[kernel-sec-discuss] r2637 - active retired
Ben Hutchings
benh at alioth.debian.org
Mon Mar 12 03:20:34 UTC 2012
Author: benh
Date: 2012-03-12 03:20:33 +0000 (Mon, 12 Mar 2012)
New Revision: 2637
Added:
retired/CVE-2011-1576
retired/CVE-2011-2203
retired/CVE-2011-3638
retired/CVE-2011-4097
retired/CVE-2011-4127
retired/CVE-2011-4132
retired/CVE-2011-4330
retired/CVE-2011-4611
retired/CVE-2012-0028
Removed:
active/CVE-2011-1576
active/CVE-2011-2203
active/CVE-2011-3638
active/CVE-2011-4097
active/CVE-2011-4127
active/CVE-2011-4132
active/CVE-2011-4330
active/CVE-2011-4611
active/CVE-2012-0028
Log:
Retire issues marked as N/A, released or ignored in all branches
Deleted: active/CVE-2011-1576
===================================================================
--- active/CVE-2011-1576 2012-03-12 03:18:22 UTC (rev 2636)
+++ active/CVE-2011-1576 2012-03-12 03:20:33 UTC (rev 2637)
@@ -1,10 +0,0 @@
-References:
-Notes:
- jmm> https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-1576
- jmm> Coulnd't find the patch, pinged Red Hat
-Bugs:
-upstream: N/A "This issue does not affect the upstream kernel as the code path in question is no longer reachable due to changes in the VLAN subsystem."
-2.6.32-upstream-stable: released (2.6.32.50) [5aff28abc7e0ec1ddd562372ae4fa01e8e4d4073]
-sid: N/A "This issue does not affect the upstream kernel as the code path in question is no longer reachable due to changes in the VLAN subsystem."
-2.6.26-lenny-security: N/A "code not present"
-2.6.32-squeeze-security: released (2.6.32-35squeeze1) [bugfix/all/net-fix-memory-leak+corruption-on-VLAN-GRO_DROP.patch]
Deleted: active/CVE-2011-2203
===================================================================
--- active/CVE-2011-2203 2012-03-12 03:18:22 UTC (rev 2636)
+++ active/CVE-2011-2203 2012-03-12 03:20:33 UTC (rev 2637)
@@ -1,12 +0,0 @@
-Description: HFS NULL deref
-References:
- https://bugzilla.redhat.com/show_bug.cgi?id=712774
- https://lkml.org/lkml/2011/6/8/154
- http://thread.gmane.org/gmane.linux.kernel/1191663
-Notes:
-Bugs:
-upstream: released (3.2-rc1) [434a964daa14b9db083ce20404a4a2add54d037a]
-2.6.32-upstream-stable: released (2.6.32.51)
-sid: released (3.1.1-1)
-2.6.26-lenny-security: released (2.6.26-28) [bugfix/all/hfs-fix-hfs_find_init-ext_tree-NULL-ptr-oops.patch]
-2.6.32-squeeze-security: released (2.6.32-40)
Deleted: active/CVE-2011-3638
===================================================================
--- active/CVE-2011-3638 2012-03-12 03:18:22 UTC (rev 2636)
+++ active/CVE-2011-3638 2012-03-12 03:20:33 UTC (rev 2637)
@@ -1,10 +0,0 @@
-Description: ext4: ext4_ext_insert_extent() DoS
-References:
-Notes:
- jmm> Introduced in 2.6.23
-Bugs:
-upstream: released (3.0) [667eff35a1f56fa74ce98a0c7c29a40adc1ba4e3]
-2.6.32-upstream-stable: released (2.6.32.47) [177353670085c14e1d358db8bf812bd72a9268c7]
-sid: released (3.0-1)
-2.6.26-lenny-security: ignored "end of life"
-2.6.32-squeeze-security: released (2.6.32-40) [bugfix/all/stable/2.6.32.47.patch]
Deleted: active/CVE-2011-4097
===================================================================
--- active/CVE-2011-4097 2012-03-12 03:18:22 UTC (rev 2636)
+++ active/CVE-2011-4097 2012-03-12 03:20:33 UTC (rev 2637)
@@ -1,10 +0,0 @@
-Description: oom: fix integer overflow of points in oom_badness
-References:
- https://lkml.org/lkml/2011/10/31/138
-Notes:
-Bugs:
-upstream: released (3.2-rc7) [ff05b6f7ae762b6eb464183eec994b28ea09f6dd]
-2.6.32-upstream-stable: N/A "Introduced in 2.6.39"
-sid: released (3.0.0-6) [bugfix/all/oom-fix-integer-overflow-of-points-in-oom_badness.patch]
-2.6.26-lenny-security: N/A "Introduced in 2.6.39"
-2.6.32-squeeze-security: N/A "Introduced in 2.6.39"
Deleted: active/CVE-2011-4127
===================================================================
--- active/CVE-2011-4127 2012-03-12 03:18:22 UTC (rev 2636)
+++ active/CVE-2011-4127 2012-03-12 03:20:33 UTC (rev 2637)
@@ -1,11 +0,0 @@
-Description: possible privilege escalation via SG_IO ioctl
-References:
- https://lkml.org/lkml/2011/12/22/270
- https://bugzilla.redhat.com/show_bug.cgi?id=752375
-Notes:
-Bugs:
-upstream: released (3.3-rc1) [577ebb374c78314ac4617242f509e2f5e7156649, 0bfc96cb77224736dfa35c3c555d37b3646ef35e, ec8013beddd717d1740cfefb1a9b900deef85462]
-2.6.32-upstream-stable: released (2.6.32.56)
-sid: released (3.1.8-1)
-2.6.32-squeeze-security: released (2.6.32-39squeeze1) [bugfix/all/add-scsi_cmd_blk_ioctl-wrapper.patch, bugfix/all/limit-ioctls-forwarded-to-non-scsi-devices.patch, bugfix/all/treat-lvs-on-one-pv-like-a-partition.patch]
-2.6.26-lenny-security: released (2.6.26-28) [bugfix/all/block-add-and-use-scsi_blk_cmd_ioctl.patch, bugfix/all/block-fail-SCSI-passthrough-ioctls-on-partition-devices.patch, bugfix/all/dm-do-not-forward-ioctls-from-logical-volumes-to-the-underlying-device.patch]
Deleted: active/CVE-2011-4132
===================================================================
--- active/CVE-2011-4132 2012-03-12 03:18:22 UTC (rev 2636)
+++ active/CVE-2011-4132 2012-03-12 03:20:33 UTC (rev 2637)
@@ -1,10 +0,0 @@
-Description: jbd/jbd2: invalid value of first log block leads to oops
-References:
-Notes:
- jmm> Submitted for 2.6.32.x
-Bugs:
-upstream: released (3.2-rc2) [8762202dd0d6e46854f786bdb6fb3780a1625efe]
-2.6.32-upstream-stable: released (2.6.32.51)
-sid: released (3.1.6-1)
-2.6.26-lenny-security: released (2.6.26-28) [bugfix/all/jbd,jb2-validate-sb-s_first-in-journal_get_superblock.patch]
-2.6.32-squeeze-security: released (2.6.32-40)
Deleted: active/CVE-2011-4330
===================================================================
--- active/CVE-2011-4330 2012-03-12 03:18:22 UTC (rev 2636)
+++ active/CVE-2011-4330 2012-03-12 03:20:33 UTC (rev 2637)
@@ -1,9 +0,0 @@
-Description: hfs: add sanity check for file name length
-References:
-Notes:
-Bugs:
-upstream: released (3.2-rc3) [bc5b8a9003132ae44559edd63a1623]
-2.6.32-upstream-stable: released (2.6.32.49)
-sid: released (3.1.4-1)
-2.6.26-lenny-security: released (2.6.26-28) [bugfix/all/hfs-add-sanity-check-for-file-name-length.patch]
-2.6.32-squeeze-security: released (2.6.32-40) [bugfix/all/stable/2.6.32.49.patch]
Deleted: active/CVE-2011-4611
===================================================================
--- active/CVE-2011-4611 2012-03-12 03:18:22 UTC (rev 2636)
+++ active/CVE-2011-4611 2012-03-12 03:20:33 UTC (rev 2637)
@@ -1,12 +0,0 @@
-Description: perf, powerpc: Handle events that raise an exception without overflowing
-References:
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4611
-Notes:
- jmm> Additional to what's in RH this also seems to need ad5d5292f16c6c1d7d3e257c4c7407594286b97e
- jmm> and d819437156fd99da61d4e1402b2dbfc5cc472265 from 3.0
-Bugs:
-upstream: released (3.0) [0837e3242c73566fc1c0196b4ec61779c25ffc93, ad5d5292f16c6c1d7d3e257c4c7407594286b97e, d819437156fd99da61d4e1402b2dbfc5cc472265]
-2.6.32-upstream-stable: released (2.6.32.42) [3a579b0ce569d5738120d74bdcc8f76b740c97c4,24fb3f4cf3de9955eae325d421047c0f2dd6b48f]
-sid: released (3.0.0-1)
-2.6.26-lenny-security: ignored "end of life"
-2.6.32-squeeze-security: released (2.6.32-36) [bugfix/all/stable/2.6.32.34.patch, bugfix/all/stable/2.6.32.34.patch]
Deleted: active/CVE-2012-0028
===================================================================
--- active/CVE-2012-0028 2012-03-12 03:18:22 UTC (rev 2636)
+++ active/CVE-2012-0028 2012-03-12 03:20:33 UTC (rev 2637)
@@ -1,10 +0,0 @@
-Description: futex: clear robust_list on execve
-References:
- https://bugzilla.redhat.com/show_bug.cgi?id=771764
-Notes:
-Bugs:
-upstream: released (2.6.32) [8141c7f3e7aee618312fa1c15109e1219de784a7, fc6b177dee33365ccb29fe6d2092223cf8d679f9]
-2.6.32-upstream-stable: N/A "Fixed before initial release"
-sid: released (2.6.32-1)
-2.6.26-lenny-security: released (2.6.26-28) [bugfix/all/move-exit_robust_list-into-mm_release.patch, bugfix/all/futex-nullify-robust-lists-after-cleanup.patch]
-2.6.32-squeeze-security: N/A "Fixed before initial release"
Copied: retired/CVE-2011-1576 (from rev 2632, active/CVE-2011-1576)
===================================================================
--- retired/CVE-2011-1576 (rev 0)
+++ retired/CVE-2011-1576 2012-03-12 03:20:33 UTC (rev 2637)
@@ -0,0 +1,10 @@
+References:
+Notes:
+ jmm> https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-1576
+ jmm> Coulnd't find the patch, pinged Red Hat
+Bugs:
+upstream: N/A "This issue does not affect the upstream kernel as the code path in question is no longer reachable due to changes in the VLAN subsystem."
+2.6.32-upstream-stable: released (2.6.32.50) [5aff28abc7e0ec1ddd562372ae4fa01e8e4d4073]
+sid: N/A "This issue does not affect the upstream kernel as the code path in question is no longer reachable due to changes in the VLAN subsystem."
+2.6.26-lenny-security: N/A "code not present"
+2.6.32-squeeze-security: released (2.6.32-35squeeze1) [bugfix/all/net-fix-memory-leak+corruption-on-VLAN-GRO_DROP.patch]
Copied: retired/CVE-2011-2203 (from rev 2630, active/CVE-2011-2203)
===================================================================
--- retired/CVE-2011-2203 (rev 0)
+++ retired/CVE-2011-2203 2012-03-12 03:20:33 UTC (rev 2637)
@@ -0,0 +1,12 @@
+Description: HFS NULL deref
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=712774
+ https://lkml.org/lkml/2011/6/8/154
+ http://thread.gmane.org/gmane.linux.kernel/1191663
+Notes:
+Bugs:
+upstream: released (3.2-rc1) [434a964daa14b9db083ce20404a4a2add54d037a]
+2.6.32-upstream-stable: released (2.6.32.51)
+sid: released (3.1.1-1)
+2.6.26-lenny-security: released (2.6.26-28) [bugfix/all/hfs-fix-hfs_find_init-ext_tree-NULL-ptr-oops.patch]
+2.6.32-squeeze-security: released (2.6.32-40)
Copied: retired/CVE-2011-3638 (from rev 2633, active/CVE-2011-3638)
===================================================================
--- retired/CVE-2011-3638 (rev 0)
+++ retired/CVE-2011-3638 2012-03-12 03:20:33 UTC (rev 2637)
@@ -0,0 +1,10 @@
+Description: ext4: ext4_ext_insert_extent() DoS
+References:
+Notes:
+ jmm> Introduced in 2.6.23
+Bugs:
+upstream: released (3.0) [667eff35a1f56fa74ce98a0c7c29a40adc1ba4e3]
+2.6.32-upstream-stable: released (2.6.32.47) [177353670085c14e1d358db8bf812bd72a9268c7]
+sid: released (3.0-1)
+2.6.26-lenny-security: ignored "end of life"
+2.6.32-squeeze-security: released (2.6.32-40) [bugfix/all/stable/2.6.32.47.patch]
Copied: retired/CVE-2011-4097 (from rev 2634, active/CVE-2011-4097)
===================================================================
--- retired/CVE-2011-4097 (rev 0)
+++ retired/CVE-2011-4097 2012-03-12 03:20:33 UTC (rev 2637)
@@ -0,0 +1,10 @@
+Description: oom: fix integer overflow of points in oom_badness
+References:
+ https://lkml.org/lkml/2011/10/31/138
+Notes:
+Bugs:
+upstream: released (3.2-rc7) [ff05b6f7ae762b6eb464183eec994b28ea09f6dd]
+2.6.32-upstream-stable: N/A "Introduced in 2.6.39"
+sid: released (3.0.0-6) [bugfix/all/oom-fix-integer-overflow-of-points-in-oom_badness.patch]
+2.6.26-lenny-security: N/A "Introduced in 2.6.39"
+2.6.32-squeeze-security: N/A "Introduced in 2.6.39"
Copied: retired/CVE-2011-4127 (from rev 2631, active/CVE-2011-4127)
===================================================================
--- retired/CVE-2011-4127 (rev 0)
+++ retired/CVE-2011-4127 2012-03-12 03:20:33 UTC (rev 2637)
@@ -0,0 +1,11 @@
+Description: possible privilege escalation via SG_IO ioctl
+References:
+ https://lkml.org/lkml/2011/12/22/270
+ https://bugzilla.redhat.com/show_bug.cgi?id=752375
+Notes:
+Bugs:
+upstream: released (3.3-rc1) [577ebb374c78314ac4617242f509e2f5e7156649, 0bfc96cb77224736dfa35c3c555d37b3646ef35e, ec8013beddd717d1740cfefb1a9b900deef85462]
+2.6.32-upstream-stable: released (2.6.32.56)
+sid: released (3.1.8-1)
+2.6.32-squeeze-security: released (2.6.32-39squeeze1) [bugfix/all/add-scsi_cmd_blk_ioctl-wrapper.patch, bugfix/all/limit-ioctls-forwarded-to-non-scsi-devices.patch, bugfix/all/treat-lvs-on-one-pv-like-a-partition.patch]
+2.6.26-lenny-security: released (2.6.26-28) [bugfix/all/block-add-and-use-scsi_blk_cmd_ioctl.patch, bugfix/all/block-fail-SCSI-passthrough-ioctls-on-partition-devices.patch, bugfix/all/dm-do-not-forward-ioctls-from-logical-volumes-to-the-underlying-device.patch]
Copied: retired/CVE-2011-4132 (from rev 2630, active/CVE-2011-4132)
===================================================================
--- retired/CVE-2011-4132 (rev 0)
+++ retired/CVE-2011-4132 2012-03-12 03:20:33 UTC (rev 2637)
@@ -0,0 +1,10 @@
+Description: jbd/jbd2: invalid value of first log block leads to oops
+References:
+Notes:
+ jmm> Submitted for 2.6.32.x
+Bugs:
+upstream: released (3.2-rc2) [8762202dd0d6e46854f786bdb6fb3780a1625efe]
+2.6.32-upstream-stable: released (2.6.32.51)
+sid: released (3.1.6-1)
+2.6.26-lenny-security: released (2.6.26-28) [bugfix/all/jbd,jb2-validate-sb-s_first-in-journal_get_superblock.patch]
+2.6.32-squeeze-security: released (2.6.32-40)
Copied: retired/CVE-2011-4330 (from rev 2630, active/CVE-2011-4330)
===================================================================
--- retired/CVE-2011-4330 (rev 0)
+++ retired/CVE-2011-4330 2012-03-12 03:20:33 UTC (rev 2637)
@@ -0,0 +1,9 @@
+Description: hfs: add sanity check for file name length
+References:
+Notes:
+Bugs:
+upstream: released (3.2-rc3) [bc5b8a9003132ae44559edd63a1623]
+2.6.32-upstream-stable: released (2.6.32.49)
+sid: released (3.1.4-1)
+2.6.26-lenny-security: released (2.6.26-28) [bugfix/all/hfs-add-sanity-check-for-file-name-length.patch]
+2.6.32-squeeze-security: released (2.6.32-40) [bugfix/all/stable/2.6.32.49.patch]
Copied: retired/CVE-2011-4611 (from rev 2630, active/CVE-2011-4611)
===================================================================
--- retired/CVE-2011-4611 (rev 0)
+++ retired/CVE-2011-4611 2012-03-12 03:20:33 UTC (rev 2637)
@@ -0,0 +1,12 @@
+Description: perf, powerpc: Handle events that raise an exception without overflowing
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4611
+Notes:
+ jmm> Additional to what's in RH this also seems to need ad5d5292f16c6c1d7d3e257c4c7407594286b97e
+ jmm> and d819437156fd99da61d4e1402b2dbfc5cc472265 from 3.0
+Bugs:
+upstream: released (3.0) [0837e3242c73566fc1c0196b4ec61779c25ffc93, ad5d5292f16c6c1d7d3e257c4c7407594286b97e, d819437156fd99da61d4e1402b2dbfc5cc472265]
+2.6.32-upstream-stable: released (2.6.32.42) [3a579b0ce569d5738120d74bdcc8f76b740c97c4,24fb3f4cf3de9955eae325d421047c0f2dd6b48f]
+sid: released (3.0.0-1)
+2.6.26-lenny-security: ignored "end of life"
+2.6.32-squeeze-security: released (2.6.32-36) [bugfix/all/stable/2.6.32.34.patch, bugfix/all/stable/2.6.32.34.patch]
Copied: retired/CVE-2012-0028 (from rev 2630, active/CVE-2012-0028)
===================================================================
--- retired/CVE-2012-0028 (rev 0)
+++ retired/CVE-2012-0028 2012-03-12 03:20:33 UTC (rev 2637)
@@ -0,0 +1,10 @@
+Description: futex: clear robust_list on execve
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=771764
+Notes:
+Bugs:
+upstream: released (2.6.32) [8141c7f3e7aee618312fa1c15109e1219de784a7, fc6b177dee33365ccb29fe6d2092223cf8d679f9]
+2.6.32-upstream-stable: N/A "Fixed before initial release"
+sid: released (2.6.32-1)
+2.6.26-lenny-security: released (2.6.26-28) [bugfix/all/move-exit_robust_list-into-mm_release.patch, bugfix/all/futex-nullify-robust-lists-after-cleanup.patch]
+2.6.32-squeeze-security: N/A "Fixed before initial release"
More information about the kernel-sec-discuss
mailing list