[Secure-testing-commits] r26924 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Wed May 14 19:23:02 UTC 2014
Author: carnil
Date: 2014-05-14 19:23:01 +0000 (Wed, 14 May 2014)
New Revision: 26924
Modified:
data/CVE/list
Log:
Add CVE-2012-6647/linux
The fix for 3.2.x is contained in 3.2.27, the first version in Debian
containing the comit thus is 3.2.29-1.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-05-14 15:47:59 UTC (rev 26923)
+++ data/CVE/list 2014-05-14 19:23:01 UTC (rev 26924)
@@ -1214,6 +1214,11 @@
RESERVED
CVE-2013-7369 (SQL injection vulnerability in an unspecified DLL in the FSDBCom ...)
NOT-FOR-US: F-Secure Anti-Virus
+CVE-2012-6647 [forbid uaddr == uaddr2 in futex_wait_requeue_pi() to avoid null dereference]
+ - linux 3.2.29-1
+ - linux-2.6 <removed>
+ NOTE: Upstream fix: https://git.kernel.org/linus/6f7b0a2a5c0fb03be7c25bd1745baa50582348ef
+ NOTE: Introduced in https://git.kernel.org/linus/52400ba946759af28442dee6265c5c0180ac7122
CVE-2012-6646 (F-Secure Anti-Virus, Safe Anywhere, and PSB Workstation Security ...)
NOT-FOR-US: F-Secure
CVE-2014-XXXX [Insecure default permissions for ~/.virtualenvs and scripts]
More information about the Secure-testing-commits
mailing list