[Secure-testing-commits] r36829 - in data: . CVE

Fri Sep 25 06:14:03 UTC 2015

Author: carnil
Date: 2015-09-25 06:14:03 +0000 (Fri, 25 Sep 2015)
New Revision: 36829

Modified:
   data/CVE/list
   data/next-oldstable-point-update.txt
Log:
Update some entries from r36824 and following

Rationale: if the source code is present in the source package but not
built or otherwise affecting the build, then it can be marked as
unimportant; not-affected if the vulnerable code is not present at all.

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2015-09-25 06:12:37 UTC (rev 36828)
+++ data/CVE/list	2015-09-25 06:14:03 UTC (rev 36829)
@@ -2478,7 +2478,6 @@
 	TODO: check
 CVE-2015-6526 (The perf_callchain_user_64 function in arch/powerpc/perf/callchain.c ...)
 	- linux 4.1.3-1
-	[wheezy] - linux 3.2.71-1
 	[jessie] - linux 3.16.7-ckt11-1
 	- linux-2.6 <removed>
 	[squeeze] - linux-2.6 <not-affected> (powerpc not supported in Squeeze LTS)
@@ -8428,20 +8427,23 @@
 CVE-2015-4005
 	RESERVED
 CVE-2015-4004 (The OZWPAN driver in the Linux kernel through 4.0.5 relies on an ...)
-	- linux <not-affected> (ozwpan driver not built)
+	- linux <unfixed> (unimportant)
+	NOTE: ozwpan driver not built
 	[wheezy] - linux <not-affected> (ozwpan driver not present)
 	- linux-2.6 <not-affected> (ozwpan driver not present)
 	NOTE: https://lkml.org/lkml/2015/5/13/739
 	NOTE: Not enabled in Debian kernels; staging drivers are not supported
 CVE-2015-4003 (The oz_usb_handle_ep_data function in ...)
-	- linux <not-affected> (ozwpan driver not built)
+	- linux <unfixed> (unimportant)
+	NOTE: ozwpan driver not built
 	[wheezy] - linux <not-affected> (ozwpan driver not present)
 	- linux-2.6 <not-affected> (ozwpan driver not present)
 	NOTE: https://lkml.org/lkml/2015/5/13/741
 	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=04bf464a5dfd9ade0dda918e44366c2c61fce80b (v4.1-rc7)
 	NOTE: Not enabled in Debian kernels; staging drivers are not supported
 CVE-2015-4002 (drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux ...)
-	- linux <not-affected> (ozwpan driver not built)
+	- linux <unfixed> (unimportant)
+	NOTE: ozwpan driver not built
 	[wheezy] - linux <not-affected> (ozwpan driver not present)
 	- linux-2.6 <not-affected> (ozwpan driver not present)
 	NOTE: https://lkml.org/lkml/2015/5/13/740
@@ -8450,7 +8452,8 @@
 	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9a59029bc218b48eff8b5d4dde5662fd79d3e1a8 (v4.1-rc7)
 	NOTE: Not enabled in Debian kernels; staging drivers are not supported
 CVE-2015-4001 (Integer signedness error in the oz_hcd_get_desc_cnf function in ...)
-	- linux <not-affected> (ozwpan driver not built)
+	- linux <unfixed> (unimportant)
+	NOTE: ozwpan driver not built
 	[wheezy] - linux <not-affected> (ozwpan driver not present)
 	- linux-2.6 <not-affected> (ozwpan driver not present)
 	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b1bb5b49373b61bf9d2c73a4d30058ba6f069e4c (v4.1-rc7)
@@ -53107,14 +53110,14 @@
 	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a8b33654b1e3b0c74d4a1fed041c9aae50b3c427
 	NOTE: Not enabled in Debian kernels; staging drivers are not supported
 CVE-2013-4515 (The bcm_char_ioctl function in drivers/staging/bcm/Bcmchar.c in the ...)
-	- linux <not-affected> (bcm driver not built)
-	[wheezy] - linux <not-affected> (bcm driver not built)
+	- linux 3.12-1 (unimportant)
+	NOTE: bcm driver not built
 	- linux-2.6 <not-affected> (Affected code not present yet)
 	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8d1e72250c847fa96498ec029891de4dc638a5ba
 	NOTE: Not enabled in Debian kernels; staging drivers are not supported
 CVE-2013-4514 (Multiple buffer overflows in drivers/staging/wlags49_h2/wl_priv.c in ...)
-	- linux <not-affected> (wlags49_h2 driver not built)
-	[wheezy] - linux <not-affected> (wlags49_h2 driver not built)
+	- linux 3.12-1 (unimportant)
+	NOTE: wlags49_h2 driver not built
 	- linux-2.6 <not-affected> (Affected code not present yet)
 	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b5e2f339865fb443107e5b10603e53bbc92dc054
 	NOTE: Not enabled in Debian kernels; staging drivers are not supported

Modified: data/next-oldstable-point-update.txt
===================================================================
--- data/next-oldstable-point-update.txt	2015-09-25 06:12:37 UTC (rev 36828)
+++ data/next-oldstable-point-update.txt	2015-09-25 06:14:03 UTC (rev 36829)
@@ -21,3 +21,5 @@
 	[wheezy] - pykerberos 1.1+svn4895-1+deb7u1
 CVE-2014-3956
 	[wheezy] - sendmail 8.14.4-4+deb7u1
+CVE-2015-6526
+	[wheezy] - linux 3.2.71-1


