[kernel-sec-discuss] r3455 - active
Ben Hutchings
benh at moszumanska.debian.org
Wed Jul 30 02:17:41 UTC 2014
Author: benh
Date: 2014-07-30 02:17:41 +0000 (Wed, 30 Jul 2014)
New Revision: 3455
Modified:
active/CVE-2014-3534
active/CVE-2014-4171
active/CVE-2014-4667
active/CVE-2014-4943
Log:
Update release status of various issues
Modified: active/CVE-2014-3534
===================================================================
--- active/CVE-2014-3534 2014-07-23 00:13:11 UTC (rev 3454)
+++ active/CVE-2014-3534 2014-07-30 02:17:41 UTC (rev 3455)
@@ -10,9 +10,9 @@
bwh> ("s390/uaccess: always run the kernel in home space") made that
bwh> the default (I think).
Bugs:
-upstream: pending (3.16-rc7) [dab6cf55f81a6e16b8147aed9a843e1691dcd318]
+upstream: released (3.16-rc7) [dab6cf55f81a6e16b8147aed9a843e1691dcd318]
2.6.32-upstream-stable: N/A ("vulnerable code not present")
-sid: needed
-3.2-wheezy-security: needed
+sid: released (3.14.13-2) [bugfix/s390/s390-ptrace-fix-PSW-mask-check.patch]
+3.2-wheezy-security: released (3.2.60-1+deb7u3) [bugfix/s390/s390-ptrace-fix-PSW-mask-check.patch]
2.6.32-squeeze-security: N/A ("vulnerable code not present")
3.2-upstream-stable: needed
Modified: active/CVE-2014-4171
===================================================================
--- active/CVE-2014-4171 2014-07-23 00:13:11 UTC (rev 3454)
+++ active/CVE-2014-4171 2014-07-30 02:17:41 UTC (rev 3455)
@@ -3,13 +3,10 @@
Notes:
jmm> Initial patch (f00cdc6df7d7cfcabb5b740911e6788cb0802bdb) was wrong:
jmm> https://lkml.org/lkml/2014/7/2/518
- bwh> Additional fixes required on top of that initial patch are
- bwh> "shmem: fix faulting into a hole, not taking i_mutex" and
- bwh> "shmem: fix splicing from a hole while it's punched", neither of
- bwh> which has been applied by Linus yet. Hugh says Linux 3.1+ need
- bwh> these fixes but it's not known whether earlier versions do.
+ bwh> Hugh says Linux 3.1+ need these fixes but it's not known whether
+ bwh> earlier versions do.
Bugs:
-upstream: needed
+upstream: released (3.16-rc7) [f00cdc6df7d7cfcabb5b740911e6788cb0802bdb, 8e205f779d1443a94b5ae81aa359cb535dd3021e, b1a366500bd537b50c3aad26dc7df083ec03a448]
2.6.32-upstream-stable: N/A "Vulnerable code introduced later"
sid: needed
3.2-wheezy-security:
Modified: active/CVE-2014-4667
===================================================================
--- active/CVE-2014-4667 2014-07-23 00:13:11 UTC (rev 3454)
+++ active/CVE-2014-4667 2014-07-30 02:17:41 UTC (rev 3455)
@@ -5,6 +5,6 @@
upstream: released (v3.16-rc1) [d3217b15a19a4779c39b212358a5c71d725822ee]
2.6.32-upstream-stable: pending (2.6.32.64)
sid: released (3.14.9-1)
-3.2-wheezy-security:
+3.2-wheezy-security: released (3.2.60-1+deb7u3) [bugfix/all/sctp-fix-sk_ack_backlog-wrap-around-problem.patch]
2.6.32-squeeze-security: released (2.6.32-48squeeze8)
3.2-upstream-stable: released (3.2.61) [sctp-fix-sk_ack_backlog-wrap-around-problem.patch]
Modified: active/CVE-2014-4943
===================================================================
--- active/CVE-2014-4943 2014-07-23 00:13:11 UTC (rev 3454)
+++ active/CVE-2014-4943 2014-07-30 02:17:41 UTC (rev 3455)
@@ -2,9 +2,9 @@
References:
Notes:
Bugs:
-upstream: pending [3cf521f7dc87c031617fd47e4b7aa2593c2f3daf]
+upstream: released (3.16-rc6) [3cf521f7dc87c031617fd47e4b7aa2593c2f3daf]
2.6.32-upstream-stable: needed
sid: released (3.14.13-1) [bugfix/all/net-l2tp-don-t-fall-back-on-UDP-get-set-sockopt.patch]
-3.2-wheezy-security: needed
+3.2-wheezy-security: released (3.2.60-1+deb7u3) [bugfix/all/net-l2tp-don-t-fall-back-on-UDP-get-set-sockopt.patch]
2.6.32-squeeze-security: needed
3.2-upstream-stable: needed
More information about the kernel-sec-discuss
mailing list