Author: carnil
Date: 2014-12-08 17:40:39 +0000 (Mon, 08 Dec 2014)
New Revision: 30593
Modified:
data/CVE/list
Log:
Record fixed version for linux upload to unstable
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-12-08 16:21:52 UTC (rev 30592)
+++ data/CVE/list 2014-12-08 17:40:39 UTC (rev 30593)
@@ -819,7 +819,7 @@
RESERVED
- libjpeg-turbo 1:1.3.1-11 (bug #768369)
CVE-2014-9090 (The do_double_fault function in arch/x86/kernel/traps.c in the
Linux ...)
- - linux <unfixed>
+ - linux 3.16.7-ckt2-1
- linux-2.6 <removed>
NOTE:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6f442be2fb22be02cafa606f1769fa1e6f894441
(v3.18-rc6)
CVE-2014-9059 (lib/setup.php in Moodle through 2.4.11, 2.5.x before 2.5.9,
2.6.x ...)
@@ -2041,7 +2041,7 @@
- sosreport 3.2-2 (bug #769521)
NOTE: https://github.com/sosreport/sos/issues/425
CVE-2014-8884 (Stack-based buffer overflow in the ...)
- - linux <unfixed>
+ - linux 3.16.7-ckt2-1
- linux-2.6 <removed>
NOTE: Upstream commit:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f2e323ec96077642d397bb1c355def536d489d16
(v3.18-rc1)
CVE-2014-8769 (tcpdump 3.8 through 4.6.2 might allow remote attackers to
obtain ...)
@@ -3069,7 +3069,7 @@
CVE-2014-8370
RESERVED
CVE-2014-8369 (The kvm_iommu_map_pages function in virt/kvm/iommu.c in the
Linux ...)
- - linux <unfixed>
+ - linux 3.16.7-ckt2-1
- linux-2.6 <not-affected> (Incomplete fix for CVE-2014-3601 was not
applied)
NOTE: Introduced by
http://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=350b8bdd689cd2ab2c67c8a86a0be86cfa0751a7
NOTE: Fixed by:
https://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=3d32e4dbe71374a6780eaf51d719d76f9a9bf22f
@@ -3783,7 +3783,7 @@
- tigervnc <itp> (bug #650394)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1151307
CVE-2014-8086 (Race condition in the ext4_file_write_iter function in
fs/ext4/file.c ...)
- - linux <unfixed>
+ - linux 3.16.7-ckt2-1
- linux-2.6 <not-affected> (Vulnerable code not present)
NOTE: http://www.spinics.net/lists/linux-ext4/msg45683.html
CVE-2014-8089
@@ -4307,7 +4307,7 @@
CVE-2014-7844
RESERVED
CVE-2014-7843 (The __clear_user function in arch/arm64/lib/clear_user.S in the
Linux ...)
- - linux <unfixed>
+ - linux 3.16.7-ckt2-1
[wheezy] - linux <not-affected> (arm64 support introduced in 3.7)
- linux-2.6 <not-affected> (arm64 support introduced in 3.7)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1163744
@@ -4318,7 +4318,7 @@
[squeeze] - linux-2.6 <no-dsa> (KVM not supported in Squeeze LTS)
NOTE:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a2b9e6c1a35a
(v3.18-rc1)
CVE-2014-7841 (The sctp_process_param function in net/sctp/sm_make_chunk.c in
the ...)
- - linux <unfixed>
+ - linux 3.16.7-ckt2-1
- linux-2.6 <removed>
NOTE: Upstream patch:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e40607cbe270a9e8360907cb1e62ddf0736e4864
(v3.18-rc5)
CVE-2014-7840 [insufficient parameter validation during ram load]
@@ -4383,13 +4383,13 @@
CVE-2014-7827
RESERVED
CVE-2014-7826 (kernel/trace/trace_syscalls.c in the Linux kernel through
3.17.2 does ...)
- - linux <unfixed>
+ - linux 3.16.7-ckt2-1
[wheezy] - linux <not-affected> (Vulnerable code introduced later)
- linux-2.6 <not-affected> (Vulnerable code introduced later)
NOTE: Fixed by
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=086ba77a6db00ed858ff07451bedee197df868c9
(v3.18-rc3)
NOTE: Support for SOFT_DISABLE to syscall events was added in
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d562aff93bfb530b0992141500a402d17081189d
(v3.13-rc1)
CVE-2014-7825 (kernel/trace/trace_syscalls.c in the Linux kernel through
3.17.2 does ...)
- - linux <unfixed>
+ - linux 3.16.7-ckt2-1
- linux-2.6 <removed> (unimportant)
NOTE: CONFIG_FTRACE_SYSCALL not enabled in squeeze
NOTE: Fixed by
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=086ba77a6db00ed858ff07451bedee197df868c9
(v3.18-rc3)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
