Author: holger
Date: 2014-07-12 19:39:54 +0000 (Sat, 12 Jul 2014)
New Revision: 27698
Modified:
data/CVE/list
Log:
mark CVEs as fixed in linux-2.6 2.6.32-48squeeze8
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-07-12 13:25:25 UTC (rev 27697)
+++ data/CVE/list 2014-07-12 19:39:54 UTC (rev 27698)
@@ -86,7 +86,7 @@
RESERVED
{DSA-2972-1}
- linux 3.14.10-1
- - linux-2.6 <removed>
+ - linux-2.6 2.6.32-48squeeze8
NOTE:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b9cd18de4db3c9ffa7e17b0dc0ca99ed5aa4d43a
CVE-2014-4698
RESERVED
@@ -185,12 +185,12 @@
[squeeze] - cherokee <no-dsa> (Minor issue)
CVE-2014-4667 (The sctp_association_free function in net/sctp/associola.c in
the ...)
- linux 3.14.9-1
- - linux-2.6 <removed>
+ - linux-2.6 2.6.32-48squeeze8
NOTE: Upstream fix:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d3217b15a19a4779c39b212358a5c71d725822ee
(v3.16-rc1)
CVE-2014-4656 (Multiple integer overflows in sound/core/control.c in the ALSA
control ...)
- linux 3.14.9-1
[wheezy] - linux 3.2.60-1
- - linux-2.6 <removed>
+ - linux-2.6 2.6.32-48squeeze8
CVE-2014-4655 (The snd_ctl_elem_add function in sound/core/control.c in the
ALSA ...)
- linux 3.14.9-1
[wheezy] - linux 3.2.60-1
@@ -207,7 +207,7 @@
- linux 3.14.9-1 (low)
[wheezy] - linux 3.2.60-1
- linux-2.6 <removed> (low)
- [squeeze] - linux-2.6 <no-dsa> (Minor issue)
+ [squeeze] - linux-2.6 2.6.32-48squeeze8
CVE-2014-4678 [incomplete fix for CVE-2014-4657]
RESERVED
- ansible 1.6.6+dfsg-1
@@ -2026,7 +2026,7 @@
CVE-2014-3917 (kernel/auditsc.c in the Linux kernel through 3.14.5, when ...)
- linux 3.14.7-1
[wheezy] - linux 3.2.60-1
- - linux-2.6 <removed>
+ - linux-2.6 2.6.32-48squeeze8
NOTE: http://article.gmane.org/gmane.linux.kernel/1713179
CVE-2014-3865 (Multiple directory traversal vulnerabilities in dpkg-source in
...)
{DSA-2953-1}
@@ -3481,14 +3481,14 @@
CVE-2014-3145 (The BPF_S_ANC_NLATTR_NEST extension implementation in the ...)
{DSA-2949-1}
- linux 3.14.4-1
- - linux-2.6 <removed>
+ - linux-2.6 2.6.32-48squeeze8
NOTE: Upstream fix
https://git.kernel.org/linus/05ab8f2647e4221cbdb3856dd7d32bd5407316b3
NOTE: Introduced by
https://git.kernel.org/linus/4738c1db1593687713869fa69e733eebc7b0d6d8
NOTE:
https://git.kernel.org/linus/d214c7537bbf2f247991fb65b3420b0b3d712c67
CVE-2014-3144 (The (1) BPF_S_ANC_NLATTR and (2) BPF_S_ANC_NLATTR_NEST
extension ...)
{DSA-2949-1}
- linux 3.14.4-1
- - linux-2.6 <removed>
+ - linux-2.6 2.6.32-48squeeze8
NOTE: Upstream fix
https://git.kernel.org/linus/05ab8f2647e4221cbdb3856dd7d32bd5407316b3
NOTE: Introduced by
https://git.kernel.org/linus/4738c1db1593687713869fa69e733eebc7b0d6d8
NOTE:
https://git.kernel.org/linus/d214c7537bbf2f247991fb65b3420b0b3d712c67
@@ -4073,7 +4073,7 @@
CVE-2014-3122 (The try_to_unmap_cluster function in mm/rmap.c in the Linux
kernel ...)
{DSA-2926-1}
- linux 3.14.4-1 (bug #747326)
- - linux-2.6 <removed>
+ - linux-2.6 2.6.32-48squeeze8
NOTE: Introduced by
https://git.kernel.org/linus/b291f000393f5a0b679012b39d79fbc85c018233
NOTE: Fixed by
https://git.kernel.org/linus/57e68e9cd65b4b8eb4045a1e0d0746458502554c
(v3.15-rc1)
CVE-2014-3985 [buffer overflow in miniupnpc]
@@ -4965,7 +4965,7 @@
CVE-2014-2678 (The rds_iw_laddr_check function in net/rds/iw.c in the Linux
kernel ...)
- linux 3.13.10-1
[wheezy] - linux 3.2.57-1
- - linux-2.6 <removed>
+ - linux-2.6 2.6.32-48squeeze8
NOTE: https://lkml.org/lkml/2014/3/29/188
CVE-2014-2673 (The arch_dup_task_struct function in the Transactional Memory
(TM) ...)
- linux 3.13.7-1
@@ -11950,6 +11950,7 @@
CVE-2014-0203 (The __do_follow_link function in fs/namei.c in the Linux kernel
before ...)
- linux 2.6.33-1
- linux-2.6 2.6.37-1
+ [squeeze] - linux-2.6 2.6.32-48squeeze8
NOTE: upstream fix:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=86acdca1b63e6890540fa19495cfc708beff3d8b
(v2.6.33)
CVE-2014-0202 (The setup script in ovirt-engine-dwh, as used in the Red Hat
...)
NOT-FOR-US: ovirt / RHEV
@@ -18955,7 +18956,7 @@
NOTE: https://bugs.launchpad.net/horizon/+bug/1237989
CVE-2013-4470 (The Linux kernel before 3.12, when UDP Fragmentation Offload
(UFO) is ...)
- linux 3.11.7-1
- - linux-2.6 <removed>
+ - linux-2.6 2.6.32-48squeeze8
[wheezy] - linux 3.2.53-1
CVE-2013-4469 (OpenStack Compute (Nova) Folsom, Grizzly, and Havana, when ...)
- nova 2013.2-3 (low; bug #728605)
@@ -19225,7 +19226,7 @@
[squeeze] - vlc <end-of-life> (Unsupported in squeeze-lts)
NOTE:
http://git.videolan.org/?p=vlc.git;a=commitdiff;h=9794ec1cd268c04c8bca13a5fae15df6594dff3e
CVE-2013-4387 (net/ipv6/ip6_output.c in the Linux kernel through 3.11.4 does
not ...)
- - linux-2.6 <removed>
+ - linux-2.6 2.6.32-48squeeze8
- linux 3.11.5-1
[wheezy] - linux 3.2.53-1
CVE-2013-4386 (Multiple SQL injection vulnerabilities in ...)
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
