[Secure-testing-commits] r26729 - in data: CVE DSA

Moritz Muehlenhoff jmm at moszumanska.debian.org
Mon Apr 28 16:57:46 UTC 2014 

Author: jmm
Date: 2014-04-28 16:57:46 +0000 (Mon, 28 Apr 2014)
New Revision: 26729

Modified:
   data/CVE/list
   data/DSA/list
Log:
linux-2.6 updates


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-04-28 16:45:19 UTC (rev 26728)
+++ data/CVE/list	2014-04-28 16:57:46 UTC (rev 26729)
@@ -621,7 +621,7 @@
 	NOTE: https://nodesecurity.io/advisories/marked_multiple_content_injection_vulnerabilities
 CVE-2014-2851 (Integer overflow in the ping_init_sock function in net/ipv4/ping.c in ...)
 	- linux <unfixed> (low)
-	- linux-2.6 <removed> (low)
+	- linux-2.6 <not-affected> (Introduced in 3.0)
 	NOTE: https://lkml.org/lkml/2014/4/10/736
 	NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=b04c46190219a4f845e46a459e3102137b7f6cac
 CVE-2014-2830 [cifs-utils: pam module pam_cifscreds stack overflow]
@@ -869,7 +869,7 @@
 CVE-2014-2672 (Race condition in the ath_tx_aggr_sleep function in ...)
 	- linux 3.13.7-1
 	[wheezy] - linux 3.2.57-1
-	- linux-2.6 <removed>
+	- linux-2.6 <not-affected> (Introduced in 3.0)
 	NOTE: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=21f8aaee0c62708654988ce092838aa7df4d25d8
 CVE-2014-2669 (Multiple integer overflows in contrib/hstore/hstore_io.c in PostgreSQL ...)
 	{DSA-2865-1}
@@ -2669,6 +2669,7 @@
 CVE-2012-6638 (The tcp_rcv_state_process function in net/ipv4/tcp_input.c in the ...)
 	- linux 3.2.29-1
 	- linux-2.6  <removed>
+        [squeeze] - linux-2.6 2.6.32-47
 	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fdf5af0daf8019cec2396cdef8fb042d80fe71fa
 CVE-2014-2039 (arch/s390/kernel/head64.S in the Linux kernel before 3.13.5 on the ...)
 	{DSA-2906-1}
@@ -7766,7 +7767,7 @@
 CVE-2014-0131 (Use-after-free vulnerability in the skb_segment function in ...)
 	- linux 3.13.6-1
 	[wheezy] - linux 3.2.57-1
-	- linux-2.6 <removed>
+	- linux-2.6 <not-affected> (Introduced in 3.1)
 	NOTE: http://marc.info/?l=linux-netdev&m=139446896921968&w=2
 CVE-2014-0130
 	RESERVED
@@ -9957,7 +9958,7 @@
 	NOTE: Potential code execution
 CVE-2013-6282 (The (1) get_user and (2) put_user API functions in the Linux kernel ...)
 	- linux 3.6.4-1~experimental.1
-	- linux-2.6 <removed>
+	- linux-2.6 <not-affected> (Introduced in 2.6.38)
 	[wheezy] - linux 3.2.53-1
 	NOTE: https://www.codeaurora.org/projects/security-advisories/missing-access-checks-putusergetuser-kernel-api-cve-2013-6282
 	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/arch/arm/include/asm/uaccess.h?id=8404663f81d212918ff85f493649a7991209fa04

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2014-04-28 16:45:19 UTC (rev 26728)
+++ data/DSA/list	2014-04-28 16:57:46 UTC (rev 26729)
@@ -36,7 +36,7 @@
 [16 Apr 2014] DSA-2907-1 squeeze end-of-life
         NOTE: end of security support for squeeze
 [24 Apr 2014] DSA-2906-1 linux-2.6 - several
-	{CVE-2013-0343 CVE-2013-2147 CVE-2013-2889 CVE-2013-2893 CVE-2013-2929 CVE-2013-4162 CVE-2013-4299 CVE-2013-4345 CVE-2013-4511 CVE-2013-4512 CVE-2013-4587 CVE-2013-4588 CVE-2013-6367 CVE-2013-6380 CVE-2013-6381 CVE-2013-6382 CVE-2013-6383 CVE-2013-7263 CVE-2013-7264 CVE-2013-7265 CVE-2013-7339 CVE-2014-0101 CVE-2014-1444 CVE-2014-1445 CVE-2014-1446 CVE-2014-1874 CVE-2014-2039 CVE-2014-2523}
+	{CVE-2013-0343 CVE-2013-2147 CVE-2013-2889 CVE-2013-2893 CVE-2013-2929 CVE-2013-4162 CVE-2013-4299 CVE-2013-4345 CVE-2013-4511 CVE-2013-4512 CVE-2013-4587 CVE-2013-4588 CVE-2013-6367 CVE-2013-6380 CVE-2013-6381 CVE-2013-6382 CVE-2013-6383 CVE-2013-7263 CVE-2013-7264 CVE-2013-7265 CVE-2013-7339 CVE-2014-0101 CVE-2014-1444 CVE-2014-1445 CVE-2014-1446 CVE-2014-1874 CVE-2014-2039 CVE-2014-2523 CVE-2013-6378}
         [squeeze] - linux-2.6 2.6.32-48squeeze5
 [15 Apr 2014] DSA-2905-1 chromium-browser - security update
 	{CVE-2014-1716 CVE-2014-1717 CVE-2014-1718 CVE-2014-1719 CVE-2014-1720 CVE-2014-1721 CVE-2014-1722 CVE-2014-1723 CVE-2014-1724 CVE-2014-1725 CVE-2014-1726 CVE-2014-1727 CVE-2014-1728 CVE-2014-1729}

More information about the Secure-testing-commits mailing list