Candidate: CVE-2006-0095
References: 
 http://article.gmane.org/gmane.linux.kernel/363528/match=dm+crypt
Description: 
 dm-crypt does not clear struct crypt_config before freeing it. Thus,
 information on the key could leak f.e. to a swsusp image even after the
 encrypted device has been removed. The attached patch against 2.6.14 /
 2.6.15 fixes it.
Notes: 
 jhorms> 2.4 not affected as dm-crypt doesn't seem to exist
 jmm> Discovered by Stefan Rompf
Bugs: 
upstream: released (2.6.16-rc1)
linux-2.6: released (2.6.16-1)
2.6.8-sarge-security: released (2.6.8-16sarge2) [dm-crypt-zero-key.dpatch]
2.4.27-sarge-security: N/A
2.4.19-woody-security: N/A
2.4.18-woody-security: N/A
2.4.17-woody-security: N/A
2.4.16-woody-security: N/A
2.4.17-woody-security-hppa: N/A
2.4.17-woody-security-ia64: N/A