[Secure-testing-commits] r24320 - data/CVE

Thu Nov 7 11:02:39 UTC 2013

Author: jmm
Date: 2013-11-07 11:02:39 +0000 (Thu, 07 Nov 2013)
New Revision: 24320

Modified:
   data/CVE/list
Log:
several kernel updates
krb5 no-dsa
NFUs


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2013-11-07 10:31:20 UTC (rev 24319)
+++ data/CVE/list	2013-11-07 11:02:39 UTC (rev 24320)
@@ -4701,42 +4701,40 @@
 	RESERVED
 CVE-2013-4516 [kernel memory disclosure via uninitialized structure members]
 	RESERVED
-	- linux <unfixed>
-	- linux-2.6 <removed>
+	- linux 3.12-1 (unimportant)
+	[wheezy] - linux <not-affected> (Affected code not present yet)
+	- linux-2.6 <not-affected> (Affected code not present yet)
 	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a8b33654b1e3b0c74d4a1fed041c9aae50b3c427
-	TODO: check
-CVE-2013-4515 [kernel memory disclosure via uninitialized structure members]
+	NOTE: Not enabled in Debian kernels; staging drivers are not supported
+CVE-2013-4515 [bcm: kernel memory disclosure via uninitialized structure members]
 	RESERVED
-	- linux <unfixed>
-	- linux-2.6 <removed>
+	- linux 3.12-1 (unimportant)
+	- linux-2.6 <not-affected> (Affected code not present yet)
 	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8d1e72250c847fa96498ec029891de4dc638a5ba
-	TODO: check
+	NOTE: Not enabled in Debian kernels; staging drivers are not supported
 CVE-2013-4514 [buffer overflow when setting station name]
 	RESERVED
-	- linux <unfixed>
-	- linux-2.6 <removed>
+	- linux 3.12-1 (unimportant)
+	- linux-2.6 <not-affected> (Affected code not present yet)
 	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b5e2f339865fb443107e5b10603e53bbc92dc054
-	TODO: check
-CVE-2013-4513 [buffer overflow in write syscall]
+	NOTE: Not enabled in Debian kernels; staging drivers are not supported
+CVE-2013-4513 [ozwpan: buffer overflow in write syscall]
 	RESERVED
-	- linux <unfixed>
-	- linux-2.6 <removed>
+	- linux 3.12-1 (unimportant)
+	[wheezy] - linux <not-affected> (Affected code not present yet)
+	- linux-2.6 <not-affected> (Affected code not present yet)
 	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c2c65cd2e14ada6de44cb527e7f1990bede24e15
-	TODO: check
-CVE-2013-4512 [buffer overflow in write syscall]
+	NOTE: Not enabled in Debian kernels; staging drivers are not supported
+CVE-2013-4512 [buffer overflow in proc code]
 	RESERVED
-	- linux <unfixed>
-	- linux-2.6 <removed>
+	- linux <unfixed> (low)
+	- linux-2.6 <removed> (low)
 	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=201f99f170df14ba52ea4c52847779042b7a623b
-	NOTE: linux/3.12 contains the fix
-	TODO: check, only arch/um/kernel/exitcode.c
 CVE-2013-4511
 	RESERVED
 	- linux <unfixed>
 	- linux-2.6 <removed>
 	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7314e613d
-	NOTE: linux/3.12 contains the fix (not yet in unstable)
-	TODO: check
 CVE-2013-4510 [File extension not santized]
 	RESERVED
 	{DSA-2791-1}
@@ -5287,8 +5285,7 @@
 	NOTE: Patch: http://icedtea.classpath.org/hg/release/icedtea-web-1.4/rev/82e007d8b05a
 CVE-2013-4348 (The skb_flow_dissect function in net/core/flow_dissector.c in the ...)
 	- linux 3.11.6-2
-	- linux-2.6 <removed>
-	TODO: check linux-2.6
+	- linux-2.6 <not-affected> (Introduced in 3.2)
 CVE-2013-4347 [Uses poor PRNG]
 	RESERVED
 	- python-oauth2 <unfixed> (low; bug #722657)
@@ -13505,7 +13502,9 @@
 	RESERVED
 CVE-2013-1418 [multi-realm KDC null dereference leads to crash]
 	RESERVED
-	- krb5 <unfixed> (bug #728845)
+	- krb5 <unfixed> (low; bug #728845)
+	[squeeze] - krb5 <no-dsa> (Minor issue)
+	[wheezy] - krb5 <no-dsa> (Minor issue)
 	NOTE: http://krbdev.mit.edu/rt/Ticket/Display.html?id=7757
 	NOTE: https://github.com/krb5/krb5/commit/5d2d9a1abe46a2c1a8614d4672d08d9d30a5f8bf
 CVE-2013-1417
@@ -14309,8 +14308,10 @@
 	[squeeze] - linux-2.6 <not-affected> (CEPH was introduced in 2.6.34)
 CVE-2013-1058
 	RESERVED
+	NOT-FOR-US: Ubuntu MAAS
 CVE-2013-1057
 	RESERVED
+	NOT-FOR-US: Ubuntu MAAS
 CVE-2013-1056 (X.org X server 1.13.3 and earlier, when not run as root, allows local ...)
 	- xorg-server <not-affected> (Ubuntu-specific patch, see http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-1056.html)
 CVE-2013-1055


