[Secure-testing-commits] r34753 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Sat Jun 6 08:10:16 UTC 2015


Author: carnil
Date: 2015-06-06 08:10:16 +0000 (Sat, 06 Jun 2015)
New Revision: 34753

Modified:
   data/CVE/list
Log:
Add CVE-2015-4002/linux

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-06-06 08:03:48 UTC (rev 34752)
+++ data/CVE/list	2015-06-06 08:10:16 UTC (rev 34753)
@@ -526,8 +526,16 @@
 	RESERVED
 CVE-2015-4003
 	RESERVED
-CVE-2015-4002
+CVE-2015-4002 [ozwpan: lack of a check for whether a length value (elt->length or len) was too small]
 	RESERVED
+	- linux <unfixed> (unimportant)
+	[wheezy] - linux <not-affected> (ozwpan driver not present)
+	- linux-2.6 <not-affected> (ozwpan driver not present)
+	NOTE: https://lkml.org/lkml/2015/5/13/740
+	NOTE: https://git.kernel.org/cgit/linux/kernel/git/gregkh/staging.git/commit/?id=d114b9fe78c8d6fc6e70808c2092aa307c36dc8e
+	NOTE: https://lkml.org/lkml/2015/5/13/742
+	NOTE: https://git.kernel.org/cgit/linux/kernel/git/gregkh/staging.git/commit/?id=9a59029bc218b48eff8b5d4dde5662fd79d3e1a8
+	NOTE: Not enabled in Debian kernels; staging drivers are not supported
 CVE-2015-4001 [ozwpan: Use unsigned ints to prevent heap overflow]
 	RESERVED
 	- linux <unfixed> (unimportant)




More information about the Secure-testing-commits mailing list