From 6764f2f792102212f9e0810bdb2982d27837b88f Mon Sep 17 00:00:00 2001 From: Moritz Muehlenhoff Date: Tue, 8 Mar 2016 10:16:46 +0000 Subject: retire git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@4229 e094ebfe-e918-0410-adfb-c712417f3574 --- retired/CVE-2013-4312 | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 retired/CVE-2013-4312 (limited to 'retired/CVE-2013-4312') diff --git a/retired/CVE-2013-4312 b/retired/CVE-2013-4312 new file mode 100644 index 00000000..24a18df9 --- /dev/null +++ b/retired/CVE-2013-4312 @@ -0,0 +1,21 @@ +Description: unix: properly account for FDs passed over unix sockets +References: + https://lkml.org/lkml/2015/12/31/15 +Notes: + carnil> 712f4aad406bb1ed67f3f98d04c044191f0ff593 according to the commit + carnil> message mitigated the issue. + bwh> This was applied in 3.16.7-ckt20-1+deb8u3, 4.3.3-6, and 4.3.5. + carnil> There is a second commit [759c01142a5d0f364a462346168a56de28a80f52] to + carnil> mitigate CVE-2013-4312, but this is slightly more involving. Ben + carnil> suggested to wait before starting to backport this as well and look + carnil> for possible regressions/problems. +Bugs: + https://bugzilla.kernel.org/show_bug.cgi?id=20402 +upstream: released (4.5-rc1) [712f4aad406bb1ed67f3f98d04c044191f0ff593] +3.16-upstream-stable: released (3.16.7-ckt24) +3.2-upstream-stable: released (v3.2.78) [a5a6cf8c405e826ff7ed1308dde72560c0ed4854] +2.6.32-upstream-stable: ignored +sid: released (4.3.3-6) [bugfix/all/unix-properly-account-for-FDs-passed-over-unix-socke.patch] +3.16-jessie-security: released (3.16.7-ckt20-1+deb8u3) [bugfix/all/unix-properly-account-for-FDs-passed-over-unix-socke.patch] +3.2-wheezy-security: released (3.2.73-2+deb7u3) [bugfix/all/unix-properly-account-for-FDs-passed-over-unix-socke.patch] +2.6.32-squeeze-security: ignored "Too risky to backport at EOL" -- cgit v1.2.3