Author: benh
Date: 2015-04-12 21:25:13 +0000 (Sun, 12 Apr 2015)
New Revision: 33544
Modified:
data/CVE/list
Log:
Mark various kernel issues as unfixed or no-dsa in squeeze and wheezy
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-04-12 20:24:14 UTC (rev 33543)
+++ data/CVE/list 2015-04-12 21:25:13 UTC (rev 33544)
@@ -456,7 +456,9 @@
CVE-2015-2922 [IPv6 Hop limit lowering via RA messages]
RESERVED
- linux 3.16.7-ckt9-1
+ [wheezy] - linux <unfixed>
- linux-2.6 <removed>
+ [squeeze] - linux-2.6 <unfixed>
NOTE: Upstream commit:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6fd99094de2b83d1d4c8457f2c83483b2828e75a
CVE-2015-2829
RESERVED
@@ -501,7 +503,9 @@
CVE-2015-2830 [Linux mishandles int80 fork from 64-bit tasks]
RESERVED
- linux 3.16.7-ckt9-1
+ [wheezy] - linux <unfixed>
- linux-2.6 <removed>
+ [squeeze] - linux-2.6 <unfixed>
NOTE: Upstream commit:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=956421fbb74c3a6261903f3836c0740187cf038b
(v4.0-rc3)
NOTE: http://www.openwall.com/lists/oss-security/2015/04/02/1
CVE-2015-XXXX [Signature Bypass in several JSON Web Token Libraries]
@@ -1949,6 +1953,7 @@
RESERVED
- linux 3.2.20-1
- linux-2.6 3.2.1-1
+ [squeeze] - linux-2.6 <unfixed>
NOTE: Upstream fix:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c290f8358acaeffd8e0c551ddcc24d1206143376
(v3.2-rc1)
NOTE: Introduced by:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4a2b5fddd53b80efcb3266ee36e23b8de28e761a
(v2.6.28-rc1)
NOTE: 3.2.20-1 is the first version after the src:linux-2.6 ->
src:linux rename.
@@ -2977,6 +2982,7 @@
CVE-2015-2042 [incorrect data type in rds_sysctl_rds_table]
RESERVED
- linux 3.16.7-ckt9-1
+ [wheezy] - linux <no-dsa> (Minor issue)
- linux-2.6 <removed>
[squeeze] - linux-2.6 <no-dsa> (Minor issue)
NOTE: Upstream commit:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=db27ebb111e9f69efece08e4cb6a34ff980f8896
(v3.19)
@@ -2984,6 +2990,7 @@
CVE-2015-2041 [incorrect data type in llc2_timeout_table]
RESERVED
- linux 3.16.7-ckt9-1
+ [wheezy] - linux <no-dsa> (Minor issue)
- linux-2.6 <removed>
[squeeze] - linux-2.6 <no-dsa> (Minor issue)
NOTE: Upstream commit:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6b8d9117ccb4f81b1244aafa7bc70ef8fa45fc49
(v3.19-rc7)
@@ -3697,6 +3704,7 @@
{DSA-3170-1}
- linux 3.16.7-ckt4-1
- linux-2.6 <removed>
+ [squeeze] - linux-2.6 <unfixed>
NOTE: Upstream fix:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=942080643bce061c3dd9d5718d3b745dcb39a8bc
(v3.19-rc1)
CVE-2013-7436 [session hijack through insecurely set session token cookies]
RESERVED
@@ -12589,7 +12597,9 @@
NOTE: http://www.spinics.net/lists/netfilter-devel/msg33430.html
CVE-2014-8159 (The InfiniBand (IB) implementation in the Linux kernel package
before ...)
- linux 3.16.7-ckt9-1
+ [wheezy] - linux <unfixed>
- linux-2.6 <removed>
+ [squeeze] - linux-2.6 <unfixed>
CVE-2014-8158 (Multiple stack-based buffer overflows in jpc_qmfb.c in JasPer
1.900.1 ...)
{DSA-3138-1 DLA-138-1}
- jasper 1.900.1-debian1-2.4 (bug #775970)
@@ -25110,6 +25120,7 @@
- linux 3.16.2-2
[wheezy] - linux 3.2.63-1
- linux-2.6 <removed>
+ [squeeze] - linux-2.6 <unfixed>
NOTE:
https://code.google.com/p/google-security-research/issues/detail?id=91
NOTE: Upstream fix:
https://git.kernel.org/linus/4ab25786c87eb20857bbb715c3ae34ec8fd6a214
(v3.17-rc2)
CVE-2014-3183 (Heap-based buffer overflow in the logi_dj_ll_raw_request
function in ...)
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
