[kernel-sec-discuss] r5075 - active
Ben Hutchings
benh at moszumanska.debian.org
Tue Mar 14 14:27:10 UTC 2017
Author: benh
Date: 2017-03-14 14:27:10 +0000 (Tue, 14 Mar 2017)
New Revision: 5075
Modified:
active/CVE-2016-10044
active/CVE-2016-10200
active/CVE-2016-10208
active/CVE-2016-6213
active/CVE-2017-5967
Log:
Mark issues pending for jessie
Modified: active/CVE-2016-10044
===================================================================
--- active/CVE-2016-10044 2017-03-14 14:21:45 UTC (rev 5074)
+++ active/CVE-2016-10044 2017-03-14 14:27:10 UTC (rev 5075)
@@ -18,5 +18,5 @@
3.16-upstream-stable: needed
3.2-upstream-stable: ignored "changes required are too invasive"
sid: released (4.7.8-1)
-3.16-jessie-security: needed
+3.16-jessie-security: pending (3.16.39-1+deb8u3) [bugfix/all/aio-mark-aio-pseudo-fs-noexec.patch]
3.2-wheezy-security: ignored "changes required are too invasive"
Modified: active/CVE-2016-10200
===================================================================
--- active/CVE-2016-10200 2017-03-14 14:21:45 UTC (rev 5074)
+++ active/CVE-2016-10200 2017-03-14 14:27:10 UTC (rev 5075)
@@ -1,4 +1,4 @@
-Description:
+Description: Race in l2tp binding can lead to use-after-free
References:
Notes:
Bugs:
@@ -7,5 +7,5 @@
3.16-upstream-stable: released (3.16.40)
3.2-upstream-stable: needed
sid: released (4.8.15-1)
-3.16-jessie-security: needed
+3.16-jessie-security: pending (3.16.39-1+deb8u3) [bugfix/all/l2tp-fix-racy-sock_zapped-flag-check-in-l2tp_ip-6-_b.patch]
3.2-wheezy-security: needed
Modified: active/CVE-2016-10208
===================================================================
--- active/CVE-2016-10208 2017-03-14 14:21:45 UTC (rev 5074)
+++ active/CVE-2016-10208 2017-03-14 14:27:10 UTC (rev 5075)
@@ -10,5 +10,5 @@
3.16-upstream-stable: released (3.16.41) [ext4-validate-s_first_meta_bg-at-mount-time.patch]
3.2-upstream-stable: N/A "Introduced in 3.6-rc1 with 952fc18ef9ec707ebdc16c0786ec360295e5ff15"
sid: released (4.9.10-1)
-3.16-jessie-security: needed
+3.16-jessie-security: pending (3.16.39-1+deb8u3) [bugfix/all/ext4-validate-s_first_meta_bg-at-mount-time.patch]
3.2-wheezy-security: N/A "Introduced in 3.6-rc1 with 952fc18ef9ec707ebdc16c0786ec360295e5ff15"
Modified: active/CVE-2016-6213
===================================================================
--- active/CVE-2016-6213 2017-03-14 14:21:45 UTC (rev 5074)
+++ active/CVE-2016-6213 2017-03-14 14:27:10 UTC (rev 5075)
@@ -11,5 +11,5 @@
3.16-upstream-stable: released (3.16.41) [mnt-add-a-per-mount-namespace-limit-on-the-number-of-mounts.patch]
3.2-upstream-stable: N/A "Unprivileged users cannot manipulate mounts"
sid: released (4.8.11-1) [bugfix/all/mnt-Add-a-per-mount-namespace-limit-on-the-number-of.patch]
-3.16-jessie-security: needed
+3.16-jessie-security: pending (3.16.39-1+deb8u3) [bugfix/all/mnt-add-a-per-mount-namespace-limit-on-the-number-of.patch]
3.2-wheezy-security: N/A "Unprivileged users cannot manipulate mounts"
Modified: active/CVE-2017-5967
===================================================================
--- active/CVE-2017-5967 2017-03-14 14:21:45 UTC (rev 5074)
+++ active/CVE-2017-5967 2017-03-14 14:27:10 UTC (rev 5075)
@@ -13,5 +13,5 @@
3.16-upstream-stable: ignored "Upstream fix is not suitable for backporting"
3.2-upstream-stable: ignored "Upstream fix is not suitable for backporting"
sid: released (4.9.13-1) [debian/time-mark-timer_stats-as-broken.patch]
-3.16-jessie-security: needed
+3.16-jessie-security: pending (3.16.39-1+deb8u3) [bugfix/all/timer-restrict-timer_stats-to-initial-pid-namespace.patch]
3.2-wheezy-security: needed
More information about the kernel-sec-discuss
mailing list