[kernel-sec-discuss] r3494 - active

Ben Hutchings benh at moszumanska.debian.org
Wed Sep 17 21:39:47 UTC 2014


Author: benh
Date: 2014-09-17 21:39:46 +0000 (Wed, 17 Sep 2014)
New Revision: 3494

Modified:
   active/CVE-2014-3181
   active/CVE-2014-3182
   active/CVE-2014-3183
   active/CVE-2014-3184
   active/CVE-2014-3185
   active/CVE-2014-3186
   active/CVE-2014-3601
   active/CVE-2014-4171
   active/CVE-2014-4608
   active/CVE-2014-5077
   active/CVE-2014-5471
   active/CVE-2014-5472
   active/CVE-2014-6416
   active/CVE-2014-6417
   active/CVE-2014-6418
Log:
Mark issues fixed/pending in 3.2.63, 3.16.2, 3.16.3 and corresponding Debian versions


Modified: active/CVE-2014-3181
===================================================================
--- active/CVE-2014-3181	2014-09-16 12:00:57 UTC (rev 3493)
+++ active/CVE-2014-3181	2014-09-17 21:39:46 UTC (rev 3494)
@@ -6,7 +6,7 @@
 upstream: released (3.17-rc3) [c54def7bd64d7c0b6993336abcffb8444795bf38]
 2.6.32-upstream-stable: N/A "Vulnerable code not present"
 sid: needed
-3.2-wheezy-security:
+3.2-wheezy-security: pending (3.2.63-1)
 2.6.32-squeeze-security: N/A "Vulnerable code not present"
 3.16-upstream-stable: needed
-3.2-upstream-stable:
+3.2-upstream-stable: released (3.2.63)

Modified: active/CVE-2014-3182
===================================================================
--- active/CVE-2014-3182	2014-09-16 12:00:57 UTC (rev 3493)
+++ active/CVE-2014-3182	2014-09-17 21:39:46 UTC (rev 3494)
@@ -5,8 +5,8 @@
 Bugs:
 upstream: released (3.17-rc2) [ad3e14d7c5268c2e24477c6ef54bbdf88add5d36]
 2.6.32-upstream-stable:
-sid: needed
-3.2-wheezy-security:
+sid: released (3.16.2-2)
+3.2-wheezy-security: pending (3.2.63-1)
 2.6.32-squeeze-security:
-3.16-upstream-stable: needed
-3.2-upstream-stable:
+3.16-upstream-stable: released (3.16.2)
+3.2-upstream-stable: released (3.2.63)

Modified: active/CVE-2014-3183
===================================================================
--- active/CVE-2014-3183	2014-09-16 12:00:57 UTC (rev 3493)
+++ active/CVE-2014-3183	2014-09-17 21:39:46 UTC (rev 3494)
@@ -5,8 +5,8 @@
 Bugs:
 upstream: released (3.17-rc2) [6817ae225cd650fb1c3295d769298c38b1eba818]
 2.6.32-upstream-stable:
-sid: needed
-3.2-wheezy-security:
+sid: released (3.16.2-2)
+3.2-wheezy-security: pending (3.2.63-1)
 2.6.32-squeeze-security:
-3.16-upstream-stable: needed
-3.2-upstream-stable:
+3.16-upstream-stable: released (3.16.2)
+3.2-upstream-stable: released (3.2.63)

Modified: active/CVE-2014-3184
===================================================================
--- active/CVE-2014-3184	2014-09-16 12:00:57 UTC (rev 3493)
+++ active/CVE-2014-3184	2014-09-17 21:39:46 UTC (rev 3494)
@@ -5,8 +5,8 @@
 Bugs:
 upstream: released (3.17-rc2) [6817ae225cd650fb1c3295d769298c38b1eba818]
 2.6.32-upstream-stable:
-sid: needed
-3.2-wheezy-security:
+sid: released (3.16.2-2)
+3.2-wheezy-security: pending (3.2.63-1)
 2.6.32-squeeze-security:
-3.16-upstream-stable: needed
-3.2-upstream-stable:
+3.16-upstream-stable: released (3.16.2)
+3.2-upstream-stable: released (3.2.63)

Modified: active/CVE-2014-3185
===================================================================
--- active/CVE-2014-3185	2014-09-16 12:00:57 UTC (rev 3493)
+++ active/CVE-2014-3185	2014-09-17 21:39:46 UTC (rev 3494)
@@ -5,8 +5,8 @@
 Bugs:
 upstream: released (3.17-rc3) [6817ae225cd650fb1c3295d769298c38b1eba818]
 2.6.32-upstream-stable:
-sid: needed
-3.2-wheezy-security:
+sid: released (3.16.2-2)
+3.2-wheezy-security: pending (3.2.63-1)
 2.6.32-squeeze-security:
-3.16-upstream-stable: needed
-3.2-upstream-stable:
+3.16-upstream-stable: released (3.16.2)
+3.2-upstream-stable: released (3.2.63)

Modified: active/CVE-2014-3186
===================================================================
--- active/CVE-2014-3186	2014-09-16 12:00:57 UTC (rev 3493)
+++ active/CVE-2014-3186	2014-09-17 21:39:46 UTC (rev 3494)
@@ -6,7 +6,7 @@
 upstream: released (3.17-rc3) [844817e47eef14141cf59b8d5ac08dd11c0a9189]
 2.6.32-upstream-stable: N/A "Vulnerable code not present"
 sid: needed
-3.2-wheezy-security:
+3.2-wheezy-security: pending (3.2.63-1)
 2.6.32-squeeze-security: N/A "Vulnerable code not present"
 3.16-upstream-stable: needed
-3.2-upstream-stable:
+3.2-upstream-stable: released (3.2.63)

Modified: active/CVE-2014-3601
===================================================================
--- active/CVE-2014-3601	2014-09-16 12:00:57 UTC (rev 3493)
+++ active/CVE-2014-3601	2014-09-17 21:39:46 UTC (rev 3494)
@@ -6,7 +6,7 @@
 upstream: released (3.17-rc2) [350b8bdd689cd2ab2c67c8a86a0be86cfa0751a7]
 2.6.32-upstream-stable:
 sid: released (3.16.2-2)
-3.2-wheezy-security:
+3.2-wheezy-security: pending (3.2.63-1)
 2.6.32-squeeze-security:
 3.16-upstream-stable: needed
 3.2-upstream-stable: released (3.2.63) [kvm-iommu-fix-the-third-parameter-of-kvm_iommu_put_pages.patch]

Modified: active/CVE-2014-4171
===================================================================
--- active/CVE-2014-4171	2014-09-16 12:00:57 UTC (rev 3493)
+++ active/CVE-2014-4171	2014-09-17 21:39:46 UTC (rev 3494)
@@ -9,7 +9,7 @@
 upstream: released (3.16-rc7) [f00cdc6df7d7cfcabb5b740911e6788cb0802bdb, 8e205f779d1443a94b5ae81aa359cb535dd3021e, b1a366500bd537b50c3aad26dc7df083ec03a448]
 2.6.32-upstream-stable: N/A "Vulnerable code introduced later"
 sid: released (3.14.15-1)
-3.2-wheezy-security: needed
+3.2-wheezy-security: pending (3.2.63-1)
 3.16-upstream-stable: N/A
 2.6.32-squeeze-security: N/A "Vulnerable code introduced later"
 3.2-upstream-stable: released (3.2.62) [shmem-fix-faulting-into-a-hole-while-it-s-punched.patch, shmem-fix-faulting-into-a-hole-not-taking-i_mutex.patch, shmem-fix-splicing-from-a-hole-while-it-s-punched.patch]

Modified: active/CVE-2014-4608
===================================================================
--- active/CVE-2014-4608	2014-09-16 12:00:57 UTC (rev 3493)
+++ active/CVE-2014-4608	2014-09-17 21:39:46 UTC (rev 3494)
@@ -6,7 +6,7 @@
 upstream: released (3.16-rc3) [206a81c18401c0cde6e579164f752c4b147324ce]
 2.6.32-upstream-stable:
 sid: released (3.14.9-1)
-3.2-wheezy-security:
+3.2-wheezy-security: pending (3.2.63-1)
 3.16-upstream-stable: N/A
 2.6.32-squeeze-security:
 3.2-upstream-stable: released (3.2.61) [lib-lzo-rename-lzo1x_decompress.c-to-lzo1x_decompress_safe.c.patch, lib-lzo-update-lzo-compression-to-current-upstream-version.patch, lzo-properly-check-for-overruns.patch]

Modified: active/CVE-2014-5077
===================================================================
--- active/CVE-2014-5077	2014-09-16 12:00:57 UTC (rev 3493)
+++ active/CVE-2014-5077	2014-09-17 21:39:46 UTC (rev 3494)
@@ -8,7 +8,7 @@
 upstream: released (3.16) [1be9a950c646c9092fb3618197f7b6bfb50e82aa]
 2.6.32-upstream-stable: needed
 sid: released (3.14.15-1) [bugfix/all/net-sctp-inherit-auth_capable-on-INIT-collisions.patch]
-3.2-wheezy-security: needed
+3.2-wheezy-security: pending (3.2.63-1)
 3.16-upstream-stable: N/A
 2.6.32-squeeze-security: needed
 3.2-upstream-stable: released (3.2.63) [net-sctp-inherit-auth_capable-on-init-collisions.patch]

Modified: active/CVE-2014-5471
===================================================================
--- active/CVE-2014-5471	2014-09-16 12:00:57 UTC (rev 3493)
+++ active/CVE-2014-5471	2014-09-17 21:39:46 UTC (rev 3494)
@@ -5,7 +5,7 @@
 upstream: released (v3.17-rc2) [410dd3cf4c9b36f27ed4542ee18b1af5e68645a4]
 2.6.32-upstream-stable:
 sid: released (3.16.2-2)
-3.2-wheezy-security:
+3.2-wheezy-security: pending (3.2.63-1)
 2.6.32-squeeze-security:
 3.16-upstream-stable: needed
 3.2-upstream-stable: released (3.2.63) [isofs-fix-unbounded-recursion-when-processing-relocated-directories.patch]

Modified: active/CVE-2014-5472
===================================================================
--- active/CVE-2014-5472	2014-09-16 12:00:57 UTC (rev 3493)
+++ active/CVE-2014-5472	2014-09-17 21:39:46 UTC (rev 3494)
@@ -5,7 +5,7 @@
 upstream: released (v3.17-rc2) [410dd3cf4c9b36f27ed4542ee18b1af5e68645a4]
 2.6.32-upstream-stable:
 sid: released (3.16.2-2)
-3.2-wheezy-security:
+3.2-wheezy-security: pending (3.2.63-1)
 2.6.32-squeeze-security:
 3.16-upstream-stable: needed
 3.2-upstream-stable: released (3.2.63) [isofs-fix-unbounded-recursion-when-processing-relocated-directories.patch]

Modified: active/CVE-2014-6416
===================================================================
--- active/CVE-2014-6416	2014-09-16 12:00:57 UTC (rev 3493)
+++ active/CVE-2014-6416	2014-09-17 21:39:46 UTC (rev 3494)
@@ -6,8 +6,8 @@
 Bugs:
 upstream: released (v3.17-rc5) [c27a3e4d667fdcad3db7b104f75659478e0c68d8]
 2.6.32-upstream-stable: N/A "Introduced in 2.6.34"
-sid: needed
+sid: pending (3.16.3-1)
 3.2-wheezy-security:
 2.6.32-squeeze-security: N/A "Introduced in 2.6.34"
-3.16-upstream-stable: needed
+3.16-upstream-stable: released (3.16.3)
 3.2-upstream-stable:

Modified: active/CVE-2014-6417
===================================================================
--- active/CVE-2014-6417	2014-09-16 12:00:57 UTC (rev 3493)
+++ active/CVE-2014-6417	2014-09-17 21:39:46 UTC (rev 3494)
@@ -6,8 +6,8 @@
 Bugs:
 upstream: released (v3.17-rc5) [c27a3e4d667fdcad3db7b104f75659478e0c68d8]
 2.6.32-upstream-stable: N/A "Introduced in 2.6.34"
-sid: needed
+sid: pending (3.16.3-1)
 3.2-wheezy-security:
 2.6.32-squeeze-security: N/A "Introduced in 2.6.34"
-3.16-upstream-stable: needed
+3.16-upstream-stable: released (3.16.3)
 3.2-upstream-stable:

Modified: active/CVE-2014-6418
===================================================================
--- active/CVE-2014-6418	2014-09-16 12:00:57 UTC (rev 3493)
+++ active/CVE-2014-6418	2014-09-17 21:39:46 UTC (rev 3494)
@@ -6,8 +6,8 @@
 Bugs:
 upstream: released (v3.17-rc5) [c27a3e4d667fdcad3db7b104f75659478e0c68d8]
 2.6.32-upstream-stable: N/A "Introduced in 2.6.34"
-sid: needed
+sid: pending (3.16.3-1)
 3.2-wheezy-security:
 2.6.32-squeeze-security: N/A "Introduced in 2.6.34"
-3.16-upstream-stable: needed
+3.16-upstream-stable: released (3.16.3)
 3.2-upstream-stable:




More information about the kernel-sec-discuss mailing list