[kernel-sec-discuss] r3751 - active
Ben Hutchings
benh at moszumanska.debian.org
Wed Apr 22 17:19:04 UTC 2015
Author: benh
Date: 2015-04-22 17:19:04 +0000 (Wed, 22 Apr 2015)
New Revision: 3751
Modified:
active/CVE-2011-5321
active/CVE-2012-6689
active/CVE-2014-3184
active/CVE-2014-7825
active/CVE-2014-7826
active/CVE-2014-8159
active/CVE-2014-8171
active/CVE-2014-8172
active/CVE-2014-9683
active/CVE-2014-9710
active/CVE-2014-9715
active/CVE-2015-0239
active/CVE-2015-0275
active/CVE-2015-1420
active/CVE-2015-1593
active/CVE-2015-2041
active/CVE-2015-2042
active/CVE-2015-2150
active/CVE-2015-2666
active/CVE-2015-2830
active/CVE-2015-2922
Log:
Mark issues as N/A for jessie-security and 3.16.y as fixed before their branch point
Modified: active/CVE-2011-5321
===================================================================
--- active/CVE-2011-5321 2015-04-22 11:17:35 UTC (rev 3750)
+++ active/CVE-2011-5321 2015-04-22 17:19:04 UTC (rev 3751)
@@ -7,6 +7,7 @@
upstream: released (v3.2-rc1) [c290f8358acaeffd8e0c551ddcc24d1206143376]
2.6.32-upstream-stable: needed
sid: released (3.2.1-1)
+3.16-jessie-security: N/A "Fixed before initial release"
3.2-wheezy-security: N/A "Fixed before initial release"
2.6.32-squeeze-security: pending (2.6.32-48squeeze12) [bugfix/all/tty-drop-driver-reference-in-tty_open-fail-path.patch]
3.16-upstream-stable: N/A "Fixed before initial release"
Modified: active/CVE-2012-6689
===================================================================
--- active/CVE-2012-6689 2015-04-22 11:17:35 UTC (rev 3750)
+++ active/CVE-2012-6689 2015-04-22 17:19:04 UTC (rev 3751)
@@ -5,6 +5,7 @@
upstream: released (v3.6-rc5) [20e1db19db5d6b9e4e83021595eab0dc8f107bef]
2.6.32-upstream-stable: needed
sid: released (3.2.30-1)
+3.16-jessie-security: N/A "Fixed before initial release"
3.2-wheezy-security: N/A "fixed before wheezy release"
2.6.32-squeeze-security: pending (2.6.32-48squeeze12) [bugfix/all/netlink-fix-possible-spoofing-from-non-root-processe.patch]
3.16-upstream-stable: N/A "fixed before 3.16"
Modified: active/CVE-2014-3184
===================================================================
--- active/CVE-2014-3184 2015-04-22 11:17:35 UTC (rev 3750)
+++ active/CVE-2014-3184 2015-04-22 17:19:04 UTC (rev 3751)
@@ -6,6 +6,7 @@
upstream: released (3.17-rc2) [4ab25786c87eb20857bbb715c3ae34ec8fd6a214]
2.6.32-upstream-stable: needed
sid: released (3.16.2-2)
+3.16-jessie-security: N/A "Fixed before initial release"
3.2-wheezy-security: released (3.2.63-1)
2.6.32-squeeze-security: pending (2.6.32-48squeeze12) [bugfix/all/hid-fix-a-couple-of-off-by-ones.patch]
3.16-upstream-stable: released (3.16.2)
Modified: active/CVE-2014-7825
===================================================================
--- active/CVE-2014-7825 2015-04-22 11:17:35 UTC (rev 3750)
+++ active/CVE-2014-7825 2015-04-22 17:19:04 UTC (rev 3751)
@@ -8,6 +8,7 @@
upstream: released (v3.18-rc3) [086ba77a6db00ed858ff07451bedee197df868c9]
2.6.32-upstream-stable: needed
sid: released (3.16.7-ckt2-1)
+3.16-jessie-security: N/A "Fixed before initial release"
3.2-wheezy-security: N/A "CONFIG_FTRACE_SYSCALL not enabled"
2.6.32-squeeze-security: N/A "CONFIG_FTRACE_SYSCALL not enabled"
3.16-upstream-stable: released (3.16.7-ckt1)
Modified: active/CVE-2014-7826
===================================================================
--- active/CVE-2014-7826 2015-04-22 11:17:35 UTC (rev 3750)
+++ active/CVE-2014-7826 2015-04-22 17:19:04 UTC (rev 3751)
@@ -9,6 +9,7 @@
upstream: released (v3.18-rc3) [086ba77a6db00ed858ff07451bedee197df868c9]
2.6.32-upstream-stable: needed
sid: released (3.16.7-ckt2-1)
+3.16-jessie-security: N/A "Fixed before initial release"
3.2-wheezy-security: N/A "CONFIG_FTRACE_SYSCALL not enabled"
2.6.32-squeeze-security: N/A "CONFIG_FTRACE_SYSCALL not enabled"
3.16-upstream-stable: released (3.16.7-ckt1)
Modified: active/CVE-2014-8159
===================================================================
--- active/CVE-2014-8159 2015-04-22 11:17:35 UTC (rev 3750)
+++ active/CVE-2014-8159 2015-04-22 17:19:04 UTC (rev 3751)
@@ -6,6 +6,7 @@
upstream: released (4.0) [8494057ab5e40df590ef6ef7d66324d3ae33356b]
2.6.32-upstream-stable: needed
sid: released (3.16.7-ckt9-1) [bugfix/all/ib-core-prevent-integer-overflow-in-ib_umem_get.patch]
+3.16-jessie-security: N/A "Fixed before initial release"
3.2-wheezy-security: pending (3.2.68-2) [bugfix/all/ib-core-prevent-integer-overflow-in-ib_umem_get.patch]
2.6.32-squeeze-security: pending (2.6.32-48squeeze12) [bugfix/all/ib-core-prevent-integer-overflow-in-ib_umem_get.patch]
3.16-upstream-stable: pending (3.16.7-ckt10)
Modified: active/CVE-2014-8171
===================================================================
--- active/CVE-2014-8171 2015-04-22 11:17:35 UTC (rev 3750)
+++ active/CVE-2014-8171 2015-04-22 17:19:04 UTC (rev 3751)
@@ -5,8 +5,8 @@
upstream: released (v3.12-rc1) [3812c8c8f3953921ef18544110dafc3505c1ac62], (v3.12-rc6) [4942642080ea82d99ab5b653abb9a12b7ba31f4a]
2.6.32-upstream-stable:
sid:
-3.16-jessie-security:
+3.16-jessie-security: N/A "Fixed before initial release"
3.2-wheezy-security:
2.6.32-squeeze-security:
-3.16-upstream-stable:
+3.16-upstream-stable: N/A "Fixed before initial release"
3.2-upstream-stable:
Modified: active/CVE-2014-8172
===================================================================
--- active/CVE-2014-8172 2015-04-22 11:17:35 UTC (rev 3750)
+++ active/CVE-2014-8172 2015-04-22 17:19:04 UTC (rev 3751)
@@ -5,7 +5,8 @@
upstream: released (3.13) [eee5cc2702929fd41cce28058dc6d6717f723f87]
2.6.32-upstream-stable:
sid: released (3.13.4-1)
+3.16-jessie-security: N/A "Fixed before initial release"
3.2-wheezy-security:
2.6.32-squeeze-security:
-3.16-upstream-stable: N/A
+3.16-upstream-stable: N/A "Fixed before initial release"
3.2-upstream-stable:
Modified: active/CVE-2014-9683
===================================================================
--- active/CVE-2014-9683 2015-04-22 11:17:35 UTC (rev 3750)
+++ active/CVE-2014-9683 2015-04-22 17:19:04 UTC (rev 3751)
@@ -5,6 +5,7 @@
upstream: released (v3.19-rc1) [942080643bce061c3dd9d5718d3b745dcb39a8bc]
2.6.32-upstream-stable: needed
sid: released (3.16.7-ckt4-1)
+3.16-jessie-security: N/A "Fixed before initial release"
3.2-wheezy-security: released (3.2.65-1+deb7u2)
2.6.32-squeeze-security: pending (2.6.32-48squeeze11) [bugfix/all/ecryptfs-remove-buggy-and-unnecessary-write-in-file-.patch]
3.16-upstream-stable: released (3.16.7-ckt4)
Modified: active/CVE-2014-9710
===================================================================
--- active/CVE-2014-9710 2015-04-22 11:17:35 UTC (rev 3750)
+++ active/CVE-2014-9710 2015-04-22 17:19:04 UTC (rev 3751)
@@ -5,6 +5,7 @@
upstream: released (3.19) [5f5bc6b1e2d5a6f827bc860ef2dc5b6f365d1339]
2.6.32-upstream-stable:
sid: released (3.16.7-ckt9-1) [bugfix/all/btrfs-make-xattr-replace-operations-atomic.patch]
+3.16-jessie-security: N/A "Fixed before initial release"
3.2-wheezy-security:
2.6.32-squeeze-security: ignored "btrfs in squeeze is just a tech preview and not usable for production"
3.16-upstream-stable: needed
Modified: active/CVE-2014-9715
===================================================================
--- active/CVE-2014-9715 2015-04-22 11:17:35 UTC (rev 3750)
+++ active/CVE-2014-9715 2015-04-22 17:19:04 UTC (rev 3751)
@@ -8,6 +8,7 @@
upstream: released (v3.15-rc1) [223b02d923ecd7c84cf9780bb3686f455d279279]
2.6.32-upstream-stable: N/A "Introduced in 3.6"
sid: released (3.14.5-1)
+3.16-jessie-security: N/A "Fixed before initial release"
3.2-wheezy-security: pending (3.2.68-2) [bugfix/all/netfilter-nf_conntrack-reserve-two-bytes-for-nf_ct_e.patch]
2.6.32-squeeze-security: N/A "Introduced in 3.6"
3.16-upstream-stable: N/A "Fixed already in v3.15-rc1"
Modified: active/CVE-2015-0239
===================================================================
--- active/CVE-2015-0239 2015-04-22 11:17:35 UTC (rev 3750)
+++ active/CVE-2015-0239 2015-04-22 17:19:04 UTC (rev 3751)
@@ -10,6 +10,7 @@
upstream: released (3.19-rc6) [f3747379accba8e95d70cec0eae0582c8c182050]
2.6.32-upstream-stable: needed
sid: released (3.16.7-ckt4-2) [bugfix/x86/kvm-x86-sysenter-emulation-is-broken.patch]
+3.16-jessie-security: N/A "Fixed before initial release"
3.2-wheezy-security: released (3.2.65-1+deb7u2) [bugfix/x86/kvm-x86-sysenter-emulation-is-broken.patch]
2.6.32-squeeze-security: ignored "KVM not supported in squeeze LTS"
3.16-upstream-stable: released (3.16.7-ckt6)
Modified: active/CVE-2015-0275
===================================================================
--- active/CVE-2015-0275 2015-04-22 11:17:35 UTC (rev 3750)
+++ active/CVE-2015-0275 2015-04-22 17:19:04 UTC (rev 3751)
@@ -7,6 +7,7 @@
upstream: needed
2.6.32-upstream-stable: N/A "vulnerable code not present"
sid: released (3.16.7-ckt9-1) [bugfix/all/ext4-allocate-entire-range-in-zero-range.patch, bugfix/all/ext4-fix-accidental-flag-aliasing-in-ext4_map_blocks.patch, bugfix/all/ext4-fix-zero_range-bug-hidden-by-flag-aliasing.patch]
+3.16-jessie-security: N/A "Fixed before initial release"
3.2-wheezy-security: N/A "vulnerable code not present"
2.6.32-squeeze-security: N/A "vulnerable code not present"
3.16-upstream-stable: needed
Modified: active/CVE-2015-1420
===================================================================
--- active/CVE-2015-1420 2015-04-22 11:17:35 UTC (rev 3750)
+++ active/CVE-2015-1420 2015-04-22 17:19:04 UTC (rev 3751)
@@ -6,6 +6,7 @@
upstream: needed
2.6.32-upstream-stable: N/A "Introduced in 2.6.39 with becfd1f37544798cbdfd788f32c827160fab98c1"
sid: released (3.16.7-ckt7-1) [bugfix/all/vfs-read-file_handle-only-once-in-handle_to_path.patch]
+3.16-jessie-security: N/A "Fixed before initial release"
3.2-wheezy-security: released (3.2.65-1+deb7u2) [bugfix/all/vfs-read-file_handle-only-once-in-handle_to_path.patch]
2.6.32-squeeze-security: N/A "Introduced in 2.6.39 with becfd1f37544798cbdfd788f32c827160fab98c1"
3.16-upstream-stable: needed
Modified: active/CVE-2015-1593
===================================================================
--- active/CVE-2015-1593 2015-04-22 11:17:35 UTC (rev 3750)
+++ active/CVE-2015-1593 2015-04-22 17:19:04 UTC (rev 3751)
@@ -8,6 +8,7 @@
upstream: released (4.0-rc1) [4e7c22d447bb6d7e37bfe39ff658486ae78e8d77]
2.6.32-upstream-stable: pending (2.6.32.66)
sid: released (3.16.7-ckt7-1) [bugfix/all/aslr-fix-stack-randomization-on-64-bit-systems.patch]
+3.16-jessie-security: N/A "Fixed before initial release"
3.2-wheezy-security: released (3.2.65-1+deb7u2) [bugfix/all/aslr-fix-stack-randomization-on-64-bit-systems.patch]
2.6.32-squeeze-security: released (2.6.32-48squeeze11) [bugfix/all/aslr-fix-stack-randomization-on-64-bit-systems.patch]
3.16-upstream-stable: released (3.16.7-ckt8)
Modified: active/CVE-2015-2041
===================================================================
--- active/CVE-2015-2041 2015-04-22 11:17:35 UTC (rev 3750)
+++ active/CVE-2015-2041 2015-04-22 17:19:04 UTC (rev 3751)
@@ -7,6 +7,7 @@
upstream: released (v3.19-rc7) [6b8d9117ccb4f81b1244aafa7bc70ef8fa45fc49]
2.6.32-upstream-stable: needed
sid: released (3.16.7-ckt9-1)
+3.16-jessie-security: N/A "Fixed before initial release"
3.2-wheezy-security: pending (3.2.68-2) [bugfix/all/net-llc-use-correct-size-for-sysctl-timeout-entries.patch]
2.6.32-squeeze-security: pending (2.6.32-48squeeze12) [bugfix/all/net-llc-use-correct-size-for-sysctl-timeout-entries.patch]
3.16-upstream-stable: released (3.16.7-ckt8)
Modified: active/CVE-2015-2042
===================================================================
--- active/CVE-2015-2042 2015-04-22 11:17:35 UTC (rev 3750)
+++ active/CVE-2015-2042 2015-04-22 17:19:04 UTC (rev 3751)
@@ -7,6 +7,7 @@
upstream: released (v3.19) [db27ebb111e9f69efece08e4cb6a34ff980f8896]
2.6.32-upstream-stable: needed
sid: released (3.16.7-ckt9-1)
+3.16-jessie-security: N/A "Fixed before initial release"
3.2-wheezy-security: pending (3.2.68-2) [bugfix/all/net-rds-use-correct-size-for-max-unacked-packets-and.patch]
2.6.32-squeeze-security: pending (2.6.32-48squeeze12) [bugfix/all/net-rds-use-correct-size-for-max-unacked-packets-and.patch]
3.16-upstream-stable: released (3.16.7-ckt8)
Modified: active/CVE-2015-2150
===================================================================
--- active/CVE-2015-2150 2015-04-22 11:17:35 UTC (rev 3750)
+++ active/CVE-2015-2150 2015-04-22 17:19:04 UTC (rev 3751)
@@ -6,6 +6,7 @@
upstream: released (4.0-rc4) [af6fc858a35b90e89ea7a7ee58e66628c55c776b]
2.6.32-upstream-stable: N/A "xen-pciback introduced in 3.1"
sid: released (3.16.7-ckt9-1)
+3.16-jessie-security: N/A "Fixed before initial release"
3.2-wheezy-security: pending (3.2.68-2) [bugfix/all/xen-pciback-limit-guest-control-of-command-register.patch]
2.6.32-squeeze-security: N/A "xen-pciback introduced in 3.1"
3.16-upstream-stable: released (3.16.7-ckt9)
Modified: active/CVE-2015-2666
===================================================================
--- active/CVE-2015-2666 2015-04-22 11:17:35 UTC (rev 3750)
+++ active/CVE-2015-2666 2015-04-22 17:19:04 UTC (rev 3751)
@@ -5,6 +5,7 @@
upstream: released (4.0) [f84598bd7c851f8b0bf8cd0d7c3be0d73c432ff4]
2.6.32-upstream-stable: N/A "Introduced in 3.9 with ec400ddeff200b068ddc6c70f7321f49ecf32ed5"
sid: released (3.16.7-ckt9-1) [bugfix/x86/x86-microcode-intel-guard-against-stack-overflow-in-.patch]
+3.16-jessie-security: N/A "Fixed before initial release"
3.2-wheezy-security: N/A "Introduced in 3.9 with ec400ddeff200b068ddc6c70f7321f49ecf32ed5"
2.6.32-squeeze-security: N/A "Introduced in 3.9 with ec400ddeff200b068ddc6c70f7321f49ecf32ed5"
3.16-upstream-stable: pending (3.16.7-ckt10)
Modified: active/CVE-2015-2830
===================================================================
--- active/CVE-2015-2830 2015-04-22 11:17:35 UTC (rev 3750)
+++ active/CVE-2015-2830 2015-04-22 17:19:04 UTC (rev 3751)
@@ -5,6 +5,7 @@
upstream: released (v4.0-rc3) [956421fbb74c3a6261903f3836c0740187cf038b]
2.6.32-upstream-stable: needed
sid: released (3.16.7-ckt9-1)
+3.16-jessie-security: N/A "Fixed before initial release"
3.2-wheezy-security: pending (3.2.68-2) [bugfix/x86/x86-asm-entry-64-remove-a-bogus-ret_from_fork-optimi.patch]
2.6.32-squeeze-security: pending (2.6.32-48squeeze12) [bugfix/x86/x86-asm-entry-64-remove-a-bogus-ret_from_fork-optimi.patch]
3.16-upstream-stable: released (3.16.7-ckt9)
Modified: active/CVE-2015-2922
===================================================================
--- active/CVE-2015-2922 2015-04-22 11:17:35 UTC (rev 3750)
+++ active/CVE-2015-2922 2015-04-22 17:19:04 UTC (rev 3751)
@@ -5,6 +5,7 @@
upstream: released (4.0) [6fd99094de2b83d1d4c8457f2c83483b2828e75a]
2.6.32-upstream-stable: needed
sid: released (3.16.7-ckt9-1) [bugfix/all/ipv6-don-t-reduce-hop-limit-for-an-interface.patch]
+3.16-jessie-security: N/A "Fixed before initial release"
3.2-wheezy-security: pending (3.2.68-2) [bugfix/all/ipv6-don-t-reduce-hop-limit-for-an-interface.patch]
2.6.32-squeeze-security: pending (2.6.32-48squeeze12) [bugfix/all/ipv6-don-t-reduce-hop-limit-for-an-interface.patch]
3.16-upstream-stable: pending (3.16.7-ckt10)
More information about the kernel-sec-discuss
mailing list