[Secure-testing-commits] r30593 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Mon Dec 8 17:40:39 UTC 2014 

Author: carnil
Date: 2014-12-08 17:40:39 +0000 (Mon, 08 Dec 2014)
New Revision: 30593

Modified:
   data/CVE/list
Log:
Record fixed version for linux upload to unstable

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-12-08 16:21:52 UTC (rev 30592)
+++ data/CVE/list	2014-12-08 17:40:39 UTC (rev 30593)
@@ -819,7 +819,7 @@
 	RESERVED
 	- libjpeg-turbo 1:1.3.1-11 (bug #768369)
 CVE-2014-9090 (The do_double_fault function in arch/x86/kernel/traps.c in the Linux ...)
-	- linux <unfixed>
+	- linux 3.16.7-ckt2-1
 	- linux-2.6 <removed>
 	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6f442be2fb22be02cafa606f1769fa1e6f894441 (v3.18-rc6)
 CVE-2014-9059 (lib/setup.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x ...)
@@ -2041,7 +2041,7 @@
 	- sosreport 3.2-2 (bug #769521)
 	NOTE: https://github.com/sosreport/sos/issues/425
 CVE-2014-8884 (Stack-based buffer overflow in the ...)
-	- linux <unfixed>
+	- linux 3.16.7-ckt2-1
 	- linux-2.6 <removed>
 	NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f2e323ec96077642d397bb1c355def536d489d16 (v3.18-rc1)
 CVE-2014-8769 (tcpdump 3.8 through 4.6.2 might allow remote attackers to obtain ...)
@@ -3069,7 +3069,7 @@
 CVE-2014-8370
 	RESERVED
 CVE-2014-8369 (The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux ...)
-	- linux <unfixed>
+	- linux 3.16.7-ckt2-1
 	- linux-2.6 <not-affected> (Incomplete fix for CVE-2014-3601 was not applied)
 	NOTE: Introduced by http://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=350b8bdd689cd2ab2c67c8a86a0be86cfa0751a7
 	NOTE: Fixed by: https://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=3d32e4dbe71374a6780eaf51d719d76f9a9bf22f
@@ -3783,7 +3783,7 @@
 	- tigervnc <itp> (bug #650394)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1151307
 CVE-2014-8086 (Race condition in the ext4_file_write_iter function in fs/ext4/file.c ...)
-	- linux <unfixed>
+	- linux 3.16.7-ckt2-1
 	- linux-2.6 <not-affected> (Vulnerable code not present)
 	NOTE: http://www.spinics.net/lists/linux-ext4/msg45683.html
 CVE-2014-8089
@@ -4307,7 +4307,7 @@
 CVE-2014-7844
 	RESERVED
 CVE-2014-7843 (The __clear_user function in arch/arm64/lib/clear_user.S in the Linux ...)
-	- linux <unfixed>
+	- linux 3.16.7-ckt2-1
 	[wheezy] - linux <not-affected> (arm64 support introduced in 3.7)
 	- linux-2.6 <not-affected> (arm64 support introduced in 3.7)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1163744
@@ -4318,7 +4318,7 @@
 	[squeeze] - linux-2.6 <no-dsa> (KVM not supported in Squeeze LTS)
 	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a2b9e6c1a35a (v3.18-rc1)
 CVE-2014-7841 (The sctp_process_param function in net/sctp/sm_make_chunk.c in the ...)
-	- linux <unfixed>
+	- linux 3.16.7-ckt2-1
 	- linux-2.6 <removed>
 	NOTE: Upstream patch: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e40607cbe270a9e8360907cb1e62ddf0736e4864 (v3.18-rc5)
 CVE-2014-7840 [insufficient parameter validation during ram load]
@@ -4383,13 +4383,13 @@
 CVE-2014-7827
 	RESERVED
 CVE-2014-7826 (kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 does ...)
-	- linux <unfixed>
+	- linux 3.16.7-ckt2-1
 	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
 	- linux-2.6 <not-affected> (Vulnerable code introduced later)
 	NOTE: Fixed by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=086ba77a6db00ed858ff07451bedee197df868c9 (v3.18-rc3)
 	NOTE: Support for SOFT_DISABLE to syscall events was added in https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d562aff93bfb530b0992141500a402d17081189d (v3.13-rc1)
 CVE-2014-7825 (kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 does ...)
-	- linux <unfixed>
+	- linux 3.16.7-ckt2-1
 	- linux-2.6 <removed> (unimportant)
 	NOTE: CONFIG_FTRACE_SYSCALL not enabled in squeeze
 	NOTE: Fixed by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=086ba77a6db00ed858ff07451bedee197df868c9 (v3.18-rc3)

More information about the Secure-testing-commits mailing list