[Secure-testing-commits] r26924 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Wed May 14 19:23:02 UTC 2014


Author: carnil
Date: 2014-05-14 19:23:01 +0000 (Wed, 14 May 2014)
New Revision: 26924

Modified:
   data/CVE/list
Log:
Add CVE-2012-6647/linux

The fix for 3.2.x is contained in 3.2.27, the first version in Debian
containing the comit thus is 3.2.29-1.

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-05-14 15:47:59 UTC (rev 26923)
+++ data/CVE/list	2014-05-14 19:23:01 UTC (rev 26924)
@@ -1214,6 +1214,11 @@
 	RESERVED
 CVE-2013-7369 (SQL injection vulnerability in an unspecified DLL in the FSDBCom ...)
 	NOT-FOR-US: F-Secure Anti-Virus
+CVE-2012-6647 [forbid uaddr == uaddr2 in futex_wait_requeue_pi() to avoid null dereference]
+	- linux 3.2.29-1
+	- linux-2.6 <removed>
+	NOTE: Upstream fix: https://git.kernel.org/linus/6f7b0a2a5c0fb03be7c25bd1745baa50582348ef
+	NOTE: Introduced in https://git.kernel.org/linus/52400ba946759af28442dee6265c5c0180ac7122
 CVE-2012-6646 (F-Secure Anti-Virus, Safe Anywhere, and PSB Workstation Security ...)
 	NOT-FOR-US: F-Secure
 CVE-2014-XXXX [Insecure default permissions for ~/.virtualenvs and scripts]




More information about the Secure-testing-commits mailing list