[Secure-testing-commits] r29005 - in data: . CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Wed Sep 24 15:36:50 UTC 2014 

Author: jmm
Date: 2014-09-24 15:36:50 +0000 (Wed, 24 Sep 2014)
New Revision: 29005

Modified:
   data/CVE/list
   data/next-point-update.txt
Log:
linux fixes for 7.7 point update


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-09-24 14:48:22 UTC (rev 29004)
+++ data/CVE/list	2014-09-24 15:36:50 UTC (rev 29005)
@@ -1572,12 +1572,14 @@
 CVE-2014-6418 [libceph: missing validation of the auth reply]
 	RESERVED
 	- linux 3.16.3-1
+	[wheezy] - linux <no-dsa> (Will be fixed in next point release)
 	- linux-2.6 <removed>
 	[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.34)
 	NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c27a3e4d667fdcad3db7b104f75659478e0c68d8 (v3.17-rc5)
 	NOTE: http://tracker.ceph.com/issues/8979
 CVE-2014-6417 [libceph: issue of incorrect handling of kmalloc failures]
 	RESERVED
+	[wheezy] - linux <no-dsa> (Will be fixed in next point release)
 	- linux 3.16.3-1
 	- linux-2.6 <removed>
 	[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.34)
@@ -1586,6 +1588,7 @@
 CVE-2014-6416 [libceph: buffer overflow]
 	RESERVED
 	- linux 3.16.3-1
+	[wheezy] - linux <no-dsa> (Will be fixed in next point release)
 	- linux-2.6 <removed>
 	[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.34)
 	NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c27a3e4d667fdcad3db7b104f75659478e0c68d8 (v3.17-rc5)
@@ -1596,6 +1599,7 @@
 CVE-2014-6410 [udf: Avoid infinite loop when processing indirect ICBs]
 	RESERVED
 	- linux <unfixed>
+	[wheezy] - linux <no-dsa> (Will be fixed in next point release)
 	- linux-2.6 <removed>
 	NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c03aa9f6e1f938618e6db2e23afef0574efeeb65 (v3.17-rc5)
 CVE-2012-6657 [net: guard tcp_set_keepalive against crash]
@@ -3729,12 +3733,14 @@
 	NOT-FOR-US: TimThumb
 CVE-2014-5472 (The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the ...)
 	- linux 3.16.2-1
+	[wheezy] - linux <no-dsa> (Will be fixed in next point release)
 	- linux-2.6 <removed>
 	NOTE: https://code.google.com/p/google-security-research/issues/detail?id=88
 	NOTE: https://github.com/torvalds/linux/commit/410dd3cf4c9b36f27ed4542ee18b1af5e68645a4
 	NOTE: commit contained first in v3.17-rc2
 CVE-2014-5471 (Stack consumption vulnerability in the parse_rock_ridge_inode_internal ...)
 	- linux 3.16.2-1
+	[wheezy] - linux <no-dsa> (Will be fixed in next point release)
 	- linux-2.6 <removed>
 	NOTE: https://code.google.com/p/google-security-research/issues/detail?id=88
 	NOTE: https://github.com/torvalds/linux/commit/410dd3cf4c9b36f27ed4542ee18b1af5e68645a4
@@ -4656,6 +4662,7 @@
 	[squeeze] - cairo <no-dsa> (Minor issue)
 CVE-2014-5077 (The sctp_assoc_update function in net/sctp/associola.c in the Linux ...)
 	- linux 3.14.15-1
+	[wheezy] - linux <no-dsa> (Will be fixed in next point release)
 	- linux-2.6 <removed>
 	NOTE: upstream fix: http://patchwork.ozlabs.org/patch/372475/
 CVE-2014-5043
@@ -6782,6 +6789,7 @@
 	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46766
 CVE-2014-4171 (mm/shmem.c in the Linux kernel through 3.15.1 does not properly ...)
 	- linux 3.14.15-1
+	[wheezy] - linux <no-dsa> (Will be fixed in next point release)
 	- linux-2.6 <not-affected> (Vulnerable code introduced later)
 	NOTE: https://lkml.org/lkml/2014/7/2/518
 CVE-2014-4170
@@ -9328,36 +9336,42 @@
 CVE-2014-3186 [PicoLCD HID device driver pool overflow]
 	RESERVED
 	- linux <unfixed>
+	[wheezy] - linux <no-dsa> (Will be fixed in next point release)
 	- linux-2.6 <not-affected> (Vulnerable code not present)
 	NOTE: https://code.google.com/p/google-security-research/issues/detail?id=101
 	NOTE: Upstream fix: https://git.kernel.org/linus/844817e47eef14141cf59b8d5ac08dd11c0a9189 (v3.17-rc3)
 CVE-2014-3185 [Linux Kernel Buffer Overflow in Whiteheat USB Serial Driver]
 	RESERVED
 	- linux <unfixed>
+	[wheezy] - linux <no-dsa> (Will be fixed in next point release)
 	- linux-2.6 <removed>
 	NOTE: https://code.google.com/p/google-security-research/issues/detail?id=98
 	NOTE: Upstream fix: https://git.kernel.org/linus/6817ae225cd650fb1c3295d769298c38b1eba818 (v3.17-rc3)
 CVE-2014-3184 [Linux kernel HID report fixup multiple off-by-one issues]
 	RESERVED
 	- linux <unfixed>
+	[wheezy] - linux <no-dsa> (Will be fixed in next point release)
 	- linux-2.6 <removed>
 	NOTE: https://code.google.com/p/google-security-research/issues/detail?id=91
 	NOTE: Upstream fix: https://git.kernel.org/linus/4ab25786c87eb20857bbb715c3ae34ec8fd6a214 (v3.17-rc2)
 CVE-2014-3183 [Linux kernel hid-logitech-dj.c logi_dj_ll_raw_request heap overflow]
 	RESERVED
 	- linux <unfixed>
+	[wheezy] - linux <no-dsa> (Will be fixed in next point release)
 	- linux-2.6 <removed>
 	NOTE: https://code.google.com/p/google-security-research/issues/detail?id=90
 	NOTE: Upstream fix: https://git.kernel.org/linus/51217e69697fba92a06e07e16f55c9a52d8e8945 (v3.17-rc2)
 CVE-2014-3182 [Linux kernel hid-logitech-dj.c device_index arbitrary kfree]
 	RESERVED
 	- linux <unfixed>
+	[wheezy] - linux <no-dsa> (Will be fixed in next point release)
 	- linux-2.6 <removed>
 	NOTE: https://code.google.com/p/google-security-research/issues/detail?id=89
 	NOTE: Upstream fix: https://git.kernel.org/linus/ad3e14d7c5268c2e24477c6ef54bbdf88add5d36 (v3.17-rc2)
 CVE-2014-3181 [Magic Mouse HID device driver overflow]
 	RESERVED
 	- linux <unfixed>
+	[wheezy] - linux <no-dsa> (Will be fixed in next point release)
 	- linux-2.6 <not-affected> (Vulnerable code not present)
 	NOTE: https://code.google.com/p/google-security-research/issues/detail?id=100
 	NOTE: Upstream fix: https://git.kernel.org/linus/c54def7bd64d7c0b6993336abcffb8444795bf38 (v3.17-rc3)

Modified: data/next-point-update.txt
===================================================================
--- data/next-point-update.txt	2014-09-24 14:48:22 UTC (rev 29004)
+++ data/next-point-update.txt	2014-09-24 15:36:50 UTC (rev 29005)
@@ -12,4 +12,33 @@
 	[wheezy] - net-snmp 5.4.3~dfsg-2.8+deb7u1
 CVE-2012-6151
 	[wheezy] - net-snmp 5.4.3~dfsg-2.8+deb7u1
-
+CVE-2014-3181
+	[wheezy] - linux 3.2.63-1
+CVE-2014-3182
+	[wheezy] - linux 3.2.63-1
+CVE-2014-3183
+	[wheezy] - linux 3.2.63-1
+CVE-2014-3184
+	[wheezy] - linux 3.2.63-1
+CVE-2014-3185
+	[wheezy] - linux 3.2.63-1
+CVE-2014-3601
+	[wheezy] - linux 3.2.63-1
+CVE-2014-4171
+	[wheezy] - linux 3.2.63-1
+CVE-2014-4608
+	[wheezy] - linux 3.2.63-1
+CVE-2014-5077
+	[wheezy] - linux 3.2.63-1
+CVE-2014-5471
+	[wheezy] - linux 3.2.63-1
+CVE-2014-5472
+	[wheezy] - linux 3.2.63-1
+CVE-2014-6410
+	[wheezy] - linux 3.2.63-1
+CVE-2014-6416
+	[wheezy] - linux 3.2.63-1
+CVE-2014-6417
+	[wheezy] - linux 3.2.63-1
+CVE-2014-6418
+	[wheezy] - linux 3.2.63-1

More information about the Secure-testing-commits mailing list