[Secure-testing-commits] r33544 - data/CVE

Sun Apr 12 21:25:13 UTC 2015

Author: benh
Date: 2015-04-12 21:25:13 +0000 (Sun, 12 Apr 2015)
New Revision: 33544

Modified:
   data/CVE/list
Log:
Mark various kernel issues as unfixed or no-dsa in squeeze and wheezy

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2015-04-12 20:24:14 UTC (rev 33543)
+++ data/CVE/list	2015-04-12 21:25:13 UTC (rev 33544)
@@ -456,7 +456,9 @@
 CVE-2015-2922 [IPv6 Hop limit lowering via RA messages]
 	RESERVED
 	- linux 3.16.7-ckt9-1
+	[wheezy] - linux <unfixed>
 	- linux-2.6 <removed>
+	[squeeze] - linux-2.6 <unfixed>
 	NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6fd99094de2b83d1d4c8457f2c83483b2828e75a
 CVE-2015-2829
 	RESERVED
@@ -501,7 +503,9 @@
 CVE-2015-2830 [Linux mishandles int80 fork from 64-bit tasks]
 	RESERVED
 	- linux 3.16.7-ckt9-1
+	[wheezy] - linux <unfixed>
 	- linux-2.6 <removed>
+	[squeeze] - linux-2.6 <unfixed>
 	NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=956421fbb74c3a6261903f3836c0740187cf038b (v4.0-rc3)
 	NOTE: http://www.openwall.com/lists/oss-security/2015/04/02/1
 CVE-2015-XXXX [Signature Bypass in several JSON Web Token Libraries]
@@ -1949,6 +1953,7 @@
 	RESERVED
 	- linux 3.2.20-1
 	- linux-2.6 3.2.1-1
+	[squeeze] - linux-2.6 <unfixed>
 	NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c290f8358acaeffd8e0c551ddcc24d1206143376 (v3.2-rc1)
 	NOTE: Introduced by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4a2b5fddd53b80efcb3266ee36e23b8de28e761a (v2.6.28-rc1)
 	NOTE: 3.2.20-1 is the first version after the src:linux-2.6 -> src:linux rename.
@@ -2977,6 +2982,7 @@
 CVE-2015-2042 [incorrect data type in rds_sysctl_rds_table]
 	RESERVED
 	- linux 3.16.7-ckt9-1
+	[wheezy] - linux <no-dsa> (Minor issue)
 	- linux-2.6 <removed>
 	[squeeze] - linux-2.6 <no-dsa> (Minor issue)
 	NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=db27ebb111e9f69efece08e4cb6a34ff980f8896 (v3.19)
@@ -2984,6 +2990,7 @@
 CVE-2015-2041 [incorrect data type in llc2_timeout_table]
 	RESERVED
 	- linux 3.16.7-ckt9-1
+	[wheezy] - linux <no-dsa> (Minor issue)
 	- linux-2.6 <removed>
 	[squeeze] - linux-2.6 <no-dsa> (Minor issue)
 	NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6b8d9117ccb4f81b1244aafa7bc70ef8fa45fc49 (v3.19-rc7)
@@ -3697,6 +3704,7 @@
 	{DSA-3170-1}
 	- linux 3.16.7-ckt4-1
 	- linux-2.6 <removed>
+	[squeeze] - linux-2.6 <unfixed>
 	NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=942080643bce061c3dd9d5718d3b745dcb39a8bc (v3.19-rc1)
 CVE-2013-7436 [session hijack through insecurely set session token cookies]
 	RESERVED
@@ -12589,7 +12597,9 @@
 	NOTE: http://www.spinics.net/lists/netfilter-devel/msg33430.html
 CVE-2014-8159 (The InfiniBand (IB) implementation in the Linux kernel package before ...)
 	- linux 3.16.7-ckt9-1
+	[wheezy] - linux <unfixed>
 	- linux-2.6 <removed>
+	[squeeze] - linux-2.6 <unfixed>
 CVE-2014-8158 (Multiple stack-based buffer overflows in jpc_qmfb.c in JasPer 1.900.1 ...)
 	{DSA-3138-1 DLA-138-1}
 	- jasper 1.900.1-debian1-2.4 (bug #775970)
@@ -25110,6 +25120,7 @@
 	- linux 3.16.2-2
 	[wheezy] - linux 3.2.63-1
 	- linux-2.6 <removed>
+	[squeeze] - linux-2.6 <unfixed>
 	NOTE: https://code.google.com/p/google-security-research/issues/detail?id=91
 	NOTE: Upstream fix: https://git.kernel.org/linus/4ab25786c87eb20857bbb715c3ae34ec8fd6a214 (v3.17-rc2)
 CVE-2014-3183 (Heap-based buffer overflow in the logi_dj_ll_raw_request function in ...)


