Author: jmm Date: 2014-09-24 15:36:50 +0000 (Wed, 24 Sep 2014) New Revision: 29005
Modified: data/CVE/list data/next-point-update.txt Log: linux fixes for 7.7 point update Modified: data/CVE/list =================================================================== --- data/CVE/list 2014-09-24 14:48:22 UTC (rev 29004) +++ data/CVE/list 2014-09-24 15:36:50 UTC (rev 29005) @@ -1572,12 +1572,14 @@ CVE-2014-6418 [libceph: missing validation of the auth reply] RESERVED - linux 3.16.3-1 + [wheezy] - linux <no-dsa> (Will be fixed in next point release) - linux-2.6 <removed> [squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.34) NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c27a3e4d667fdcad3db7b104f75659478e0c68d8 (v3.17-rc5) NOTE: http://tracker.ceph.com/issues/8979 CVE-2014-6417 [libceph: issue of incorrect handling of kmalloc failures] RESERVED + [wheezy] - linux <no-dsa> (Will be fixed in next point release) - linux 3.16.3-1 - linux-2.6 <removed> [squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.34) @@ -1586,6 +1588,7 @@ CVE-2014-6416 [libceph: buffer overflow] RESERVED - linux 3.16.3-1 + [wheezy] - linux <no-dsa> (Will be fixed in next point release) - linux-2.6 <removed> [squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.34) NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c27a3e4d667fdcad3db7b104f75659478e0c68d8 (v3.17-rc5) @@ -1596,6 +1599,7 @@ CVE-2014-6410 [udf: Avoid infinite loop when processing indirect ICBs] RESERVED - linux <unfixed> + [wheezy] - linux <no-dsa> (Will be fixed in next point release) - linux-2.6 <removed> NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c03aa9f6e1f938618e6db2e23afef0574efeeb65 (v3.17-rc5) CVE-2012-6657 [net: guard tcp_set_keepalive against crash] @@ -3729,12 +3733,14 @@ NOT-FOR-US: TimThumb CVE-2014-5472 (The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the ...) - linux 3.16.2-1 + [wheezy] - linux <no-dsa> (Will be fixed in next point release) - linux-2.6 <removed> NOTE: https://code.google.com/p/google-security-research/issues/detail?id=88 NOTE: https://github.com/torvalds/linux/commit/410dd3cf4c9b36f27ed4542ee18b1af5e68645a4 NOTE: commit contained first in v3.17-rc2 CVE-2014-5471 (Stack consumption vulnerability in the parse_rock_ridge_inode_internal ...) - linux 3.16.2-1 + [wheezy] - linux <no-dsa> (Will be fixed in next point release) - linux-2.6 <removed> NOTE: https://code.google.com/p/google-security-research/issues/detail?id=88 NOTE: https://github.com/torvalds/linux/commit/410dd3cf4c9b36f27ed4542ee18b1af5e68645a4 @@ -4656,6 +4662,7 @@ [squeeze] - cairo <no-dsa> (Minor issue) CVE-2014-5077 (The sctp_assoc_update function in net/sctp/associola.c in the Linux ...) - linux 3.14.15-1 + [wheezy] - linux <no-dsa> (Will be fixed in next point release) - linux-2.6 <removed> NOTE: upstream fix: http://patchwork.ozlabs.org/patch/372475/ CVE-2014-5043 @@ -6782,6 +6789,7 @@ NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46766 CVE-2014-4171 (mm/shmem.c in the Linux kernel through 3.15.1 does not properly ...) - linux 3.14.15-1 + [wheezy] - linux <no-dsa> (Will be fixed in next point release) - linux-2.6 <not-affected> (Vulnerable code introduced later) NOTE: https://lkml.org/lkml/2014/7/2/518 CVE-2014-4170 @@ -9328,36 +9336,42 @@ CVE-2014-3186 [PicoLCD HID device driver pool overflow] RESERVED - linux <unfixed> + [wheezy] - linux <no-dsa> (Will be fixed in next point release) - linux-2.6 <not-affected> (Vulnerable code not present) NOTE: https://code.google.com/p/google-security-research/issues/detail?id=101 NOTE: Upstream fix: https://git.kernel.org/linus/844817e47eef14141cf59b8d5ac08dd11c0a9189 (v3.17-rc3) CVE-2014-3185 [Linux Kernel Buffer Overflow in Whiteheat USB Serial Driver] RESERVED - linux <unfixed> + [wheezy] - linux <no-dsa> (Will be fixed in next point release) - linux-2.6 <removed> NOTE: https://code.google.com/p/google-security-research/issues/detail?id=98 NOTE: Upstream fix: https://git.kernel.org/linus/6817ae225cd650fb1c3295d769298c38b1eba818 (v3.17-rc3) CVE-2014-3184 [Linux kernel HID report fixup multiple off-by-one issues] RESERVED - linux <unfixed> + [wheezy] - linux <no-dsa> (Will be fixed in next point release) - linux-2.6 <removed> NOTE: https://code.google.com/p/google-security-research/issues/detail?id=91 NOTE: Upstream fix: https://git.kernel.org/linus/4ab25786c87eb20857bbb715c3ae34ec8fd6a214 (v3.17-rc2) CVE-2014-3183 [Linux kernel hid-logitech-dj.c logi_dj_ll_raw_request heap overflow] RESERVED - linux <unfixed> + [wheezy] - linux <no-dsa> (Will be fixed in next point release) - linux-2.6 <removed> NOTE: https://code.google.com/p/google-security-research/issues/detail?id=90 NOTE: Upstream fix: https://git.kernel.org/linus/51217e69697fba92a06e07e16f55c9a52d8e8945 (v3.17-rc2) CVE-2014-3182 [Linux kernel hid-logitech-dj.c device_index arbitrary kfree] RESERVED - linux <unfixed> + [wheezy] - linux <no-dsa> (Will be fixed in next point release) - linux-2.6 <removed> NOTE: https://code.google.com/p/google-security-research/issues/detail?id=89 NOTE: Upstream fix: https://git.kernel.org/linus/ad3e14d7c5268c2e24477c6ef54bbdf88add5d36 (v3.17-rc2) CVE-2014-3181 [Magic Mouse HID device driver overflow] RESERVED - linux <unfixed> + [wheezy] - linux <no-dsa> (Will be fixed in next point release) - linux-2.6 <not-affected> (Vulnerable code not present) NOTE: https://code.google.com/p/google-security-research/issues/detail?id=100 NOTE: Upstream fix: https://git.kernel.org/linus/c54def7bd64d7c0b6993336abcffb8444795bf38 (v3.17-rc3) Modified: data/next-point-update.txt =================================================================== --- data/next-point-update.txt 2014-09-24 14:48:22 UTC (rev 29004) +++ data/next-point-update.txt 2014-09-24 15:36:50 UTC (rev 29005) @@ -12,4 +12,33 @@ [wheezy] - net-snmp 5.4.3~dfsg-2.8+deb7u1 CVE-2012-6151 [wheezy] - net-snmp 5.4.3~dfsg-2.8+deb7u1 - +CVE-2014-3181 + [wheezy] - linux 3.2.63-1 +CVE-2014-3182 + [wheezy] - linux 3.2.63-1 +CVE-2014-3183 + [wheezy] - linux 3.2.63-1 +CVE-2014-3184 + [wheezy] - linux 3.2.63-1 +CVE-2014-3185 + [wheezy] - linux 3.2.63-1 +CVE-2014-3601 + [wheezy] - linux 3.2.63-1 +CVE-2014-4171 + [wheezy] - linux 3.2.63-1 +CVE-2014-4608 + [wheezy] - linux 3.2.63-1 +CVE-2014-5077 + [wheezy] - linux 3.2.63-1 +CVE-2014-5471 + [wheezy] - linux 3.2.63-1 +CVE-2014-5472 + [wheezy] - linux 3.2.63-1 +CVE-2014-6410 + [wheezy] - linux 3.2.63-1 +CVE-2014-6416 + [wheezy] - linux 3.2.63-1 +CVE-2014-6417 + [wheezy] - linux 3.2.63-1 +CVE-2014-6418 + [wheezy] - linux 3.2.63-1 _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits