diff options
author | Ben Hutchings <benh@debian.org> | 2015-02-22 05:33:59 +0000 |
---|---|---|
committer | Ben Hutchings <benh@debian.org> | 2015-02-22 05:33:59 +0000 |
commit | a7f95fe1a6ae0594ec7764334184de5da6332b24 (patch) | |
tree | 85c5e6269aad07310113780c26d7a2ee76bf9959 /retired | |
parent | 310dda3466624d97541170f591140943bd41bad0 (diff) |
Retire CVE-2014-9419, CVE-2014-9529
git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@3693 e094ebfe-e918-0410-adfb-c712417f3574
Diffstat (limited to 'retired')
-rw-r--r-- | retired/CVE-2014-9419 | 17 | ||||
-rw-r--r-- | retired/CVE-2014-9529 | 12 |
2 files changed, 29 insertions, 0 deletions
diff --git a/retired/CVE-2014-9419 b/retired/CVE-2014-9419 new file mode 100644 index 00000000..e3608a89 --- /dev/null +++ b/retired/CVE-2014-9419 @@ -0,0 +1,17 @@ +Description: x86_64: userspace address leak +References: +Notes: + bwh> This depends on fixes to FPU state management that have not been + bwh> applied to 2.6.32.y. In order to fix it, we would need to either + bwh> pick only commit b3b0870ef3ff ("i387: do not preload FPU state at + bwh> task switch time") which will hurt FP performance, or backport a + bwh> large number of changes. I did prepare a backport but don't feel + bwh> confident enough to use it. +Bugs: +upstream: released (v3.19-rc1) [f647d7c155f069c1a068030255c300663516420e] +2.6.32-upstream-stable: ignored ("complete fix is too invasive to backport") +sid: released (3.16.7-ckt4-1) +3.2-wheezy-security: released (3.2.65-1+deb7u1) [bugfix/x86/x86_64-switch_to-load-tls-descriptors-before-switchi.patch] +2.6.32-squeeze-security: ignored ("complete fix is too invasive to backport") +3.16-upstream-stable: released (3.16.7-ckt4) +3.2-upstream-stable: released (3.2.67) [x86_64-switch_to-load-tls-descriptors-before-switching-ds-and-es.patch] diff --git a/retired/CVE-2014-9529 b/retired/CVE-2014-9529 new file mode 100644 index 00000000..1af3de1c --- /dev/null +++ b/retired/CVE-2014-9529 @@ -0,0 +1,12 @@ +Description: security/keys/gc.c race condition +References: + http://marc.info/?l=linux-kernel&m=141986398232547&w=2 +Notes: +Bugs: +upstream: released (3.19-rc4) [a3a8784454692dd72e5d5d34dcdab17b4420e74c] +2.6.32-upstream-stable: N/A "Vulnerable code not present" +sid: released (3.16.7-ckt4-1) +3.2-wheezy-security: released (3.2.65-1+deb7u1) [bugfix/all/keys-close-race-between-key-lookup-and-freeing.patch] +2.6.32-squeeze-security: N/A "Vulnerable code not present" +3.16-upstream-stable: released (3.16.7-ckt4) +3.2-upstream-stable: released (3.2.67) [keys-close-race-between-key-lookup-and-freeing.patch] |