Author: carnil Date: 2014-12-08 17:40:39 +0000 (Mon, 08 Dec 2014) New Revision: 30593
Modified: data/CVE/list Log: Record fixed version for linux upload to unstable Modified: data/CVE/list =================================================================== --- data/CVE/list 2014-12-08 16:21:52 UTC (rev 30592) +++ data/CVE/list 2014-12-08 17:40:39 UTC (rev 30593) @@ -819,7 +819,7 @@ RESERVED - libjpeg-turbo 1:1.3.1-11 (bug #768369) CVE-2014-9090 (The do_double_fault function in arch/x86/kernel/traps.c in the Linux ...) - - linux <unfixed> + - linux 3.16.7-ckt2-1 - linux-2.6 <removed> NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6f442be2fb22be02cafa606f1769fa1e6f894441 (v3.18-rc6) CVE-2014-9059 (lib/setup.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x ...) @@ -2041,7 +2041,7 @@ - sosreport 3.2-2 (bug #769521) NOTE: https://github.com/sosreport/sos/issues/425 CVE-2014-8884 (Stack-based buffer overflow in the ...) - - linux <unfixed> + - linux 3.16.7-ckt2-1 - linux-2.6 <removed> NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f2e323ec96077642d397bb1c355def536d489d16 (v3.18-rc1) CVE-2014-8769 (tcpdump 3.8 through 4.6.2 might allow remote attackers to obtain ...) @@ -3069,7 +3069,7 @@ CVE-2014-8370 RESERVED CVE-2014-8369 (The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux ...) - - linux <unfixed> + - linux 3.16.7-ckt2-1 - linux-2.6 <not-affected> (Incomplete fix for CVE-2014-3601 was not applied) NOTE: Introduced by http://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=350b8bdd689cd2ab2c67c8a86a0be86cfa0751a7 NOTE: Fixed by: https://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=3d32e4dbe71374a6780eaf51d719d76f9a9bf22f @@ -3783,7 +3783,7 @@ - tigervnc <itp> (bug #650394) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1151307 CVE-2014-8086 (Race condition in the ext4_file_write_iter function in fs/ext4/file.c ...) - - linux <unfixed> + - linux 3.16.7-ckt2-1 - linux-2.6 <not-affected> (Vulnerable code not present) NOTE: http://www.spinics.net/lists/linux-ext4/msg45683.html CVE-2014-8089 @@ -4307,7 +4307,7 @@ CVE-2014-7844 RESERVED CVE-2014-7843 (The __clear_user function in arch/arm64/lib/clear_user.S in the Linux ...) - - linux <unfixed> + - linux 3.16.7-ckt2-1 [wheezy] - linux <not-affected> (arm64 support introduced in 3.7) - linux-2.6 <not-affected> (arm64 support introduced in 3.7) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1163744 @@ -4318,7 +4318,7 @@ [squeeze] - linux-2.6 <no-dsa> (KVM not supported in Squeeze LTS) NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a2b9e6c1a35a (v3.18-rc1) CVE-2014-7841 (The sctp_process_param function in net/sctp/sm_make_chunk.c in the ...) - - linux <unfixed> + - linux 3.16.7-ckt2-1 - linux-2.6 <removed> NOTE: Upstream patch: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e40607cbe270a9e8360907cb1e62ddf0736e4864 (v3.18-rc5) CVE-2014-7840 [insufficient parameter validation during ram load] @@ -4383,13 +4383,13 @@ CVE-2014-7827 RESERVED CVE-2014-7826 (kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 does ...) - - linux <unfixed> + - linux 3.16.7-ckt2-1 [wheezy] - linux <not-affected> (Vulnerable code introduced later) - linux-2.6 <not-affected> (Vulnerable code introduced later) NOTE: Fixed by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=086ba77a6db00ed858ff07451bedee197df868c9 (v3.18-rc3) NOTE: Support for SOFT_DISABLE to syscall events was added in https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d562aff93bfb530b0992141500a402d17081189d (v3.13-rc1) CVE-2014-7825 (kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 does ...) - - linux <unfixed> + - linux 3.16.7-ckt2-1 - linux-2.6 <removed> (unimportant) NOTE: CONFIG_FTRACE_SYSCALL not enabled in squeeze NOTE: Fixed by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=086ba77a6db00ed858ff07451bedee197df868c9 (v3.18-rc3) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits