[Secure-testing-commits] r28791 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Mon Sep 15 17:37:40 UTC 2014


Author: carnil
Date: 2014-09-15 17:37:40 +0000 (Mon, 15 Sep 2014)
New Revision: 28791

Modified:
   data/CVE/list
Log:
Three CVE assigned for linux/libceph issues

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-09-15 17:35:19 UTC (rev 28790)
+++ data/CVE/list	2014-09-15 17:37:40 UTC (rev 28791)
@@ -1,9 +1,14 @@
-CVE-2014-XXXX [libceph: do not hard code max auth ticket len]
-	- linux <unfixed>
-	- linux-2.6 <removed>
-	NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c27a3e4d667fdcad3db7b104f75659478e0c68d8 (v3.17-rc5)
-	NOTE: http://tracker.ceph.com/issues/8979
-	TODO: check
+CVE-2014-6418 [libceph: missing validation of the auth reply]
+       - linux <unfixed>
+       - linux-2.6 <removed>
+       NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit
+       NOTE: http://tracker.ceph.com/issues/8979
+CVE-2014-6417 [libceph: incorrect handling of kmalloc failures]
+       - linux <unfixed>
+       - linux-2.6 <removed>
+       NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit
+       NOTE: http://tracker.ceph.com/issues/8979
+CVE-2014-6416 [libceph: buffer overflow]
 CVE-2014-6410 [udf: Avoid infinite loop when processing indirect ICBs]
 	- linux <unfixed>
 	- linux-2.6 <removed>




More information about the Secure-testing-commits mailing list