retire issue

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@2280 e094ebfe-e918-0410-adfb-c712417f3574
author: Moritz Muehlenhoff <jmm@debian.org> 2011-04-27 06:22:46 +0000
committer: Moritz Muehlenhoff <jmm@debian.org> 2011-04-27 06:22:46 +0000
commit: 29a5262a9d2190bc17d647995fbb4f15caf2b1f9 (patch)
tree: 15c2b8d95fa0a9ae2ecf3831c92d3cbc779d741b /retired/CVE-2010-3865
parent: 7b9fc8dedc0a33fa61cac8eef3c9ca517f0d6135 (diff)
1 files changed, 17 insertions, 0 deletions
diff --git a/retired/CVE-2010-3865 b/retired/CVE-2010-3865
new file mode 100644
index 00000000..3b13c1bc
--- /dev/null
+++ b/retired/CVE-2010-3865
@@ -0,0 +1,17 @@
+Candidate: CVE-2010-3865
+Description: iovec overflow in rds_rdma_pages()
+References:
+ http://www.spinics.net/lists/netdev/msg145359.html
+ https://bugzilla.redhat.com/show_bug.cgi?id=647461
+Notes:
+ jmm> Introduced in 2.6.30
+ jmm> Given Linus's comment we should disable CONFIG_RDS for
+ jmm> Squeeze
+ bwh> This is probably fixed by the general fixes for CVE-2010-3859.
+ bwh> Auto-loading will be disabled in 2.6.32-28.
+Bugs:
+upstream: released (2.6.37-rc1) [1b1f693d7ad6d193862dcb1118540a030c5e761f]
+2.6.32-upstream-stable: released (2.6.32.39) [dcef84f1]
+linux-2.6: released (2.6.37-1)
+2.6.26-lenny-security: N/A (Vulnerable code not present)
+2.6.32-squeeze-security: released (2.6.32-31)
author	Moritz Muehlenhoff <jmm@debian.org>	2011-04-27 06:22:46 +0000
committer	Moritz Muehlenhoff <jmm@debian.org>	2011-04-27 06:22:46 +0000
commit	29a5262a9d2190bc17d647995fbb4f15caf2b1f9 (patch)
tree	15c2b8d95fa0a9ae2ecf3831c92d3cbc779d741b /retired/CVE-2010-3865
parent	7b9fc8dedc0a33fa61cac8eef3c9ca517f0d6135 (diff)