Author: jmm
Date: 2014-09-24 15:36:50 +0000 (Wed, 24 Sep 2014)
New Revision: 29005
Modified:
data/CVE/list
data/next-point-update.txt
Log:
linux fixes for 7.7 point update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-09-24 14:48:22 UTC (rev 29004)
+++ data/CVE/list 2014-09-24 15:36:50 UTC (rev 29005)
@@ -1572,12 +1572,14 @@
CVE-2014-6418 [libceph: missing validation of the auth reply]
RESERVED
- linux 3.16.3-1
+ [wheezy] - linux <no-dsa> (Will be fixed in next point release)
- linux-2.6 <removed>
[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.34)
NOTE: Upstream fix:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c27a3e4d667fdcad3db7b104f75659478e0c68d8
(v3.17-rc5)
NOTE: http://tracker.ceph.com/issues/8979
CVE-2014-6417 [libceph: issue of incorrect handling of kmalloc failures]
RESERVED
+ [wheezy] - linux <no-dsa> (Will be fixed in next point release)
- linux 3.16.3-1
- linux-2.6 <removed>
[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.34)
@@ -1586,6 +1588,7 @@
CVE-2014-6416 [libceph: buffer overflow]
RESERVED
- linux 3.16.3-1
+ [wheezy] - linux <no-dsa> (Will be fixed in next point release)
- linux-2.6 <removed>
[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.34)
NOTE: Upstream fix:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c27a3e4d667fdcad3db7b104f75659478e0c68d8
(v3.17-rc5)
@@ -1596,6 +1599,7 @@
CVE-2014-6410 [udf: Avoid infinite loop when processing indirect ICBs]
RESERVED
- linux <unfixed>
+ [wheezy] - linux <no-dsa> (Will be fixed in next point release)
- linux-2.6 <removed>
NOTE: Upstream fix:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c03aa9f6e1f938618e6db2e23afef0574efeeb65
(v3.17-rc5)
CVE-2012-6657 [net: guard tcp_set_keepalive against crash]
@@ -3729,12 +3733,14 @@
NOT-FOR-US: TimThumb
CVE-2014-5472 (The parse_rock_ridge_inode_internal function in fs/isofs/rock.c
in the ...)
- linux 3.16.2-1
+ [wheezy] - linux <no-dsa> (Will be fixed in next point release)
- linux-2.6 <removed>
NOTE:
https://code.google.com/p/google-security-research/issues/detail?id=88
NOTE:
https://github.com/torvalds/linux/commit/410dd3cf4c9b36f27ed4542ee18b1af5e68645a4
NOTE: commit contained first in v3.17-rc2
CVE-2014-5471 (Stack consumption vulnerability in the
parse_rock_ridge_inode_internal ...)
- linux 3.16.2-1
+ [wheezy] - linux <no-dsa> (Will be fixed in next point release)
- linux-2.6 <removed>
NOTE:
https://code.google.com/p/google-security-research/issues/detail?id=88
NOTE:
https://github.com/torvalds/linux/commit/410dd3cf4c9b36f27ed4542ee18b1af5e68645a4
@@ -4656,6 +4662,7 @@
[squeeze] - cairo <no-dsa> (Minor issue)
CVE-2014-5077 (The sctp_assoc_update function in net/sctp/associola.c in the
Linux ...)
- linux 3.14.15-1
+ [wheezy] - linux <no-dsa> (Will be fixed in next point release)
- linux-2.6 <removed>
NOTE: upstream fix: http://patchwork.ozlabs.org/patch/372475/
CVE-2014-5043
@@ -6782,6 +6789,7 @@
NOTE:
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46766
CVE-2014-4171 (mm/shmem.c in the Linux kernel through 3.15.1 does not properly
...)
- linux 3.14.15-1
+ [wheezy] - linux <no-dsa> (Will be fixed in next point release)
- linux-2.6 <not-affected> (Vulnerable code introduced later)
NOTE: https://lkml.org/lkml/2014/7/2/518
CVE-2014-4170
@@ -9328,36 +9336,42 @@
CVE-2014-3186 [PicoLCD HID device driver pool overflow]
RESERVED
- linux <unfixed>
+ [wheezy] - linux <no-dsa> (Will be fixed in next point release)
- linux-2.6 <not-affected> (Vulnerable code not present)
NOTE:
https://code.google.com/p/google-security-research/issues/detail?id=101
NOTE: Upstream fix:
https://git.kernel.org/linus/844817e47eef14141cf59b8d5ac08dd11c0a9189
(v3.17-rc3)
CVE-2014-3185 [Linux Kernel Buffer Overflow in Whiteheat USB Serial Driver]
RESERVED
- linux <unfixed>
+ [wheezy] - linux <no-dsa> (Will be fixed in next point release)
- linux-2.6 <removed>
NOTE:
https://code.google.com/p/google-security-research/issues/detail?id=98
NOTE: Upstream fix:
https://git.kernel.org/linus/6817ae225cd650fb1c3295d769298c38b1eba818
(v3.17-rc3)
CVE-2014-3184 [Linux kernel HID report fixup multiple off-by-one issues]
RESERVED
- linux <unfixed>
+ [wheezy] - linux <no-dsa> (Will be fixed in next point release)
- linux-2.6 <removed>
NOTE:
https://code.google.com/p/google-security-research/issues/detail?id=91
NOTE: Upstream fix:
https://git.kernel.org/linus/4ab25786c87eb20857bbb715c3ae34ec8fd6a214
(v3.17-rc2)
CVE-2014-3183 [Linux kernel hid-logitech-dj.c logi_dj_ll_raw_request heap
overflow]
RESERVED
- linux <unfixed>
+ [wheezy] - linux <no-dsa> (Will be fixed in next point release)
- linux-2.6 <removed>
NOTE:
https://code.google.com/p/google-security-research/issues/detail?id=90
NOTE: Upstream fix:
https://git.kernel.org/linus/51217e69697fba92a06e07e16f55c9a52d8e8945
(v3.17-rc2)
CVE-2014-3182 [Linux kernel hid-logitech-dj.c device_index arbitrary kfree]
RESERVED
- linux <unfixed>
+ [wheezy] - linux <no-dsa> (Will be fixed in next point release)
- linux-2.6 <removed>
NOTE:
https://code.google.com/p/google-security-research/issues/detail?id=89
NOTE: Upstream fix:
https://git.kernel.org/linus/ad3e14d7c5268c2e24477c6ef54bbdf88add5d36
(v3.17-rc2)
CVE-2014-3181 [Magic Mouse HID device driver overflow]
RESERVED
- linux <unfixed>
+ [wheezy] - linux <no-dsa> (Will be fixed in next point release)
- linux-2.6 <not-affected> (Vulnerable code not present)
NOTE:
https://code.google.com/p/google-security-research/issues/detail?id=100
NOTE: Upstream fix:
https://git.kernel.org/linus/c54def7bd64d7c0b6993336abcffb8444795bf38
(v3.17-rc3)
Modified: data/next-point-update.txt
===================================================================
--- data/next-point-update.txt 2014-09-24 14:48:22 UTC (rev 29004)
+++ data/next-point-update.txt 2014-09-24 15:36:50 UTC (rev 29005)
@@ -12,4 +12,33 @@
[wheezy] - net-snmp 5.4.3~dfsg-2.8+deb7u1
CVE-2012-6151
[wheezy] - net-snmp 5.4.3~dfsg-2.8+deb7u1
-
+CVE-2014-3181
+ [wheezy] - linux 3.2.63-1
+CVE-2014-3182
+ [wheezy] - linux 3.2.63-1
+CVE-2014-3183
+ [wheezy] - linux 3.2.63-1
+CVE-2014-3184
+ [wheezy] - linux 3.2.63-1
+CVE-2014-3185
+ [wheezy] - linux 3.2.63-1
+CVE-2014-3601
+ [wheezy] - linux 3.2.63-1
+CVE-2014-4171
+ [wheezy] - linux 3.2.63-1
+CVE-2014-4608
+ [wheezy] - linux 3.2.63-1
+CVE-2014-5077
+ [wheezy] - linux 3.2.63-1
+CVE-2014-5471
+ [wheezy] - linux 3.2.63-1
+CVE-2014-5472
+ [wheezy] - linux 3.2.63-1
+CVE-2014-6410
+ [wheezy] - linux 3.2.63-1
+CVE-2014-6416
+ [wheezy] - linux 3.2.63-1
+CVE-2014-6417
+ [wheezy] - linux 3.2.63-1
+CVE-2014-6418
+ [wheezy] - linux 3.2.63-1
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
