[kernel-sec-discuss] r2308 - active
Dann Frazier
dannf at alioth.debian.org
Tue May 17 06:08:57 UTC 2011
Author: dannf
Date: 2011-05-17 06:08:55 +0000 (Tue, 17 May 2011)
New Revision: 2308
Added:
active/rose-CALL_REQUEST-length-checks
Modified:
active/CVE-2011-1493
Log:
Mitre considers this two issues, but only one has a CVE assigned
Modified: active/CVE-2011-1493
===================================================================
--- active/CVE-2011-1493 2011-05-17 00:43:33 UTC (rev 2307)
+++ active/CVE-2011-1493 2011-05-17 06:08:55 UTC (rev 2308)
@@ -2,10 +2,9 @@
Description: multiple missing input validation in ROSE
References:
Notes:
- jmm> Only be20 was merged into 2.6.32.37 and 2.6.38.3 stable
Bugs:
-upstream: released (2.6.39-rc1) [be20250c13f88375345ad99950190685eda51eb8, e0bccd315db0c2f919e7fcf9cb60db21d9986f52]
+upstream: released (2.6.39-rc1) [be20250c13f88375345ad99950190685eda51eb8]
2.6.32-upstream-stable: needed
linux-2.6: released (2.6.38-4) [bugfix/all/stable/2.6.38.3.patch]
2.6.26-lenny-security: needed
-2.6.32-squeeze-security: needed
\ No newline at end of file
+2.6.32-squeeze-security: needed
Added: active/rose-CALL_REQUEST-length-checks
===================================================================
--- active/rose-CALL_REQUEST-length-checks (rev 0)
+++ active/rose-CALL_REQUEST-length-checks 2011-05-17 06:08:55 UTC (rev 2308)
@@ -0,0 +1,14 @@
+Candidate:
+Description: rose: Add length checks to CALL_REQUEST parsing
+References:
+ http://marc.info/?l=linux-netdev&m=130063972406389&w=2
+Notes:
+ dannf> mitre decided this should be separate than CVE-2010-1493,
+ dannf> but CVE ID assignment is still pending:
+ http://www.openwall.com/lists/oss-security/2011/04/12/1
+Bugs:
+upstream: released (2.6.39-rc1) [e0bccd315db0c2f919e7fcf9cb60db21d9986f52]
+2.6.32-upstream-stable: needed
+linux-2.6:
+2.6.26-lenny-security: needed
+2.6.32-squeeze-security: needed
More information about the kernel-sec-discuss
mailing list