[kernel-sec-discuss] r4059 - active

Ben Hutchings benh at moszumanska.debian.org
Thu Dec 24 07:10:16 UTC 2015 

Author: benh
Date: 2015-12-24 07:10:16 +0000 (Thu, 24 Dec 2015)
New Revision: 4059

Modified:
   active/CVE-2013-7446
   active/CVE-2015-7799
   active/CVE-2015-7990
   active/CVE-2015-8543
   active/CVE-2015-8569
   active/CVE-2015-8575
Log:
Mark issues pending for 3.2

Modified: active/CVE-2013-7446
===================================================================
--- active/CVE-2013-7446	2015-12-24 05:44:43 UTC (rev 4058)
+++ active/CVE-2013-7446	2015-12-24 07:10:16 UTC (rev 4059)
@@ -8,7 +8,7 @@
 Bugs:
 upstream: released (4.4-rc4) [7d267278a9ece963d77eefec61630223fce08c6c]
 3.16-upstream-stable: needed
-3.2-upstream-stable: needed
+3.2-upstream-stable: pending (3.2.75) [unix-avoid-use-after-free-in-ep_remove_wait_queue.patch]
 2.6.32-upstream-stable: needed
 sid: released (4.2.6-2) [bugfix/all/unix-avoid-use-after-free-in-ep_remove_wait_queue.patch]
 3.16-jessie-security: released (3.16.7-ckt20-1+deb8u1) [bugfix/all/unix-avoid-use-after-free-in-ep_remove_wait_queue.patch]

Modified: active/CVE-2015-7799
===================================================================
--- active/CVE-2015-7799	2015-12-24 05:44:43 UTC (rev 4058)
+++ active/CVE-2015-7799	2015-12-24 07:10:16 UTC (rev 4059)
@@ -5,7 +5,7 @@
 Bugs:
 upstream: released (4.4-rc1) [0baa57d8dc32db78369d8b5176ef56c5e2e18ab3, 4ab42d78e37a294ac7bc56901d563c642e03c4ae]
 3.16-upstream-stable: released (3.16.7-ckt20) [bcd596b01fd5cea4591cd1cc8c1183f3da4bed68, 9bd814beb46d6d3d5eeb374c2b38c8b75523190a]
-3.2-upstream-stable: needed
+3.2-upstream-stable: pending (3.2.75) [isdn_ppp-add-checks-for-allocation-failure-in-isdn_ppp_open.patch, ppp-slip-validate-vj-compression-slot-parameters-completely.patch]
 2.6.32-upstream-stable: needed
 sid: released (4.2.6-2) [bugfix/all/isdn_ppp-add-checks-for-allocation-failure-in-isdn_p.patch, bugfix/all/ppp-slip-validate-vj-compression-slot-parameters-com.patch]
 3.16-jessie-security: released (3.16.7-ckt20-1+deb8u1)

Modified: active/CVE-2015-7990
===================================================================
--- active/CVE-2015-7990	2015-12-24 05:44:43 UTC (rev 4058)
+++ active/CVE-2015-7990	2015-12-24 07:10:16 UTC (rev 4059)
@@ -5,7 +5,7 @@
 Bugs:
 upstream: released (4.4-rc4) [8c7188b23474cca017b3ef354c4a58456f68303a]
 3.16-upstream-stable: needed
-3.2-upstream-stable: needed
+3.2-upstream-stable: pending (3.2.75) [rds-fix-race-condition-when-sending-a-message-on-unbound-socket.patch]
 2.6.32-upstream-stable: needed
 sid: released (4.2.6-1) [bugfix/all/rds-fix-race-condition-when-sending-a-message-on-unbound-socket.patch]
 3.16-jessie-security: released (3.16.7-ckt11-1+deb8u6) [bugfix/all/rds-fix-race-condition-when-sending-a-message-on-unbound-socket.patch]

Modified: active/CVE-2015-8543
===================================================================
--- active/CVE-2015-8543	2015-12-24 05:44:43 UTC (rev 4058)
+++ active/CVE-2015-8543	2015-12-24 07:10:16 UTC (rev 4059)
@@ -9,7 +9,7 @@
 Bugs:
 upstream: released (4.4-rc6) [79462ad02e861803b3840cc782248c7359451cd9]
 3.16-upstream-stable: needed
-3.2-upstream-stable: needed
+3.2-upstream-stable: pending (3.2.75) [net-add-validation-for-the-socket-syscall-protocol-argument.patch]
 2.6.32-upstream-stable: needed
 sid: released (4.3.3-1) [bugfix/all/net-add-validation-for-the-socket-syscall-protocol.patch]
 3.16-jessie-security: released (3.16.7-ckt20-1+deb8u1) [bugfix/all/net-add-validation-for-the-socket-syscall-protocol.patch]

Modified: active/CVE-2015-8569
===================================================================
--- active/CVE-2015-8569	2015-12-24 05:44:43 UTC (rev 4058)
+++ active/CVE-2015-8569	2015-12-24 07:10:16 UTC (rev 4059)
@@ -6,7 +6,7 @@
 Bugs:
 upstream: released (4.4-rc6) [09ccfd238e5a0e670d8178cf50180ea81ae09ae1]
 3.16-upstream-stable: needed
-3.2-upstream-stable: needed
+3.2-upstream-stable: pending (3.2.75) [pptp-verify-sockaddr_len-in-pptp_bind-and-pptp_connect.patch]
 2.6.32-upstream-stable: N/A "Vulnerable code not present"
 sid: needed
 3.16-jessie-security: needed

Modified: active/CVE-2015-8575
===================================================================
--- active/CVE-2015-8575	2015-12-24 05:44:43 UTC (rev 4058)
+++ active/CVE-2015-8575	2015-12-24 07:10:16 UTC (rev 4059)
@@ -4,7 +4,7 @@
 Bugs:
 upstream: released (4.4-rc6) [5233252fce714053f0151680933571a2da9cbfb4]
 3.16-upstream-stable: needed
-3.2-upstream-stable: needed
+3.2-upstream-stable: pending (3.2.75) [bluetooth-validate-socket-address-length-in-sco_sock_bind.patch]
 2.6.32-upstream-stable: needed
 sid: needed
 3.16-jessie-security: needed

More information about the kernel-sec-discuss mailing list