[kernel-sec-discuss] r3163 - active

Ben Hutchings benh at moszumanska.debian.org
Mon Dec 2 04:21:05 UTC 2013 

Author: benh
Date: 2013-12-02 04:20:00 +0000 (Mon, 02 Dec 2013)
New Revision: 3163

Modified:
   active/CVE-2012-2372
   active/CVE-2013-4563
   active/CVE-2013-6381
   active/CVE-2013-6382
Log:
Mark issues with cherry-picked fixes pending for sid

Modified: active/CVE-2012-2372
===================================================================
--- active/CVE-2012-2372	2013-12-02 02:51:10 UTC (rev 3162)
+++ active/CVE-2012-2372	2013-12-02 04:20:00 UTC (rev 3163)
@@ -7,10 +7,12 @@
  jmm> https://patchwork.kernel.org/patch/1493571/
  jmm> Different patch, also not merged upstream:
  jmm> https://oss.oracle.com/git/?p=redpatch.git;a=commit;h=c7b6a0a1d8d636852be130fa15fa8be10d4704e8
+ bwh> Real fix seems to be:
+ bwh> http://patchwork.ozlabs.org/patch/293827/
 Bugs:
 upstream: needed "no upstream fix as of 2013.11.21"
 2.6.32-upstream-stable:
-sid: ignored "no upstream fix as of 2013.11.21"
+sid: pending (3.11.10-1) [bugfix/all/rds-prevent-bug_on-triggered-by-congestion-update-to-loopback.patch]
 3.2-wheezy-security: ignored (3.2.41-2+deb7u1) "no upstream fix as of 2013.11.21"
 2.6.32-squeeze-security: ignored (2.6.32-48squeeze2) "no upstream fix as of 2013.11.21"
 3.2-upstream-stable:

Modified: active/CVE-2013-4563
===================================================================
--- active/CVE-2013-4563	2013-12-02 02:51:10 UTC (rev 3162)
+++ active/CVE-2013-4563	2013-12-02 04:20:00 UTC (rev 3163)
@@ -4,7 +4,7 @@
 Bugs:
 upstream: released (3.13-rc1) [0e033e04c2678dbbe74a46b23fffb7bb918c288e]
 2.6.32-upstream-stable: N/A "Introduced in 3.10 with 1e2bd517c108816220f262d7954b697af03b5f9c"
-sid: needed
+sid: pending (3.11.10-1) [bugfix/all/ipv6-fix-headroom-calculation-in-udp6_ufo_fragment.patch]
 3.2-wheezy-security: N/A "Introduced in 3.10 with 1e2bd517c108816220f262d7954b697af03b5f9c"
 2.6.32-squeeze-security: N/A "Introduced in 3.10 with 1e2bd517c108816220f262d7954b697af03b5f9c"
 3.2-upstream-stable: N/A "Introduced in 3.10 with 1e2bd517c108816220f262d7954b697af03b5f9c"

Modified: active/CVE-2013-6381
===================================================================
--- active/CVE-2013-6381	2013-12-02 02:51:10 UTC (rev 3162)
+++ active/CVE-2013-6381	2013-12-02 04:20:00 UTC (rev 3163)
@@ -4,7 +4,7 @@
 Bugs:
 upstream: released (3.13-rc1) [6fb392b1a63ae36c31f62bc3fc8630b49d602b62]
 2.6.32-upstream-stable: needed
-sid: needed
+sid: pending (3.11.10-1) [bugfix/s390/qeth-avoid-buffer-overflow-in-snmp-ioctl.patch]
 3.2-wheezy-security: needed
 2.6.32-squeeze-security: needed
 3.2-upstream-stable: needed

Modified: active/CVE-2013-6382
===================================================================
--- active/CVE-2013-6382	2013-12-02 02:51:10 UTC (rev 3162)
+++ active/CVE-2013-6382	2013-12-02 04:20:00 UTC (rev 3163)
@@ -5,7 +5,7 @@
 Bugs:
 upstream: needed
 2.6.32-upstream-stable: needed
-sid: needed
+sid: pending (3.11.10-1) [bugfix/all/xfs-underflow-bug-in-xfs_attrlist_by_handle.patch]
 3.2-wheezy-security: needed
 2.6.32-squeeze-security: needed
 3.2-upstream-stable: needed

More information about the kernel-sec-discuss mailing list