[kernel-sec-discuss] r4430 - active

Ben Hutchings benh at moszumanska.debian.org
Sat Jun 11 00:22:25 UTC 2016 

Author: benh
Date: 2016-06-11 00:22:20 +0000 (Sat, 11 Jun 2016)
New Revision: 4430

Modified:
   active/CVE-2016-0758
   active/CVE-2016-2117
   active/CVE-2016-2187
   active/CVE-2016-3070
   active/CVE-2016-3961
   active/CVE-2016-4485
   active/CVE-2016-4486
   active/CVE-2016-4565
   active/CVE-2016-4580
   active/CVE-2016-4581
   active/CVE-2016-4913
Log:
Mark issues pending for {3.2,3.16}-upstream-stable

Modified: active/CVE-2016-0758
===================================================================
--- active/CVE-2016-0758	2016-06-10 06:45:29 UTC (rev 4429)
+++ active/CVE-2016-0758	2016-06-11 00:22:20 UTC (rev 4430)
@@ -5,7 +5,7 @@
 Bugs:
  https://bugzilla.redhat.com/show_bug.cgi?id=1300257
 upstream: released (4.6) [23c8a812dc3c621009e4f0e5342aa4e2ede1ceaa]
-3.16-upstream-stable: needed
+3.16-upstream-stable: pending (3.16.36) [keys-fix-asn.1-indefinite-length-object-parsing.patch]
 3.2-upstream-stable: N/A "Vulnerable code introduced by 42d5ec27f873c654a68f7f865dcd7737513e9508 (3.10-rc1)
 sid: released (4.5.4-1) [bugfix/all/KEYS-Fix-ASN.1-indefinite-length-object-parsing.patch]
 3.16-jessie-security: N/A "Vulnerable code is not built"

Modified: active/CVE-2016-2117
===================================================================
--- active/CVE-2016-2117	2016-06-10 06:45:29 UTC (rev 4429)
+++ active/CVE-2016-2117	2016-06-11 00:22:20 UTC (rev 4430)
@@ -6,7 +6,7 @@
 Notes:
 Bugs:
 upstream: released (4.6-rc5) [f43bfaeddc79effbf3d0fcb53ca477cca66f3db8]
-3.16-upstream-stable: needed
+3.16-upstream-stable: pending (3.16.36) [atl2-disable-unimplemented-scatter-gather-feature.patch]
 3.2-upstream-stable: N/A ("scatter/gather cannot be enabled")
 sid: released (4.5.2-1) [bugfix/all/atl2-disable-unimplemented-scatter-gather-feature.patch]
 3.16-jessie-security: pending (3.16.7-ckt25-2+deb8u1) [bugfix/all/atl2-disable-unimplemented-scatter-gather-feature.patch]

Modified: active/CVE-2016-2187
===================================================================
--- active/CVE-2016-2187	2016-06-10 06:45:29 UTC (rev 4429)
+++ active/CVE-2016-2187	2016-06-11 00:22:20 UTC (rev 4430)
@@ -4,8 +4,8 @@
 Notes:
 Bugs:
 upstream: released (4.6-rc5) [162f98dea487206d9ab79fc12ed64700667a894d]
-3.16-upstream-stable: needed
-3.2-upstream-stable: needed
+3.16-upstream-stable: pending (3.16.36) [input-gtco-fix-crash-on-detecting-device-without-endpoints.patch]
+3.2-upstream-stable: pending (3.2.81) [input-gtco-fix-crash-on-detecting-device-without-endpoints.patch]
 sid: released (4.5.2-1) [bugfix/all/input-gtco-fix-crash-on-detecting-device-without-end.patch]
 3.16-jessie-security: needed
 3.2-wheezy-security: needed

Modified: active/CVE-2016-3070
===================================================================
--- active/CVE-2016-3070	2016-06-10 06:45:29 UTC (rev 4429)
+++ active/CVE-2016-3070	2016-06-11 00:22:20 UTC (rev 4430)
@@ -7,7 +7,7 @@
  bwh> -> account_page_dirtied() -> trace_writeback_dirty_page()
 Bugs:
 upstream: released (4.4-rc1) [42cb14b110a5698ccf26ce59c4441722605a3743]
-3.16-upstream-stable: needed
+3.16-upstream-stable: pending (3.16.36) [mm-migrate-dirty-page-without-clear_page_dirty_for_io-etc.patch]
 3.2-upstream-stable: N/A ("Vulnerable code not present")
 sid: released (4.4.2-1)
 3.16-jessie-security: needed

Modified: active/CVE-2016-3961
===================================================================
--- active/CVE-2016-3961	2016-06-10 06:45:29 UTC (rev 4429)
+++ active/CVE-2016-3961	2016-06-11 00:22:20 UTC (rev 4430)
@@ -4,8 +4,8 @@
 Notes:
 Bugs:
 upstream: released (4.6-rc5) [103f6112f253017d7062cd74d17f4a514ed4485c]
-3.16-upstream-stable: needed
-3.2-upstream-stable: needed
+3.16-upstream-stable: pending (3.16.36) [mm-hugetlb-allow-hugepages_supported-to-be-architecture-specific.patch, x86-mm-xen-suppress-hugetlbfs-in-pv-guests.patch]
+3.2-upstream-stable: pending (3.2.81) [hugetlb-ensure-hugepage-access-is-denied-if-hugepages-are-not.patch, mm-hugetlb-allow-hugepages_supported-to-be-architecture-specific.patch, x86-mm-xen-suppress-hugetlbfs-in-pv-guests.patch]
 sid: released (4.5.2-1) [bugfix/x86/x86-xen-suppress-hugetlbfs-in-PV-guests.patch]
 3.16-jessie-security: pending (3.16.7-ckt25-2+deb8u1) [bugfix/all/mm-hugetlb-allow-hugepages_supported-to-be-architect.patch, bugfix/x86/x86-mm-xen-Suppress-hugetlbfs-in-PV-guests.patch]
 3.2-wheezy-security: pending (3.2.80-1) [bugfix/all/hugetlb-ensure-hugepage-access-is-denied-if-hugepages-are-not.patch, bugfix/all/mm-hugetlb-allow-hugepages_supported-to-be-architect.patch, bugfix/x86/x86-mm-xen-Suppress-hugetlbfs-in-PV-guests.patch]

Modified: active/CVE-2016-4485
===================================================================
--- active/CVE-2016-4485	2016-06-10 06:45:29 UTC (rev 4429)
+++ active/CVE-2016-4485	2016-06-11 00:22:20 UTC (rev 4430)
@@ -3,8 +3,8 @@
 Notes:
 Bugs:
 upstream: released (4.6) [b8670c09f37bdf2847cc44f36511a53afc6161fd]
-3.16-upstream-stable: needed
-3.2-upstream-stable: needed
+3.16-upstream-stable: pending (3.16.36) [net-fix-infoleak-in-llc.patch]
+3.2-upstream-stable: pending (3.2.81) [net-fix-infoleak-in-llc.patch]
 sid: released (4.5.4-1) [bugfix/all/net-fix-infoleak-in-llc.patch]
 3.16-jessie-security: needed
 3.2-wheezy-security: needed

Modified: active/CVE-2016-4486
===================================================================
--- active/CVE-2016-4486	2016-06-10 06:45:29 UTC (rev 4429)
+++ active/CVE-2016-4486	2016-06-11 00:22:20 UTC (rev 4430)
@@ -3,8 +3,8 @@
 Notes:
 Bugs:
 upstream: released (4.6) [5f8e44741f9f216e33736ea4ec65ca9ac03036e6]
-3.16-upstream-stable: needed
-3.2-upstream-stable: needed
+3.16-upstream-stable: pending (3.16.36) [net-fix-infoleak-in-rtnetlink.patch]
+3.2-upstream-stable: pending (3.2.81) [net-fix-infoleak-in-rtnetlink.patch]
 sid: released (4.5.4-1) [bugfix/all/net-fix-infoleak-in-rtnetlink.patch]
 3.16-jessie-security: needed
 3.2-wheezy-security: needed

Modified: active/CVE-2016-4565
===================================================================
--- active/CVE-2016-4565	2016-06-10 06:45:29 UTC (rev 4429)
+++ active/CVE-2016-4565	2016-06-11 00:22:20 UTC (rev 4430)
@@ -3,8 +3,8 @@
 Notes:
 Bugs:
 upstream: released (4.6-rc6) [e6bd18f57aad1a2d1ef40e646d03ed0f2515c9e3]
-3.16-upstream-stable: needed
-3.2-upstream-stable: needed
+3.16-upstream-stable: pending (3.16.36) [ib-security-restrict-use-of-the-write-interface.patch]
+3.2-upstream-stable: pending (3.2.81) [ib-security-restrict-use-of-the-write-interface.patch]
 sid: released (4.5.3-1)
 3.16-jessie-security: needed
 3.2-wheezy-security: needed

Modified: active/CVE-2016-4580
===================================================================
--- active/CVE-2016-4580	2016-06-10 06:45:29 UTC (rev 4429)
+++ active/CVE-2016-4580	2016-06-11 00:22:20 UTC (rev 4430)
@@ -4,8 +4,8 @@
  For 4.5.x fixed in f7ee286fab0b55bf5908978c94e50d52e627b3ac
 Bugs:
 upstream: released (4.6) [79e48650320e6fba48369fccf13fd045315b19b8]
-3.16-upstream-stable:
-3.2-upstream-stable:
+3.16-upstream-stable: pending (3.16.36) [net-fix-a-kernel-infoleak-in-x25-module.patch]
+3.2-upstream-stable: pending (3.2.81) [net-fix-a-kernel-infoleak-in-x25-module.patch]
 sid: released (4.5.5-1)
 3.16-jessie-security:
 3.2-wheezy-security:

Modified: active/CVE-2016-4581
===================================================================
--- active/CVE-2016-4581	2016-06-10 06:45:29 UTC (rev 4429)
+++ active/CVE-2016-4581	2016-06-11 00:22:20 UTC (rev 4430)
@@ -3,8 +3,8 @@
 Notes:
 Bugs:
 upstream: released (4.6-rc7) [5ec0811d30378ae104f250bfc9b3640242d81e3f]
-3.16-upstream-stable: needed
+3.16-upstream-stable: pending (3.16.36) [fs-pnode.c-treat-zero-mnt_group_id-s-as-unequal.patch, propogate_mnt-handle-the-first-propogated-copy-being-a-slave.patch]
 3.2-upstream-stable: N/A "Vulnerable code introduced with f2ebb3a921c1ca1e2ddd9242e95a1989a50c4c68 (3.15-rc1)"
 sid: released (4.5.4-1)
-3.16-jessie-security: pending (3.16.7-ckt25-2+deb8u1) [bugfix/all/propogate_mnt-Handle-the-first-propogated-copy-being.patch]
+3.16-jessie-security: pending (3.16.7-ckt25-2+deb8u1) [bugfix/all/fs-pnode.c-treat-zero-mnt_group_id-s-as-unequal.patch, bugfix/all/propogate_mnt-Handle-the-first-propogated-copy-being.patch]
 3.2-wheezy-security: N/A "Vulnerable code not present"

Modified: active/CVE-2016-4913
===================================================================
--- active/CVE-2016-4913	2016-06-10 06:45:29 UTC (rev 4429)
+++ active/CVE-2016-4913	2016-06-11 00:22:20 UTC (rev 4430)
@@ -3,8 +3,8 @@
 Notes:
 Bugs:
 upstream: released (4.6) [99d825822eade8d827a1817357cbf3f889a552d6]
-3.16-upstream-stable: needed
-3.2-upstream-stable: needed
+3.16-upstream-stable: pending (3.16.36) [get_rock_ridge_filename-handle-malformed-nm-entries.patch]
+3.2-upstream-stable: pending (3.2.81) [get_rock_ridge_filename-handle-malformed-nm-entries.patch]
 sid: released (4.5.4-1) [bugfix/all/get_rock_ridge_filename-handle-malformed-nm-entries.patch]
 3.16-jessie-security: pending (3.16.7-ckt25-2+deb8u1) [bugfix/all/get_rock_ridge_filename-handle-malformed-NM-entries.patch]
 3.2-wheezy-security: pending (3.2.80-1) [bugfix/all/get_rock_ridge_filename-handle-malformed-NM-entries.patch]

More information about the kernel-sec-discuss mailing list