[Secure-testing-commits] r35204 - data/CVE
Ben Hutchings
benh at moszumanska.debian.org
Sun Jun 28 22:16:23 UTC 2015
Author: benh
Date: 2015-06-28 22:16:22 +0000 (Sun, 28 Jun 2015)
New Revision: 35204
Modified:
data/CVE/list
Log:
Triage various issues for linux-2.6/squeeze as <no-dsa> or <not-affected>
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-06-28 22:00:34 UTC (rev 35203)
+++ data/CVE/list 2015-06-28 22:16:22 UTC (rev 35204)
@@ -2981,6 +2981,7 @@
- linux 4.0.2-1
[wheezy] - linux <not-affected> (Vulnerable code not present)
- linux-2.6 <removed>
+ [squeeze] - linux-2.6 <not-affected> (Vulnerable code not present)
NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=59c816c1f24df0204e01851431d3bab3eb76719c (v4.0-rc1)
NOTE: http://www.openwall.com/lists/oss-security/2015/05/13/4
CVE-2015-3988 (Multiple cross-site scripting (XSS) vulnerabilities in OpenStack ...)
@@ -3960,6 +3961,7 @@
NOTE: added as workaround until linux >= 4.0.2-1 migrates to testing
[jessie] - linux 3.16.7-ckt11-1
- linux-2.6 <removed>
+ [squeeze] - linux-2.6 <not-affected> (Vulnerable code not present)
NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a134f083e79fb4c3d0a925691e732c56911b4326 (v4.1-rc2)
NOTE: https://lkml.org/lkml/2011/5/13/382
CVE-2015-3459 (Hospira Lifecare PCA infusion pump running "SW ver 412" does not ...)
@@ -7001,6 +7003,7 @@
- linux 3.16.7-ckt9-1
[wheezy] - linux <no-dsa> (btrfs in 3.2 is just a tech preview and not usable for production)
- linux-2.6 <removed>
+ [squeeze] - linux-2.6 <no-dsa> (btrfs in 2.6.32 is just a tech preview and not usable for production)
NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5f5bc6b1e2d5a6f827bc860ef2dc5b6f365d1339 (v3.19-rc1)
NOTE: http://www.openwall.com/lists/oss-security/2015/03/24/11
CVE-2014-9718 (The (1) BMDMA and (2) AHCI HBA interfaces in the IDE functionality in ...)
@@ -18360,6 +18363,7 @@
- linux 3.13.4-1
[wheezy] - linux <no-dsa> (Too intrusive to backport)
- linux-2.6 <removed>
+ [squeeze] - linux-2.6 <no-dsa> (Too intrusive to backport)
NOTE: Upstream commit: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=eee5cc2702929fd41cce28058dc6d6717f723f87 (v3.13-rc1)
CVE-2014-8171 [kernel: memcg: OOM handling DoS]
RESERVED
@@ -19360,8 +19364,8 @@
CVE-2014-7975 (The do_umount function in fs/namespace.c in the Linux kernel through ...)
- linux 3.16.7-1
[wheezy] - linux <not-affected> (User namespaces only usable in later kernels)
- - linux-2.6 <not-affected> (User namespaces only usable in later kernels)
- linux-2.6 <removed>
+ [squeeze] - linux-2.6 <not-affected> (User namespaces only usable in later kernels)
NOTE: http://thread.gmane.org/gmane.linux.kernel.stable/109312
NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0ef3a56b1c466629cd0bf482b09c7b0e5a085bb5 (v3.18-rc1)
CVE-2014-7970 (The pivot_root implementation in fs/namespace.c in the Linux kernel ...)
@@ -19518,7 +19522,8 @@
CVE-2014-7825 (kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 does ...)
- linux 3.16.7-ckt2-1
[wheezy] - linux <not-affected> (Affected feature not enabled)
- - linux-2.6 <removed> (unimportant)
+ - linux-2.6 <removed>
+ [squeeze] - linux-2.6 <not-affected> (Affected feature not enabled)
NOTE: CONFIG_FTRACE_SYSCALL not enabled in squeeze
NOTE: Fixed by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=086ba77a6db00ed858ff07451bedee197df868c9 (v3.18-rc3)
CVE-2014-7824 (D-Bus 1.3.0 through 1.6.x before 1.6.26, 1.8.x before 1.8.10, and ...)
More information about the Secure-testing-commits
mailing list