[Secure-testing-commits] r36824 - data/CVE
Ben Hutchings
benh at moszumanska.debian.org
Fri Sep 25 00:06:59 UTC 2015
Author: benh
Date: 2015-09-25 00:06:59 +0000 (Fri, 25 Sep 2015)
New Revision: 36824
Modified:
data/CVE/list
Log:
Triage linux/linux-2.6 issues
Various issues are in code we don't ship, or were fixed before the CVE
assignment and without a DSA.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-09-24 21:10:12 UTC (rev 36823)
+++ data/CVE/list 2015-09-25 00:06:59 UTC (rev 36824)
@@ -2478,8 +2478,10 @@
TODO: check
CVE-2015-6526 (The perf_callchain_user_64 function in arch/powerpc/perf/callchain.c ...)
- linux 4.1.3-1
- [wheezy] - linux <not-affected> (No ppc64 yet)
- - linux-2.6 <not-affected> (No ppc64 yet)
+ [wheezy] - linux 3.2.71-1
+ [jessie] - linux 3.16.7-ckt11-1
+ - linux-2.6 <removed>
+ [squeeze] - linux-2.6 <not-affected> (powerpc not supported in Squeeze LTS)
NOTE: http://www.openwall.com/lists/oss-security/2015/08/18/4
NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9a5cbce421a283e6aea3c4007f141735bf9da8c3 (v4.1-rc1)
TODO: check which ppc64 kernel support perf
@@ -8421,20 +8423,20 @@
CVE-2015-4005
RESERVED
CVE-2015-4004 (The OZWPAN driver in the Linux kernel through 4.0.5 relies on an ...)
- - linux <unfixed> (unimportant)
+ - linux <not-affected> (ozwpan driver not built)
[wheezy] - linux <not-affected> (ozwpan driver not present)
- linux-2.6 <not-affected> (ozwpan driver not present)
NOTE: https://lkml.org/lkml/2015/5/13/739
NOTE: Not enabled in Debian kernels; staging drivers are not supported
CVE-2015-4003 (The oz_usb_handle_ep_data function in ...)
- - linux <unfixed> (unimportant)
+ - linux <not-affected> (ozwpan driver not built)
[wheezy] - linux <not-affected> (ozwpan driver not present)
- linux-2.6 <not-affected> (ozwpan driver not present)
NOTE: https://lkml.org/lkml/2015/5/13/741
NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=04bf464a5dfd9ade0dda918e44366c2c61fce80b (v4.1-rc7)
NOTE: Not enabled in Debian kernels; staging drivers are not supported
CVE-2015-4002 (drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux ...)
- - linux <unfixed> (unimportant)
+ - linux <not-affected> (ozwpan driver not built)
[wheezy] - linux <not-affected> (ozwpan driver not present)
- linux-2.6 <not-affected> (ozwpan driver not present)
NOTE: https://lkml.org/lkml/2015/5/13/740
@@ -8443,7 +8445,7 @@
NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9a59029bc218b48eff8b5d4dde5662fd79d3e1a8 (v4.1-rc7)
NOTE: Not enabled in Debian kernels; staging drivers are not supported
CVE-2015-4001 (Integer signedness error in the oz_hcd_get_desc_cnf function in ...)
- - linux <unfixed> (unimportant)
+ - linux <not-affected> (ozwpan driver not built)
[wheezy] - linux <not-affected> (ozwpan driver not present)
- linux-2.6 <not-affected> (ozwpan driver not present)
NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b1bb5b49373b61bf9d2c73a4d30058ba6f069e4c (v4.1-rc7)
@@ -15568,6 +15570,8 @@
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/20/14
CVE-2015-XXXX [Linux ASLR mmap weakness: Reducing entropy by half]
- linux 4.0.2-1
+ [wheezy] - linux <no-dsa> (Minor issue)
+ [jessie] - linux <no-dsa> (Minor issue)
- linux-2.6 <removed>
[squeeze] - linux-2.6 <not-affected> (powerpc not supported in Squeeze LTS)
NOTE: http://hmarco.org/bugs/linux-ASLR-reducing-mmap-by-half.html
@@ -46835,6 +46839,7 @@
NOTE: https://github.com/mrash/fwsnort/commit/fa977453120cc48e1654f373311f9cac468d3348
CVE-2014-0038 (The compat_sys_recvmmsg function in net/compat.c in the Linux kernel ...)
- linux 3.13.4-1 (unimportant)
+ [wheezy] - linux <not-affected> (Introduced in 3.4+)
- linux-2.6 <not-affected> (Introduced in 3.4+)
NOTE: introduced by http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/net/compat.c?id=ee4fa23c4bfcc635d077a9633d405610de45bc70
NOTE: Debian does not enable CONFIG_X86_X32, see #708070
@@ -53094,12 +53099,14 @@
NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a8b33654b1e3b0c74d4a1fed041c9aae50b3c427
NOTE: Not enabled in Debian kernels; staging drivers are not supported
CVE-2013-4515 (The bcm_char_ioctl function in drivers/staging/bcm/Bcmchar.c in the ...)
- - linux 3.12-1 (unimportant)
+ - linux <not-affected> (bcm driver not built)
+ [wheezy] - linux <not-affected> (bcm driver not built)
- linux-2.6 <not-affected> (Affected code not present yet)
NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8d1e72250c847fa96498ec029891de4dc638a5ba
NOTE: Not enabled in Debian kernels; staging drivers are not supported
CVE-2013-4514 (Multiple buffer overflows in drivers/staging/wlags49_h2/wl_priv.c in ...)
- - linux 3.12-1 (unimportant)
+ - linux <not-affected> (wlags49_h2 driver not built)
+ [wheezy] - linux <not-affected> (wlags49_h2 driver not built)
- linux-2.6 <not-affected> (Affected code not present yet)
NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b5e2f339865fb443107e5b10603e53bbc92dc054
NOTE: Not enabled in Debian kernels; staging drivers are not supported
@@ -68347,9 +68354,8 @@
- lighttpd 1.4.31-2
[squeeze] - lighttpd <not-affected> (Introduced in 1.4.31)
CVE-2012-5532 (The main function in tools/hv/hv_kvp_daemon.c in hypervkvpd, as ...)
- - linux 3.8.11-1 (unimportant)
+ - linux-tools <not-affected> (userspace daemon not built until later)
- linux-2.6 <not-affected> (userspace daemon not yet present)
- NOTE: hyperv tools are not build in sid
CVE-2012-5531 (Multiple cross-site scripting (XSS) vulnerabilities in the GateIn ...)
NOT-FOR-US: GateIn Portal
CVE-2012-5530 (The (1) pcmd and (2) pmlogger init scripts in Performance Co-Pilot ...)
More information about the Secure-testing-commits
mailing list