diff options
author | Moritz Muehlenhoff <jmm@debian.org> | 2013-12-16 07:59:13 +0000 |
---|---|---|
committer | Moritz Muehlenhoff <jmm@debian.org> | 2013-12-16 07:59:13 +0000 |
commit | 9f2c0e083ecb45f3cfdb10e476b2f6952116be03 (patch) | |
tree | c2e5cc8144ec677f00d9e46e07d96d271c5269be /retired | |
parent | 09e892ecf224c8ae091a9b3dc6e1aef821935e34 (diff) |
retire issues (these are submitted for 2.6.32.x, but progress
is very sluggish, no need to wait)
git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@3185 e094ebfe-e918-0410-adfb-c712417f3574
Diffstat (limited to 'retired')
-rw-r--r-- | retired/CVE-2013-2164 | 12 | ||||
-rw-r--r-- | retired/CVE-2013-2206 | 10 | ||||
-rw-r--r-- | retired/CVE-2013-2232 | 10 | ||||
-rw-r--r-- | retired/CVE-2013-2234 | 10 | ||||
-rw-r--r-- | retired/CVE-2013-2237 | 10 | ||||
-rw-r--r-- | retired/CVE-2013-2852 | 10 | ||||
-rw-r--r-- | retired/CVE-2013-2888 | 13 | ||||
-rw-r--r-- | retired/CVE-2013-2892 | 11 |
8 files changed, 86 insertions, 0 deletions
diff --git a/retired/CVE-2013-2164 b/retired/CVE-2013-2164 new file mode 100644 index 00000000..adb35313 --- /dev/null +++ b/retired/CVE-2013-2164 @@ -0,0 +1,12 @@ +Description: block information leak +References: + http://www.openwall.com/lists/oss-security/2013/06/06/3 + http://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git/commit/drivers/cdrom/cdrom.c?id=050e4b8fb7cdd7096c987a9cd556029c622c7fe2 +Notes: +Bugs: +upstream: released (3.11-rc1) [542db01579fbb7ea7d1f7bb9ddcef1559df660b2] +2.6.32-upstream-stable: pending (2.6.32.62) +sid: released (3.9.8-1) +3.2-wheezy-security: released (3.2.46-1+deb7u1) [bugfix/all/drivers-cdrom-cdrom.c-use-kzalloc-for-failing-hardwa.patch] +2.6.32-squeeze-security: released (2.6.32-48squeeze4) [bugfix/all/cdrom-use-kzalloc-for-failing-hw.patch] +3.2-upstream-stable: released (3.2.49) diff --git a/retired/CVE-2013-2206 b/retired/CVE-2013-2206 new file mode 100644 index 00000000..57936fae --- /dev/null +++ b/retired/CVE-2013-2206 @@ -0,0 +1,10 @@ +Description: sctp: duplicate cookie handling NULL pointer dereference +References: +Notes: +Bugs: +upstream: released (3.9) [f2815633504b442ca0b0605c16bf3d88a3a0fcea] +2.6.32-upstream-stable: pending (2.6.32.62) +sid: released (3.9.4-1) +3.2-wheezy-security: released (3.2.46-1 +2.6.32-squeeze-security: released (2.6.32-48squeeze4) [bugfix/all/sctp-duplicate-cookie-handling-null-pointer-deref.patch] +3.2-upstream-stable: released (3.2.42) diff --git a/retired/CVE-2013-2232 b/retired/CVE-2013-2232 new file mode 100644 index 00000000..2ecbeae6 --- /dev/null +++ b/retired/CVE-2013-2232 @@ -0,0 +1,10 @@ +Description: ipv6: ip6_sk_dst_check() must not assume ipv6 dst +References: +Notes: +Bugs: +upstream: released (3.10) [a963a37d384d71ad43b3e9e79d68d42fbe0901f3] +2.6.32-upstream-stable: pending (2.6.32.62) +sid: released (3.10.1-1) +3.2-wheezy-security: released (3.2.46-1+deb7u1) [bugfix/all/ipv6-ip6_sk_dst_check-must-not-assume-ipv6-dst.patch] +2.6.32-squeeze-security: released (2.6.32-48squeeze4) [bugfix/all/ipv6-ipv6_sk_dst_check_must-not-assume-ipv6-dst.patch] +3.2-upstream-stable: released (3.2.50) diff --git a/retired/CVE-2013-2234 b/retired/CVE-2013-2234 new file mode 100644 index 00000000..0d0b964b --- /dev/null +++ b/retired/CVE-2013-2234 @@ -0,0 +1,10 @@ +Description: af_key: fix info leaks in notify messages +References: +Notes: +Bugs: +upstream: released (3.10) [a5cc68f3d63306d0d288f31edfc2ae6ef8ecd887] +2.6.32-upstream-stable: pending (2.6.32.62) +sid: released (3.10.1-1) +3.2-wheezy-security: released (3.2.46-1+deb7u1) [bugfix/all/af_key-fix-info-leaks-in-notify-messages.patch] +2.6.32-squeeze-security: released (2.6.32-48squeeze4) [bugfix/all/af_key-fix-info-leaks-in-notify-msgs.patch] +3.2-upstream-stable: released (3.2.50) diff --git a/retired/CVE-2013-2237 b/retired/CVE-2013-2237 new file mode 100644 index 00000000..62c0df35 --- /dev/null +++ b/retired/CVE-2013-2237 @@ -0,0 +1,10 @@ +Description: another info leak in af_key +References: +Notes: +Bugs: +upstream: released (3.9) [85dfb745ee40232876663ae206cba35f24ab2a40] +2.6.32-upstream-stable: pending (2.6.32.62) +sid: released (3.9.4-1) +3.2-wheezy-security: released (3.2.46-1+deb7u1) [bugfix/all/af_key-initialize-satype-in-key_notify_policy_flush.patch] +2.6.32-squeeze-security: released (2.6.32-48squeeze4) [bugfix/all/af_key-initialize-sa_type-in-key_notify_policy_flush.patch] +3.2-upstream-stable: released (3.2.51) diff --git a/retired/CVE-2013-2852 b/retired/CVE-2013-2852 new file mode 100644 index 00000000..135e5c76 --- /dev/null +++ b/retired/CVE-2013-2852 @@ -0,0 +1,10 @@ +Description: b43: format string leaking into error msgs +References: +Notes: +Bugs: +upstream: released (3.10-rc6) [e0e29b683d6784ef59bbc914eac85a04b650e63c] +2.6.32-upstream-stable: pending (2.6.32.62) +sid: released (3.9.8-1) +3.2-wheezy-security: released (3.2.46-1+deb7u1) [bugfix/all/b43-stop-format-string-leaking-into-error-msgs.patch] +2.6.32-squeeze-security: released (2.6.32-48squeeze4) [bugfix/all/b43-stop-formatstring-leak.patch] +3.2-upstream-stable: released (3.2.47) diff --git a/retired/CVE-2013-2888 b/retired/CVE-2013-2888 new file mode 100644 index 00000000..78b55b72 --- /dev/null +++ b/retired/CVE-2013-2888 @@ -0,0 +1,13 @@ +Description: HID arbitrary heap write +References: + http://marc.info/?l=linux-input&m=137772180514608&w=1 +Notes: + in addion Kees recommends the followin defensive patch: + http://marc.info/?t=137772196600012&r=1&w=1 +Bugs: +upstream: released (3.12-rc1) [43622021d2e2b82ea03d883926605bdd0525e1d1, be67b68d52fa28b9b721c47bb42068f0c1214855] +2.6.32-upstream-stable: pending (2.6.32.62) +sid: released (3.10.11-1) +3.2-wheezy-security: released (3.2.51-1) +2.6.32-squeeze-security: released (2.6.32-48squeeze4) [bugfix/all/hid-check-for-null-when-setting-values.patch, bugfix/all/hid-validate-report-id-size.patch] +3.2-upstream-stable: released (3.2.52)
\ No newline at end of file diff --git a/retired/CVE-2013-2892 b/retired/CVE-2013-2892 new file mode 100644 index 00000000..4802d868 --- /dev/null +++ b/retired/CVE-2013-2892 @@ -0,0 +1,11 @@ +Description: pantherlord local DoS through zeroing out too much +References: + http://marc.info/?l=linux-input&m=137772185414625&w=1 +Notes: +Bugs: +upstream: released (3.12-rc1) [412f30105ec6735224535791eed5cdc02888ecb4] +2.6.32-upstream-stable: pending (2.6.32.62) +sid: released (3.10.11-1) +3.2-wheezy-security: released (3.2.51-1) +2.6.32-squeeze-security: released (2.6.32-48squeeze4) [bugfix/all/HID-pantherlord-validate-output-report-details.patch] +3.2-upstream-stable: released (3.2.52) |