diff options
| author | Ben Hutchings <benh@debian.org> | 2012-03-12 03:20:33 +0000 |
|---|---|---|
| committer | Ben Hutchings <benh@debian.org> | 2012-03-12 03:20:33 +0000 |
| commit | b155550145bc7b5fd0a2a367e23686e11813c2a2 (patch) | |
| tree | 60d6bdf11058df9d658f45e5b174f9c6e2e1cc1a /retired | |
| parent | c001cacda615a2d498a52c9f095b5bf99af3d1e5 (diff) | |
Retire issues marked as N/A, released or ignored in all branches
git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@2637 e094ebfe-e918-0410-adfb-c712417f3574
Diffstat (limited to 'retired')
| -rw-r--r-- | retired/CVE-2011-1576 | 10 | ||||
| -rw-r--r-- | retired/CVE-2011-2203 | 12 | ||||
| -rw-r--r-- | retired/CVE-2011-3638 | 10 | ||||
| -rw-r--r-- | retired/CVE-2011-4097 | 10 | ||||
| -rw-r--r-- | retired/CVE-2011-4127 | 11 | ||||
| -rw-r--r-- | retired/CVE-2011-4132 | 10 | ||||
| -rw-r--r-- | retired/CVE-2011-4330 | 9 | ||||
| -rw-r--r-- | retired/CVE-2011-4611 | 12 | ||||
| -rw-r--r-- | retired/CVE-2012-0028 | 10 |
9 files changed, 94 insertions, 0 deletions
diff --git a/retired/CVE-2011-1576 b/retired/CVE-2011-1576 new file mode 100644 index 00000000..d933aea3 --- /dev/null +++ b/retired/CVE-2011-1576 @@ -0,0 +1,10 @@ +References: +Notes: + jmm> https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-1576 + jmm> Coulnd't find the patch, pinged Red Hat +Bugs: +upstream: N/A "This issue does not affect the upstream kernel as the code path in question is no longer reachable due to changes in the VLAN subsystem." +2.6.32-upstream-stable: released (2.6.32.50) [5aff28abc7e0ec1ddd562372ae4fa01e8e4d4073] +sid: N/A "This issue does not affect the upstream kernel as the code path in question is no longer reachable due to changes in the VLAN subsystem." +2.6.26-lenny-security: N/A "code not present" +2.6.32-squeeze-security: released (2.6.32-35squeeze1) [bugfix/all/net-fix-memory-leak+corruption-on-VLAN-GRO_DROP.patch] diff --git a/retired/CVE-2011-2203 b/retired/CVE-2011-2203 new file mode 100644 index 00000000..d458c8d8 --- /dev/null +++ b/retired/CVE-2011-2203 @@ -0,0 +1,12 @@ +Description: HFS NULL deref +References: + https://bugzilla.redhat.com/show_bug.cgi?id=712774 + https://lkml.org/lkml/2011/6/8/154 + http://thread.gmane.org/gmane.linux.kernel/1191663 +Notes: +Bugs: +upstream: released (3.2-rc1) [434a964daa14b9db083ce20404a4a2add54d037a] +2.6.32-upstream-stable: released (2.6.32.51) +sid: released (3.1.1-1) +2.6.26-lenny-security: released (2.6.26-28) [bugfix/all/hfs-fix-hfs_find_init-ext_tree-NULL-ptr-oops.patch] +2.6.32-squeeze-security: released (2.6.32-40) diff --git a/retired/CVE-2011-3638 b/retired/CVE-2011-3638 new file mode 100644 index 00000000..2b01a642 --- /dev/null +++ b/retired/CVE-2011-3638 @@ -0,0 +1,10 @@ +Description: ext4: ext4_ext_insert_extent() DoS +References: +Notes: + jmm> Introduced in 2.6.23 +Bugs: +upstream: released (3.0) [667eff35a1f56fa74ce98a0c7c29a40adc1ba4e3] +2.6.32-upstream-stable: released (2.6.32.47) [177353670085c14e1d358db8bf812bd72a9268c7] +sid: released (3.0-1) +2.6.26-lenny-security: ignored "end of life" +2.6.32-squeeze-security: released (2.6.32-40) [bugfix/all/stable/2.6.32.47.patch] diff --git a/retired/CVE-2011-4097 b/retired/CVE-2011-4097 new file mode 100644 index 00000000..2867b70c --- /dev/null +++ b/retired/CVE-2011-4097 @@ -0,0 +1,10 @@ +Description: oom: fix integer overflow of points in oom_badness +References: + https://lkml.org/lkml/2011/10/31/138 +Notes: +Bugs: +upstream: released (3.2-rc7) [ff05b6f7ae762b6eb464183eec994b28ea09f6dd] +2.6.32-upstream-stable: N/A "Introduced in 2.6.39" +sid: released (3.0.0-6) [bugfix/all/oom-fix-integer-overflow-of-points-in-oom_badness.patch] +2.6.26-lenny-security: N/A "Introduced in 2.6.39" +2.6.32-squeeze-security: N/A "Introduced in 2.6.39" diff --git a/retired/CVE-2011-4127 b/retired/CVE-2011-4127 new file mode 100644 index 00000000..b582c933 --- /dev/null +++ b/retired/CVE-2011-4127 @@ -0,0 +1,11 @@ +Description: possible privilege escalation via SG_IO ioctl +References: + https://lkml.org/lkml/2011/12/22/270 + https://bugzilla.redhat.com/show_bug.cgi?id=752375 +Notes: +Bugs: +upstream: released (3.3-rc1) [577ebb374c78314ac4617242f509e2f5e7156649, 0bfc96cb77224736dfa35c3c555d37b3646ef35e, ec8013beddd717d1740cfefb1a9b900deef85462] +2.6.32-upstream-stable: released (2.6.32.56) +sid: released (3.1.8-1) +2.6.32-squeeze-security: released (2.6.32-39squeeze1) [bugfix/all/add-scsi_cmd_blk_ioctl-wrapper.patch, bugfix/all/limit-ioctls-forwarded-to-non-scsi-devices.patch, bugfix/all/treat-lvs-on-one-pv-like-a-partition.patch] +2.6.26-lenny-security: released (2.6.26-28) [bugfix/all/block-add-and-use-scsi_blk_cmd_ioctl.patch, bugfix/all/block-fail-SCSI-passthrough-ioctls-on-partition-devices.patch, bugfix/all/dm-do-not-forward-ioctls-from-logical-volumes-to-the-underlying-device.patch] diff --git a/retired/CVE-2011-4132 b/retired/CVE-2011-4132 new file mode 100644 index 00000000..eea051fa --- /dev/null +++ b/retired/CVE-2011-4132 @@ -0,0 +1,10 @@ +Description: jbd/jbd2: invalid value of first log block leads to oops +References: +Notes: + jmm> Submitted for 2.6.32.x +Bugs: +upstream: released (3.2-rc2) [8762202dd0d6e46854f786bdb6fb3780a1625efe] +2.6.32-upstream-stable: released (2.6.32.51) +sid: released (3.1.6-1) +2.6.26-lenny-security: released (2.6.26-28) [bugfix/all/jbd,jb2-validate-sb-s_first-in-journal_get_superblock.patch] +2.6.32-squeeze-security: released (2.6.32-40) diff --git a/retired/CVE-2011-4330 b/retired/CVE-2011-4330 new file mode 100644 index 00000000..3f1794ea --- /dev/null +++ b/retired/CVE-2011-4330 @@ -0,0 +1,9 @@ +Description: hfs: add sanity check for file name length +References: +Notes: +Bugs: +upstream: released (3.2-rc3) [bc5b8a9003132ae44559edd63a1623] +2.6.32-upstream-stable: released (2.6.32.49) +sid: released (3.1.4-1) +2.6.26-lenny-security: released (2.6.26-28) [bugfix/all/hfs-add-sanity-check-for-file-name-length.patch] +2.6.32-squeeze-security: released (2.6.32-40) [bugfix/all/stable/2.6.32.49.patch] diff --git a/retired/CVE-2011-4611 b/retired/CVE-2011-4611 new file mode 100644 index 00000000..0ec19d1f --- /dev/null +++ b/retired/CVE-2011-4611 @@ -0,0 +1,12 @@ +Description: perf, powerpc: Handle events that raise an exception without overflowing +References: + https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4611 +Notes: + jmm> Additional to what's in RH this also seems to need ad5d5292f16c6c1d7d3e257c4c7407594286b97e + jmm> and d819437156fd99da61d4e1402b2dbfc5cc472265 from 3.0 +Bugs: +upstream: released (3.0) [0837e3242c73566fc1c0196b4ec61779c25ffc93, ad5d5292f16c6c1d7d3e257c4c7407594286b97e, d819437156fd99da61d4e1402b2dbfc5cc472265] +2.6.32-upstream-stable: released (2.6.32.42) [3a579b0ce569d5738120d74bdcc8f76b740c97c4,24fb3f4cf3de9955eae325d421047c0f2dd6b48f] +sid: released (3.0.0-1) +2.6.26-lenny-security: ignored "end of life" +2.6.32-squeeze-security: released (2.6.32-36) [bugfix/all/stable/2.6.32.34.patch, bugfix/all/stable/2.6.32.34.patch] diff --git a/retired/CVE-2012-0028 b/retired/CVE-2012-0028 new file mode 100644 index 00000000..f406a3f6 --- /dev/null +++ b/retired/CVE-2012-0028 @@ -0,0 +1,10 @@ +Description: futex: clear robust_list on execve +References: + https://bugzilla.redhat.com/show_bug.cgi?id=771764 +Notes: +Bugs: +upstream: released (2.6.32) [8141c7f3e7aee618312fa1c15109e1219de784a7, fc6b177dee33365ccb29fe6d2092223cf8d679f9] +2.6.32-upstream-stable: N/A "Fixed before initial release" +sid: released (2.6.32-1) +2.6.26-lenny-security: released (2.6.26-28) [bugfix/all/move-exit_robust_list-into-mm_release.patch, bugfix/all/futex-nullify-robust-lists-after-cleanup.patch] +2.6.32-squeeze-security: N/A "Fixed before initial release" |