[kernel-sec-discuss] r4430 - active
Ben Hutchings
benh at moszumanska.debian.org
Sat Jun 11 00:22:25 UTC 2016
Author: benh
Date: 2016-06-11 00:22:20 +0000 (Sat, 11 Jun 2016)
New Revision: 4430
Modified:
active/CVE-2016-0758
active/CVE-2016-2117
active/CVE-2016-2187
active/CVE-2016-3070
active/CVE-2016-3961
active/CVE-2016-4485
active/CVE-2016-4486
active/CVE-2016-4565
active/CVE-2016-4580
active/CVE-2016-4581
active/CVE-2016-4913
Log:
Mark issues pending for {3.2,3.16}-upstream-stable
Modified: active/CVE-2016-0758
===================================================================
--- active/CVE-2016-0758 2016-06-10 06:45:29 UTC (rev 4429)
+++ active/CVE-2016-0758 2016-06-11 00:22:20 UTC (rev 4430)
@@ -5,7 +5,7 @@
Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1300257
upstream: released (4.6) [23c8a812dc3c621009e4f0e5342aa4e2ede1ceaa]
-3.16-upstream-stable: needed
+3.16-upstream-stable: pending (3.16.36) [keys-fix-asn.1-indefinite-length-object-parsing.patch]
3.2-upstream-stable: N/A "Vulnerable code introduced by 42d5ec27f873c654a68f7f865dcd7737513e9508 (3.10-rc1)
sid: released (4.5.4-1) [bugfix/all/KEYS-Fix-ASN.1-indefinite-length-object-parsing.patch]
3.16-jessie-security: N/A "Vulnerable code is not built"
Modified: active/CVE-2016-2117
===================================================================
--- active/CVE-2016-2117 2016-06-10 06:45:29 UTC (rev 4429)
+++ active/CVE-2016-2117 2016-06-11 00:22:20 UTC (rev 4430)
@@ -6,7 +6,7 @@
Notes:
Bugs:
upstream: released (4.6-rc5) [f43bfaeddc79effbf3d0fcb53ca477cca66f3db8]
-3.16-upstream-stable: needed
+3.16-upstream-stable: pending (3.16.36) [atl2-disable-unimplemented-scatter-gather-feature.patch]
3.2-upstream-stable: N/A ("scatter/gather cannot be enabled")
sid: released (4.5.2-1) [bugfix/all/atl2-disable-unimplemented-scatter-gather-feature.patch]
3.16-jessie-security: pending (3.16.7-ckt25-2+deb8u1) [bugfix/all/atl2-disable-unimplemented-scatter-gather-feature.patch]
Modified: active/CVE-2016-2187
===================================================================
--- active/CVE-2016-2187 2016-06-10 06:45:29 UTC (rev 4429)
+++ active/CVE-2016-2187 2016-06-11 00:22:20 UTC (rev 4430)
@@ -4,8 +4,8 @@
Notes:
Bugs:
upstream: released (4.6-rc5) [162f98dea487206d9ab79fc12ed64700667a894d]
-3.16-upstream-stable: needed
-3.2-upstream-stable: needed
+3.16-upstream-stable: pending (3.16.36) [input-gtco-fix-crash-on-detecting-device-without-endpoints.patch]
+3.2-upstream-stable: pending (3.2.81) [input-gtco-fix-crash-on-detecting-device-without-endpoints.patch]
sid: released (4.5.2-1) [bugfix/all/input-gtco-fix-crash-on-detecting-device-without-end.patch]
3.16-jessie-security: needed
3.2-wheezy-security: needed
Modified: active/CVE-2016-3070
===================================================================
--- active/CVE-2016-3070 2016-06-10 06:45:29 UTC (rev 4429)
+++ active/CVE-2016-3070 2016-06-11 00:22:20 UTC (rev 4430)
@@ -7,7 +7,7 @@
bwh> -> account_page_dirtied() -> trace_writeback_dirty_page()
Bugs:
upstream: released (4.4-rc1) [42cb14b110a5698ccf26ce59c4441722605a3743]
-3.16-upstream-stable: needed
+3.16-upstream-stable: pending (3.16.36) [mm-migrate-dirty-page-without-clear_page_dirty_for_io-etc.patch]
3.2-upstream-stable: N/A ("Vulnerable code not present")
sid: released (4.4.2-1)
3.16-jessie-security: needed
Modified: active/CVE-2016-3961
===================================================================
--- active/CVE-2016-3961 2016-06-10 06:45:29 UTC (rev 4429)
+++ active/CVE-2016-3961 2016-06-11 00:22:20 UTC (rev 4430)
@@ -4,8 +4,8 @@
Notes:
Bugs:
upstream: released (4.6-rc5) [103f6112f253017d7062cd74d17f4a514ed4485c]
-3.16-upstream-stable: needed
-3.2-upstream-stable: needed
+3.16-upstream-stable: pending (3.16.36) [mm-hugetlb-allow-hugepages_supported-to-be-architecture-specific.patch, x86-mm-xen-suppress-hugetlbfs-in-pv-guests.patch]
+3.2-upstream-stable: pending (3.2.81) [hugetlb-ensure-hugepage-access-is-denied-if-hugepages-are-not.patch, mm-hugetlb-allow-hugepages_supported-to-be-architecture-specific.patch, x86-mm-xen-suppress-hugetlbfs-in-pv-guests.patch]
sid: released (4.5.2-1) [bugfix/x86/x86-xen-suppress-hugetlbfs-in-PV-guests.patch]
3.16-jessie-security: pending (3.16.7-ckt25-2+deb8u1) [bugfix/all/mm-hugetlb-allow-hugepages_supported-to-be-architect.patch, bugfix/x86/x86-mm-xen-Suppress-hugetlbfs-in-PV-guests.patch]
3.2-wheezy-security: pending (3.2.80-1) [bugfix/all/hugetlb-ensure-hugepage-access-is-denied-if-hugepages-are-not.patch, bugfix/all/mm-hugetlb-allow-hugepages_supported-to-be-architect.patch, bugfix/x86/x86-mm-xen-Suppress-hugetlbfs-in-PV-guests.patch]
Modified: active/CVE-2016-4485
===================================================================
--- active/CVE-2016-4485 2016-06-10 06:45:29 UTC (rev 4429)
+++ active/CVE-2016-4485 2016-06-11 00:22:20 UTC (rev 4430)
@@ -3,8 +3,8 @@
Notes:
Bugs:
upstream: released (4.6) [b8670c09f37bdf2847cc44f36511a53afc6161fd]
-3.16-upstream-stable: needed
-3.2-upstream-stable: needed
+3.16-upstream-stable: pending (3.16.36) [net-fix-infoleak-in-llc.patch]
+3.2-upstream-stable: pending (3.2.81) [net-fix-infoleak-in-llc.patch]
sid: released (4.5.4-1) [bugfix/all/net-fix-infoleak-in-llc.patch]
3.16-jessie-security: needed
3.2-wheezy-security: needed
Modified: active/CVE-2016-4486
===================================================================
--- active/CVE-2016-4486 2016-06-10 06:45:29 UTC (rev 4429)
+++ active/CVE-2016-4486 2016-06-11 00:22:20 UTC (rev 4430)
@@ -3,8 +3,8 @@
Notes:
Bugs:
upstream: released (4.6) [5f8e44741f9f216e33736ea4ec65ca9ac03036e6]
-3.16-upstream-stable: needed
-3.2-upstream-stable: needed
+3.16-upstream-stable: pending (3.16.36) [net-fix-infoleak-in-rtnetlink.patch]
+3.2-upstream-stable: pending (3.2.81) [net-fix-infoleak-in-rtnetlink.patch]
sid: released (4.5.4-1) [bugfix/all/net-fix-infoleak-in-rtnetlink.patch]
3.16-jessie-security: needed
3.2-wheezy-security: needed
Modified: active/CVE-2016-4565
===================================================================
--- active/CVE-2016-4565 2016-06-10 06:45:29 UTC (rev 4429)
+++ active/CVE-2016-4565 2016-06-11 00:22:20 UTC (rev 4430)
@@ -3,8 +3,8 @@
Notes:
Bugs:
upstream: released (4.6-rc6) [e6bd18f57aad1a2d1ef40e646d03ed0f2515c9e3]
-3.16-upstream-stable: needed
-3.2-upstream-stable: needed
+3.16-upstream-stable: pending (3.16.36) [ib-security-restrict-use-of-the-write-interface.patch]
+3.2-upstream-stable: pending (3.2.81) [ib-security-restrict-use-of-the-write-interface.patch]
sid: released (4.5.3-1)
3.16-jessie-security: needed
3.2-wheezy-security: needed
Modified: active/CVE-2016-4580
===================================================================
--- active/CVE-2016-4580 2016-06-10 06:45:29 UTC (rev 4429)
+++ active/CVE-2016-4580 2016-06-11 00:22:20 UTC (rev 4430)
@@ -4,8 +4,8 @@
For 4.5.x fixed in f7ee286fab0b55bf5908978c94e50d52e627b3ac
Bugs:
upstream: released (4.6) [79e48650320e6fba48369fccf13fd045315b19b8]
-3.16-upstream-stable:
-3.2-upstream-stable:
+3.16-upstream-stable: pending (3.16.36) [net-fix-a-kernel-infoleak-in-x25-module.patch]
+3.2-upstream-stable: pending (3.2.81) [net-fix-a-kernel-infoleak-in-x25-module.patch]
sid: released (4.5.5-1)
3.16-jessie-security:
3.2-wheezy-security:
Modified: active/CVE-2016-4581
===================================================================
--- active/CVE-2016-4581 2016-06-10 06:45:29 UTC (rev 4429)
+++ active/CVE-2016-4581 2016-06-11 00:22:20 UTC (rev 4430)
@@ -3,8 +3,8 @@
Notes:
Bugs:
upstream: released (4.6-rc7) [5ec0811d30378ae104f250bfc9b3640242d81e3f]
-3.16-upstream-stable: needed
+3.16-upstream-stable: pending (3.16.36) [fs-pnode.c-treat-zero-mnt_group_id-s-as-unequal.patch, propogate_mnt-handle-the-first-propogated-copy-being-a-slave.patch]
3.2-upstream-stable: N/A "Vulnerable code introduced with f2ebb3a921c1ca1e2ddd9242e95a1989a50c4c68 (3.15-rc1)"
sid: released (4.5.4-1)
-3.16-jessie-security: pending (3.16.7-ckt25-2+deb8u1) [bugfix/all/propogate_mnt-Handle-the-first-propogated-copy-being.patch]
+3.16-jessie-security: pending (3.16.7-ckt25-2+deb8u1) [bugfix/all/fs-pnode.c-treat-zero-mnt_group_id-s-as-unequal.patch, bugfix/all/propogate_mnt-Handle-the-first-propogated-copy-being.patch]
3.2-wheezy-security: N/A "Vulnerable code not present"
Modified: active/CVE-2016-4913
===================================================================
--- active/CVE-2016-4913 2016-06-10 06:45:29 UTC (rev 4429)
+++ active/CVE-2016-4913 2016-06-11 00:22:20 UTC (rev 4430)
@@ -3,8 +3,8 @@
Notes:
Bugs:
upstream: released (4.6) [99d825822eade8d827a1817357cbf3f889a552d6]
-3.16-upstream-stable: needed
-3.2-upstream-stable: needed
+3.16-upstream-stable: pending (3.16.36) [get_rock_ridge_filename-handle-malformed-nm-entries.patch]
+3.2-upstream-stable: pending (3.2.81) [get_rock_ridge_filename-handle-malformed-nm-entries.patch]
sid: released (4.5.4-1) [bugfix/all/get_rock_ridge_filename-handle-malformed-nm-entries.patch]
3.16-jessie-security: pending (3.16.7-ckt25-2+deb8u1) [bugfix/all/get_rock_ridge_filename-handle-malformed-NM-entries.patch]
3.2-wheezy-security: pending (3.2.80-1) [bugfix/all/get_rock_ridge_filename-handle-malformed-NM-entries.patch]
More information about the kernel-sec-discuss
mailing list