b/retired/CVE-2013-3235 @@ -0,0 +1,10 @@ +Description: tipc info leak +References: +Notes: +Bugs: +upstream: released (3.9) [60085c3d009b0df252547adb336d1ccca5ce52ec] +2.6.32-upstream-stable: released (2.6.32.61) +sid: released (3.8.11-1) +2.6.32-squeeze-security: released (2.6.32-48squeeze2) [bugfix/all/tipc-fix-info-leaks-via-msg_name-in-recv_msg-recv_st.patch] +3.2-upstream-stable: released (3.2.45) [1ae38900523eaf11a77c73827c096d7e7eade3a4] +3.2-wheezy-security: released (3.2.41-2+deb7u1) [bugfix/all/tipc-fix-info-leaks-via-msg_name-in-recv_msg-recv_st.patch] |