[kernel-sec-discuss] r3663 - active

[Ben Hutchings]

Author: benh
Date: 2015-01-30 05:29:56 +0000 (Fri, 30 Jan 2015)
New Revision: 3663

Modified:
   active/CVE-2014-9419
   active/CVE-2015-1421
Log:
Mark issues pending for 2.6.32

Modified: active/CVE-2014-9419
===================================================================
--- active/CVE-2014-9419	2015-01-29 18:07:10 UTC (rev 3662)
+++ active/CVE-2014-9419	2015-01-30 05:29:56 UTC (rev 3663)
@@ -1,15 +1,14 @@
 Description: x86_64: userspace address leak
 References:
 Notes:
- bwh> This depends on fixes to FPU context management that have not been
- bwh> applied to 2.6.32.y.  We probably can't fix it there, except by
- bwh> picking only commit b3b0870ef3ff ("i387: do not preload FPU state at
- bwh> task switch time") which will hurt FP performance.
+ bwh> This depends on fixes to FPU/SSE state management from Linux 3.3
+ bwh> and earlier that have not been applied to 2.6.32.y.  It seemed like
+ bwh> a good idea to apply those fixes anyway, so I'm trying that.
 Bugs:
 upstream: released (v3.19-rc1) [f647d7c155f069c1a068030255c300663516420e]
 2.6.32-upstream-stable: needed
 sid: released (3.16.7-ckt4-1)
 3.2-wheezy-security: released (3.2.65-1+deb7u1) [bugfix/x86/x86_64-switch_to-load-tls-descriptors-before-switchi.patch]
-2.6.32-squeeze-security: needed
+2.6.32-squeeze-security: pending (2.6.32-48squeeze11) [bugfix/x86/x86_64-switch_to-load-tls-descriptors-before-switchi.patch]
 3.16-upstream-stable: released (3.16.7-ckt4)
 3.2-upstream-stable:

Modified: active/CVE-2015-1421
===================================================================
--- active/CVE-2015-1421	2015-01-29 18:07:10 UTC (rev 3662)
+++ active/CVE-2015-1421	2015-01-30 05:29:56 UTC (rev 3663)
@@ -8,6 +8,6 @@
 2.6.32-upstream-stable: needed
 sid: needed
 3.2-wheezy-security: needed
-2.6.32-squeeze-security: needed
+2.6.32-squeeze-security: pending (2.6.32-48squeeze11) [bugfix/all/net-sctp-fix-slab-corruption-from-use-after-free-on-.patch]
 3.16-upstream-stable: needed
 3.2-upstream-stable: needed