summaryrefslogtreecommitdiffstats
path: root/retired
diff options
context:
space:
mode:
authorMoritz Muehlenhoff <jmm@debian.org>2013-06-11 19:03:15 +0000
committerMoritz Muehlenhoff <jmm@debian.org>2013-06-11 19:03:15 +0000
commit80031abfd7f10f35f770c17fa4b621029073f72d (patch)
treea094381bf394d8279c1173e13420f2b5cb6c2f42 /retired
parentdd75b0cc7e820ddf9cf80e795107adae91d6bc8e (diff)
retire
git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@2985 e094ebfe-e918-0410-adfb-c712417f3574
Diffstat (limited to 'retired')
-rw-r--r--retired/CVE-2013-177410
-rw-r--r--retired/CVE-2013-179212
-rw-r--r--retired/CVE-2013-179610
-rw-r--r--retired/CVE-2013-179810
-rw-r--r--retired/CVE-2013-182611
-rw-r--r--retired/CVE-2013-186010
-rw-r--r--retired/CVE-2013-192812
-rw-r--r--retired/CVE-2013-201512
-rw-r--r--retired/CVE-2013-205810
-rw-r--r--retired/CVE-2013-263410
-rw-r--r--retired/CVE-2013-322211
-rw-r--r--retired/CVE-2013-322310
-rw-r--r--retired/CVE-2013-322410
-rw-r--r--retired/CVE-2013-322510
-rw-r--r--retired/CVE-2013-322810
-rw-r--r--retired/CVE-2013-322910
-rw-r--r--retired/CVE-2013-323110
-rw-r--r--retired/CVE-2013-323410
-rw-r--r--retired/CVE-2013-323510
19 files changed, 198 insertions, 0 deletions
diff --git a/retired/CVE-2013-1774 b/retired/CVE-2013-1774
new file mode 100644
index 00000000..44902bd6
--- /dev/null
+++ b/retired/CVE-2013-1774
@@ -0,0 +1,10 @@
+Description: USB io_ti driver NULL pointer dereference in routine chase_port
+References:
+Notes:
+Bugs:
+upstream: released (3.8) [1ee0a224bc9aad1de496c795f96bc6ba2c394811]
+2.6.32-upstream-stable: released (2.6.32.61)
+sid: released (3.2.38-1)
+2.6.32-squeeze-security: released (2.6.32-48squeeze2) [bugfix/all/USB-io_ti-Fix-Null-dereference-in-chase-port.patch]
+3.2-upstream-stable: released (3.2.38) [7b4992729ddd232f6026c109f93d8296ca58b3ed]
+3.2-wheezy-security: released (3.2.39-1)
diff --git a/retired/CVE-2013-1792 b/retired/CVE-2013-1792
new file mode 100644
index 00000000..a990edb1
--- /dev/null
+++ b/retired/CVE-2013-1792
@@ -0,0 +1,12 @@
+Description: install_user_keyrings() race
+References:
+ http://lkml.org/lkml/2013/3/6/535
+Notes:
+Bugs:
+upstream: released (3.9-rc3) [0da9dfdd2cd9889201bc6f6f43580c99165cd087]
+2.6.32-upstream-stable: released (2.6.32.61)
+sid: released (3.2.41-1)
+2.6.32-squeeze-security: released (2.6.32-48squeeze2) [bugfix/all/keys-fix-race-with-concurrent-install_user_keyrings.patch]
+3.2-upstream-stable: released (3.2.41) [keys-fix-race-with-concurrent-install_user_keyrings.patch]
+3.2-wheezy-security: released (3.2.41-1)
+
diff --git a/retired/CVE-2013-1796 b/retired/CVE-2013-1796
new file mode 100644
index 00000000..0fe516f6
--- /dev/null
+++ b/retired/CVE-2013-1796
@@ -0,0 +1,10 @@
+Description: buffer overflow in handling of MSR_KVM_SYSTEM_TIME
+References:
+Notes:
+Bugs:
+upstream: released (3.9-rc3) [c300aa64ddf57d9c5d9c898a64b36877345dd4a9]
+2.6.32-upstream-stable: released (2.6.32.61)
+sid: released (3.2.41-2) [bugfix/x86/KVM-x86-fix-for-buffer-overflow-in-handling-of-MSR_K.patch]
+2.6.32-squeeze-security: released (2.6.32-48squeeze2) [bugfix/x86/KVM-x86-fix-for-buffer-overflow-in-handling-of-MSR_K.patch, bugfix/x86/KVM-x86-relax-MSR_KVM_SYSTEM_TIME-alignment-check.patch]
+3.2-upstream-stable: released (3.2.44)
+3.2-wheezy-security: released (3.2.41-2)
diff --git a/retired/CVE-2013-1798 b/retired/CVE-2013-1798
new file mode 100644
index 00000000..8869187d
--- /dev/null
+++ b/retired/CVE-2013-1798
@@ -0,0 +1,10 @@
+Description: insufficient bounds checking in ioapic indirect register reads
+References:
+Notes:
+Bugs:
+upstream: released (3.9-rc3) [a2c118bfab8bc6b8bb213abfc35201e441693d55]
+2.6.32-upstream-stable: released (2.6.32.61)
+sid: released (3.2.41-2) [bugfix/all/KVM-Fix-bounds-checking-in-ioapic-indirect-register-.patch]
+2.6.32-squeeze-security: released (2.6.32-48squeeze2) [bugfix/all/KVM-Fix-bounds-checking-in-ioapic-indirect-register-.patch]
+3.2-upstream-stable: released (3.2.44)
+3.2-wheezy-security: released (3.2.41-2)
diff --git a/retired/CVE-2013-1826 b/retired/CVE-2013-1826
new file mode 100644
index 00000000..bdbfb280
--- /dev/null
+++ b/retired/CVE-2013-1826
@@ -0,0 +1,11 @@
+Description: xfrm_user: NULL pointer deref
+References:
+ http://seclists.org/oss-sec/2013/q1/598
+Notes:
+Bugs:
+upstream: released (3.6) [864745d291b5ba80ea0bd0edcbe67273de368836, c25463722509fef0ed630b271576a8c9a70236f3]
+2.6.32-upstream-stable: released (2.6.32.61)
+sid: released (3.2.32-1)
+2.6.32-squeeze-security: released (2.6.32-48squeeze2) [bugfix/all/xfrm_user-return-error-pointer-instead-of-NULL.patch, bugfix/all/xfrm_user-return-error-pointer-instead-of-NULL-2.patch]
+3.2-upstream-stable: released (3.2.31) [468bf9f70353872173b11b92dc15fe84d3dacbb4, 61819032c7d98c35d2f475032f3c9e30948feaf4]
+3.2-wheezy-security: released (3.2.32-1)
diff --git a/retired/CVE-2013-1860 b/retired/CVE-2013-1860
new file mode 100644
index 00000000..a62d85f3
--- /dev/null
+++ b/retired/CVE-2013-1860
@@ -0,0 +1,10 @@
+Description: usb: cdc-wdm buffer overflow triggered by device
+References:
+Notes:
+Bugs:
+upstream: released (3.9-rc3) [c0f5ecee4e741667b2493c742b60b6218d40b3aa]
+2.6.32-upstream-stable: released (2.6.32.61)
+sid: released (3.2.41-1)
+2.6.32-squeeze-security: released (2.6.32-48squeeze2) [bugfix/all/USB-cdc-wdm-fix-buffer-overflow.patch]
+3.2-upstream-stable: released (3.2.41) [usb-cdc-wdm-fix-buffer-overflow.patch]
+3.2-wheezy-security: released (3.2.41-1)
diff --git a/retired/CVE-2013-1928 b/retired/CVE-2013-1928
new file mode 100644
index 00000000..402ac030
--- /dev/null
+++ b/retired/CVE-2013-1928
@@ -0,0 +1,12 @@
+Description:
+ fs/compat_ioctl.c: VIDEO_SET_SPU_PALETTE missing error check
+References:
+ http://marc.info/?l=oss-security&m=136520688407674&w=2
+Notes:
+Bugs:
+upstream: released (3.7-rc3) [12176503366885edd542389eed3aaf94be163fdb]
+2.6.32-upstream-stable: released (2.6.32.61)
+sid: released (3.2.35-1)
+2.6.32-squeeze-security: released (2.6.32-48squeeze2) [bugfix/all/fs-compat_ioctl.c-VIDEO_SET_SPU_PALETTE-missing-erro.patch]
+3.2-upstream-stable: released (3.2.33) [5bbeedc3110bbb1b5c6b01fc1f027ab5d2eb40d6]
+3.2-wheezy-security: released (3.2.35-1)
diff --git a/retired/CVE-2013-2015 b/retired/CVE-2013-2015
new file mode 100644
index 00000000..87da0034
--- /dev/null
+++ b/retired/CVE-2013-2015
@@ -0,0 +1,12 @@
+Description: ext4: avoid hang when mounting non-journal filesystems with orphan list
+References:
+Notes:
+ raphael: FTR, I believe that this is the commit that introduced the ext4 issue: https://github.com/torvalds/linux/commit/c9b92530a723ac5ef8e352885a1862b18f31b2f5
+ dannf> Verified that reproducer hangs on 2.6.32
+Bugs:
+upstream: released (3.8) [0e9a9a1ad619e7e987815d20262d36a2f95717ca]
+2.6.32-upstream-stable: released (2.6.32.61)
+sid: released (3.8-1)
+3.2-wheezy-security: released (3.2.41-2+deb7u1) [bugfix/all/ext4-make-orphan-functions-be-no-op-in-no-journal-mo.patch, bugfix/all/ext4-avoid-hang-when-mounting-non-journal-filesystem.patch]
+2.6.32-squeeze-security: released (2.6.32-48squeeze2) [bugfix/all/ext4-make-orphan-functions-be-no-op-in-no-journal-mo.patch, bugfix/all/ext4-avoid-hang-when-mounting-non-journal-filesystem.patch]
+3.2-upstream-stable:
diff --git a/retired/CVE-2013-2058 b/retired/CVE-2013-2058
new file mode 100644
index 00000000..ccf38e11
--- /dev/null
+++ b/retired/CVE-2013-2058
@@ -0,0 +1,10 @@
+Description: inux kernel: chipidea: allow disabling streaming in host mode
+References:
+Notes:
+Bugs:
+upstream: released (3.8) [929473ea05db455ad88cdc081f2adc556b8dc48f]
+2.6.32-upstream-stable: N/A "Vulnerable code not present"
+sid: released (3.8-1)
+3.2-wheezy-security: N/A "Introduced in 3.5 with eb70e5ab8f95a81283623c03d2c99dfc59fcb319"
+2.6.32-squeeze-security: N/A "Vulnerable code not present"
+3.2-upstream-stable: N/A "Introduced in 3.5 with eb70e5ab8f95a81283623c03d2c99dfc59fcb319"
diff --git a/retired/CVE-2013-2634 b/retired/CVE-2013-2634
new file mode 100644
index 00000000..066304c3
--- /dev/null
+++ b/retired/CVE-2013-2634
@@ -0,0 +1,10 @@
+Description: netlink info leaks
+References:
+Notes:
+Bugs:
+upstream: released (3.9-rc3) [29cd8ae0e1a39e239a3a7b67da1986add1199fc0]
+2.6.32-upstream-stable: released (2.6.32.61)
+sid: released (3.2.41-1) [bugfix/all/dcbnl-fix-various-netlink-info-leaks.patch]
+2.6.32-squeeze-security: released (2.6.32-48squeeze2) [bugfix/all/dcbnl-fix-various-netlink-info-leaks.patch]
+3.2-upstream-stable: released (3.2.42) [dcbnl-fix-various-netlink-info-leaks.patch]
+3.2-wheezy-security: released (3.2.41-1)
diff --git a/retired/CVE-2013-3222 b/retired/CVE-2013-3222
new file mode 100644
index 00000000..67496b1f
--- /dev/null
+++ b/retired/CVE-2013-3222
@@ -0,0 +1,11 @@
+Description: atm: info leak
+References:
+Notes:
+Bugs:
+upstream: released (3.9) [9b3e617f3df53822345a8573b6d358f6b9e5ed87]
+2.6.32-upstream-stable: released (2.6.32.61)
+sid: released (3.8.11-1)
+2.6.32-squeeze-security: released (2.6.32-48squeeze2) [bugfix/all/atm-update-msg_namelen-in-vcc_recvmsg.patch]
+3.2-upstream-stable: released (3.2.45) [2a8c07b253bac436358adb9eb96a37dd223ef120]
+3.2-wheezy-security: released (3.2.41-2+deb7u1) [bugfix/all/atm-update-msg_namelen-in-vcc_recvmsg.patch]
+
diff --git a/retired/CVE-2013-3223 b/retired/CVE-2013-3223
new file mode 100644
index 00000000..37713df3
--- /dev/null
+++ b/retired/CVE-2013-3223
@@ -0,0 +1,10 @@
+Description: ax25 info leak
+References:
+Notes:
+Bugs:
+upstream: released (3.9) [ef3313e84acbf349caecae942ab3ab731471f1a1]
+2.6.32-upstream-stable: released (2.6.32.61)
+sid: released (3.8.11-1)
+2.6.32-squeeze-security: released (2.6.32-48squeeze2) [bugfix/all/ax25-fix-info-leak-via-msg_name-in-ax25_recvmsg.patch]
+3.2-upstream-stable: released (3.2.45) [e72f86d5b6602c86efb08443c58086c40228b81b]
+3.2-wheezy-security: released (3.2.41-2+deb7u1) [bugfix/all/ax25-fix-info-leak-via-msg_name-in-ax25_recvmsg.patch]
diff --git a/retired/CVE-2013-3224 b/retired/CVE-2013-3224
new file mode 100644
index 00000000..2cccc4c8
--- /dev/null
+++ b/retired/CVE-2013-3224
@@ -0,0 +1,10 @@
+Description: bluetooth info leak
+References:
+Notes:
+Bugs:
+upstream: released (3.9) [4683f42fde3977bdb4e8a09622788cc8b5313778]
+2.6.32-upstream-stable: released (2.6.32.61)
+sid: released (3.8.11-1)
+2.6.32-squeeze-security: released (2.6.32-48squeeze2) [bugfix/all/Bluetooth-fix-possible-info-leak-in-bt_sock_recvmsg.patch]
+3.2-upstream-stable: released (3.2.45) [95ee0fb7a014cdf80be37b329fa462ff3847f7c0]
+3.2-wheezy-security: released (3.2.41-2+deb7u1) [bugfix/all/Bluetooth-fix-possible-info-leak-in-bt_sock_recvmsg.patch]
diff --git a/retired/CVE-2013-3225 b/retired/CVE-2013-3225
new file mode 100644
index 00000000..ea7a8748
--- /dev/null
+++ b/retired/CVE-2013-3225
@@ -0,0 +1,10 @@
+Description: bluetooth info leak
+References:
+Notes:
+Bugs:
+upstream: released (3.9) [e11e0455c0d7d3d62276a0c55d9dfbc16779d691]
+2.6.32-upstream-stable: released (2.6.32.61)
+sid: released (3.8.11-1)
+2.6.32-squeeze-security: released (2.6.32-48squeeze2) [bugfix/all/Bluetooth-RFCOMM-Fix-missing-msg_namelen-update-in-r.patch]
+3.2-upstream-stable: released (3.2.45) [bbad6f725f1d1b92e5eb3a7c6a8875eeec955747]
+3.2-wheezy-security: released (3.2.41-2+deb7u1) [bugfix/all/Bluetooth-RFCOMM-Fix-missing-msg_namelen-update-in-r.patch]
diff --git a/retired/CVE-2013-3228 b/retired/CVE-2013-3228
new file mode 100644
index 00000000..3899ef71
--- /dev/null
+++ b/retired/CVE-2013-3228
@@ -0,0 +1,10 @@
+Description: irda info leak
+References:
+Notes:
+Bugs:
+upstream: released (3.9) [5ae94c0d2f0bed41d6718be743985d61b7f5c47d]
+2.6.32-upstream-stable: released (2.6.32.61)
+sid: released (3.8.11-1)
+2.6.32-squeeze-security: released (2.6.32-48squeeze2) [bugfix/all/irda-Fix-missing-msg_namelen-update-in-irda_recvmsg_.patch]
+3.2-upstream-stable: released (3.2.45) [402fb9f974f158d747e6c6944336cd9af7f349b2]
+3.2-wheezy-security: released (3.2.41-2+deb7u1) [bugfix/all/irda-Fix-missing-msg_namelen-update-in-irda_recvmsg_.patch]
diff --git a/retired/CVE-2013-3229 b/retired/CVE-2013-3229
new file mode 100644
index 00000000..3bcb2be1
--- /dev/null
+++ b/retired/CVE-2013-3229
@@ -0,0 +1,10 @@
+Description: iucv info leak
+References:
+Notes:
+Bugs:
+upstream: released (3.9) [a5598bd9c087dc0efc250a5221e5d0e6f584ee88]
+2.6.32-upstream-stable: released (2.6.32.61)
+sid: released (3.8.11-1)
+2.6.32-squeeze-security: released (2.6.32-48squeeze2) [bugfix/all/iucv-Fix-missing-msg_namelen-update-in-iucv_sock_rec.patch]
+3.2-upstream-stable: released (3.2.45) [40c157ba78681c45cc62dabde406b44ca3c76c2b]
+3.2-wheezy-security: released (3.2.41-2+deb7u1) [bugfix/all/iucv-Fix-missing-msg_namelen-update-in-iucv_sock_rec.patch]
diff --git a/retired/CVE-2013-3231 b/retired/CVE-2013-3231
new file mode 100644
index 00000000..ad057684
--- /dev/null
+++ b/retired/CVE-2013-3231
@@ -0,0 +1,10 @@
+Description: llc info leak
+References:
+Notes:
+Bugs:
+upstream: released (3.9) [c77a4b9cffb6215a15196ec499490d116dfad181]
+2.6.32-upstream-stable: released (2.6.32.61)
+sid: released (3.8.11-1)
+2.6.32-squeeze-security: released (2.6.32-48squeeze2) [bugfix/all/llc-Fix-missing-msg_namelen-update-in-llc_ui_recvmsg.patch]
+3.2-upstream-stable: released (3.2.45) [d0dd0a3d5d31807eea0d54bd561cf178c45a24ca]
+3.2-wheezy-security: released (3.2.41-2+deb7u1) [bugfix/all/llc-Fix-missing-msg_namelen-update-in-llc_ui_recvmsg.patch]
diff --git a/retired/CVE-2013-3234 b/retired/CVE-2013-3234
new file mode 100644
index 00000000..1b239d27
--- /dev/null
+++ b/retired/CVE-2013-3234
@@ -0,0 +1,10 @@
+Description: ROSE info leak
+References:
+Notes:
+Bugs:
+upstream: released (3.9) [4a184233f21645cf0b719366210ed445d1024d72]
+2.6.32-upstream-stable: released (2.6.32.61)
+sid: released (3.8.11-1)
+2.6.32-squeeze-security: released (2.6.32-48squeeze2) [bugfix/all/rose-fix-info-leak-via-msg_name-in-rose_recvmsg.patch]
+3.2-upstream-stable: released (3.2.45) [f05503a9ef115c505b36fcd75f77b341811e9169]
+3.2-wheezy-security: released (3.2.41-2+deb7u1) [bugfix/all/rose-fix-info-leak-via-msg_name-in-rose_recvmsg.patch]
diff --git a/retired/CVE-2013-3235 b/retired/CVE-2013-3235
new file mode 100644
index 00000000..bb9f388c
--- /dev/null
+++ b/retired/CVE-2013-3235
@@ -0,0 +1,10 @@
+Description: tipc info leak
+References:
+Notes:
+Bugs:
+upstream: released (3.9) [60085c3d009b0df252547adb336d1ccca5ce52ec]
+2.6.32-upstream-stable: released (2.6.32.61)
+sid: released (3.8.11-1)
+2.6.32-squeeze-security: released (2.6.32-48squeeze2) [bugfix/all/tipc-fix-info-leaks-via-msg_name-in-recv_msg-recv_st.patch]
+3.2-upstream-stable: released (3.2.45) [1ae38900523eaf11a77c73827c096d7e7eade3a4]
+3.2-wheezy-security: released (3.2.41-2+deb7u1) [bugfix/all/tipc-fix-info-leaks-via-msg_name-in-recv_msg-recv_st.patch]

© 2014-2024 Faster IT GmbH | imprint | privacy policy