From 6d52a0c7e9d7fc4dd291d107700d13b95d5ed26e Mon Sep 17 00:00:00 2001
From: Ben Hutchings <benh@debian.org>
Date: Tue, 2 Apr 2013 03:39:39 +0000
Subject: Mark CVE-2013-254{7,8} as not affecting 2.6.32/squeeze, and retire

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@2897 e094ebfe-e918-0410-adfb-c712417f3574
---
 retired/CVE-2013-2548 | 12 ++++++++++++
 1 file changed, 12 insertions(+)
 create mode 100644 retired/CVE-2013-2548

(limited to 'retired/CVE-2013-2548')

diff --git a/retired/CVE-2013-2548 b/retired/CVE-2013-2548
new file mode 100644
index 00000000..a1b15a2d
--- /dev/null
+++ b/retired/CVE-2013-2548
@@ -0,0 +1,12 @@
+References:
+ http://seclists.org/oss-sec/2013/q1/598
+Description: information leak in crypto API
+Notes:
+ jmm> This ID is about
+ jmm> For the module name we should copy only as many bytes as module_name() returns -- not as much as the destination buffer could hold. But the current code does not and therefore copies random data from behind the end of the module name, as the module name is always shorter than CRYPTO_MAX_ALG_NAME.
+Bugs:
+upstream: released (3.9-rc1) [9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6]
+2.6.32-upstream-stable: N/A "introduced in 3.2 commit a38f7907b926"
+sid: released (3.2.41-1)
+2.6.32-squeeze-security: N/A "introduced in 3.2 commit a38f7907b926"
+3.2-upstream-stable: released (3.2.41) [crypto-user-fix-info-leaks-in-report-api.patch]
\ No newline at end of file
-- 
cgit v1.2.3