diff options
author | Moritz Muehlenhoff <jmm@debian.org> | 2015-05-11 07:06:16 +0000 |
---|---|---|
committer | Moritz Muehlenhoff <jmm@debian.org> | 2015-05-11 07:06:16 +0000 |
commit | bedf1a9077c7bfcb19e94f8f3f4a4b27d8c14e54 (patch) | |
tree | 004fe98a0c53fe8655c177f481a9705e8c2d5dcf /retired | |
parent | f0f891412a3d90f361a00211f68f3bd5a32c3041 (diff) |
retire
git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@3779 e094ebfe-e918-0410-adfb-c712417f3574
Diffstat (limited to 'retired')
-rw-r--r-- | retired/CVE-2014-9715 | 15 | ||||
-rw-r--r-- | retired/CVE-2015-1593 | 15 | ||||
-rw-r--r-- | retired/CVE-2015-2150 | 13 | ||||
-rw-r--r-- | retired/CVE-2015-3331 | 13 |
4 files changed, 56 insertions, 0 deletions
diff --git a/retired/CVE-2014-9715 b/retired/CVE-2014-9715 new file mode 100644 index 00000000..d8e8af2f --- /dev/null +++ b/retired/CVE-2014-9715 @@ -0,0 +1,15 @@ +Description: nf_conntrack: reserve two bytes for nf_ct_ext->len +References: +Notes: + The issue was introduced in 3.6 but as well backported to 3.2 + Introduced by (v3.6-rc5) [5b423f6a40a0327f9d40bc8b97ce9b] + In 3.2. introduced by (v3.2.33) [cc1b75d796ad050c83c95733c4220aaa04fa1304] +Bugs: https://bugs.debian.org/741667 +upstream: released (v3.15-rc1) [223b02d923ecd7c84cf9780bb3686f455d279279] +2.6.32-upstream-stable: N/A "Introduced in 3.6" +sid: released (3.14.5-1) +3.16-jessie-security: N/A "Fixed before initial release" +3.2-wheezy-security: released (3.2.68-1+deb7u1) [bugfix/all/netfilter-nf_conntrack-reserve-two-bytes-for-nf_ct_e.patch] +2.6.32-squeeze-security: N/A "Introduced in 3.6" +3.16-upstream-stable: N/A "Fixed already in v3.15-rc1" +3.2-upstream-stable: released (3.2.69) [netfilter-nf_conntrack-reserve-two-bytes-for-nf_ct_ext-len.patch] diff --git a/retired/CVE-2015-1593 b/retired/CVE-2015-1593 new file mode 100644 index 00000000..0b16fc32 --- /dev/null +++ b/retired/CVE-2015-1593 @@ -0,0 +1,15 @@ +Description: Linux stack ASLR implementation integer overflow +References: + http://hmarco.org/bugs/linux-ASLR-integer-overflow.html + https://lkml.org/lkml/2015/1/7/811 + http://article.gmane.org/gmane.linux.kernel/1888210 +Notes: +Bugs: +upstream: released (4.0-rc1) [4e7c22d447bb6d7e37bfe39ff658486ae78e8d77] +2.6.32-upstream-stable: pending (2.6.32.66) +sid: released (3.16.7-ckt7-1) [bugfix/all/aslr-fix-stack-randomization-on-64-bit-systems.patch] +3.16-jessie-security: N/A "Fixed before initial release" +3.2-wheezy-security: released (3.2.65-1+deb7u2) [bugfix/all/aslr-fix-stack-randomization-on-64-bit-systems.patch] +2.6.32-squeeze-security: released (2.6.32-48squeeze11) [bugfix/all/aslr-fix-stack-randomization-on-64-bit-systems.patch] +3.16-upstream-stable: released (3.16.7-ckt8) +3.2-upstream-stable: released (3.2.69) [x86-mm-aslr-fix-stack-randomization-on-64-bit-systems.patch] diff --git a/retired/CVE-2015-2150 b/retired/CVE-2015-2150 new file mode 100644 index 00000000..3fd0c9ba --- /dev/null +++ b/retired/CVE-2015-2150 @@ -0,0 +1,13 @@ +Description: Xen: Non-maskable interrupts triggerable by guests +References: + http://xenbits.xen.org/xsa/advisory-120.html +Notes: +Bugs: +upstream: released (4.0-rc4) [af6fc858a35b90e89ea7a7ee58e66628c55c776b] +2.6.32-upstream-stable: N/A "xen-pciback introduced in 3.1" +sid: released (3.16.7-ckt9-1) +3.16-jessie-security: N/A "Fixed before initial release" +3.2-wheezy-security: released (3.2.68-1+deb7u1) [bugfix/all/xen-pciback-limit-guest-control-of-command-register.patch] +2.6.32-squeeze-security: N/A "xen-pciback introduced in 3.1" +3.16-upstream-stable: released (3.16.7-ckt9) +3.2-upstream-stable: released (3.2.69) [xen-pciback-limit-guest-control-of-command-register.patch] diff --git a/retired/CVE-2015-3331 b/retired/CVE-2015-3331 new file mode 100644 index 00000000..87333610 --- /dev/null +++ b/retired/CVE-2015-3331 @@ -0,0 +1,13 @@ +Description: Buffer overruns in Linux kernel RFC4106 implementation using AESNI +References: +Notes: +Bugs: + - https://bugs.debian.org/782561 +upstream: released (v4.0-rc5) [ccfe8c3f7e52ae83155cb038753f4c75b774ca8a] +2.6.32-upstream-stable: N/A "Introduced in v2.6.38-rc1 with 0bd82f5f6355775fbaf7d3c664432ce1b862be1e" +sid: released (3.16.7-ckt9-3) [bugfix/x86/crypto-aesni-fix-memory-usage-in-GCM-decryption.patch] +3.16-jessie-security: released (3.16.7-ckt9-3~deb8u1) [bugfix/x86/crypto-aesni-fix-memory-usage-in-GCM-decryption.patch] +3.2-wheezy-security: released (3.2.68-1+deb7u1) [bugfix/x86/crypto-aesni-fix-memory-usage-in-GCM-decryption.patch] +2.6.32-squeeze-security: N/A "Introduced in v2.6.38-rc1 with 0bd82f5f6355775fbaf7d3c664432ce1b862be1e" +3.16-upstream-stable: released (3.16.7-ckt10) +3.2-upstream-stable: released (3.2.69) [crypto-aesni-fix-memory-usage-in-gcm-decryption.patch] |