[kernel-sec-discuss] r4065 - active
Ben Hutchings
benh at moszumanska.debian.org
Sun Dec 27 14:33:34 UTC 2015
Author: benh
Date: 2015-12-27 14:33:34 +0000 (Sun, 27 Dec 2015)
New Revision: 4065
Modified:
active/CVE-2015-8550
active/CVE-2015-8551
active/CVE-2015-8552
active/CVE-2015-8569
active/CVE-2015-8575
active/CVE-2015-userns-ptrace-priv-esc
Log:
Mark issues pending for jessie
Modified: active/CVE-2015-8550
===================================================================
--- active/CVE-2015-8550 2015-12-27 06:44:42 UTC (rev 4064)
+++ active/CVE-2015-8550 2015-12-27 14:33:34 UTC (rev 4065)
@@ -7,6 +7,6 @@
3.2-upstream-stable: needed
2.6.32-upstream-stable: N/A "Vulnerable code not present"
sid: pending (4.3.3-3) [bugfix/all/xen-add-ring_copy_request.patch, bugfix/all/xen-netback-don-t-use-last-request-to-determine-mini.patch, bugfix/all/xen-netback-use-ring_copy_request-throughout.patch, bugfix/all/xen-blkback-only-read-request-operation-from-shared-.patch, bugfix/all/xen-blkback-read-from-indirect-descriptors-only-once.patch, bugfix/all/xen-scsiback-safely-copy-requests.patch, bugfix/all/xen-pciback-save-xen_pci_op-commands-before-processi.patch]
-3.16-jessie-security: needed
+3.16-jessie-security: pending (3.16.7-ckt20-1+deb8u2) [bugfix/all/xen-add-ring_copy_request.patch, bugfix/all/xen-netback-don-t-use-last-request-to-determine-mini.patch, bugfix/all/xen-netback-use-ring_copy_request-throughout.patch, bugfix/all/xen-blkback-only-read-request-operation-from-shared-.patch, bugfix/all/xen-blkback-read-from-indirect-descriptors-only-once.patch, bugfix/all/xen-pciback-save-xen_pci_op-commands-before-processi.patch]
3.2-wheezy-security: needed
2.6.32-squeeze-security: ignored "Xen not supported in Squeeze LTS"
Modified: active/CVE-2015-8551
===================================================================
--- active/CVE-2015-8551 2015-12-27 06:44:42 UTC (rev 4064)
+++ active/CVE-2015-8551 2015-12-27 14:33:34 UTC (rev 4065)
@@ -7,6 +7,6 @@
3.2-upstream-stable: needed
2.6.32-upstream-stable: N/A "Vulnerable code not present"
sid: pending (4.3.3-3) [bugfix/all/xen-pciback-return-error-on-xen_pci_op_enable_msi-wh.patch, bugfix/all/xen-pciback-return-error-on-xen_pci_op_enable_msix-w.patch, bugfix/all/xen-pciback-do-not-install-an-irq-handler-for-msi-in.patch, bugfix/all/xen-pciback-for-xen_pci_op_disable_msi-x-only-disabl.patch, bugfix/all/xen-pciback-don-t-allow-msi-x-ops-if-pci_command_mem.patch]
-3.16-jessie-security: needed
+3.16-jessie-security: pending (3.16.7-ckt20-1+deb8u2) [bugfix/all/xen-pciback-return-error-on-xen_pci_op_enable_msi-wh.patch, bugfix/all/xen-pciback-return-error-on-xen_pci_op_enable_msix-w.patch, bugfix/all/xen-pciback-do-not-install-an-irq-handler-for-msi-in.patch, bugfix/all/xen-pciback-for-xen_pci_op_disable_msi-x-only-disabl.patch, bugfix/all/xen-pciback-don-t-allow-msi-x-ops-if-pci_command_mem.patch]
3.2-wheezy-security: needed
2.6.32-squeeze-security: ignored "Xen not supported in Squeeze LTS"
Modified: active/CVE-2015-8552
===================================================================
--- active/CVE-2015-8552 2015-12-27 06:44:42 UTC (rev 4064)
+++ active/CVE-2015-8552 2015-12-27 14:33:34 UTC (rev 4065)
@@ -7,6 +7,6 @@
3.2-upstream-stable: needed
2.6.32-upstream-stable: N/A "Vulnerable code not present"
sid: pending (4.3.3-3) [bugfix/all/xen-pciback-return-error-on-xen_pci_op_enable_msi-wh.patch, bugfix/all/xen-pciback-return-error-on-xen_pci_op_enable_msix-w.patch, bugfix/all/xen-pciback-do-not-install-an-irq-handler-for-msi-in.patch, bugfix/all/xen-pciback-for-xen_pci_op_disable_msi-x-only-disabl.patch, bugfix/all/xen-pciback-don-t-allow-msi-x-ops-if-pci_command_mem.patch]
-3.16-jessie-security: needed
+3.16-jessie-security: pending (3.16.7-ckt20-1+deb8u2) [bugfix/all/xen-pciback-return-error-on-xen_pci_op_enable_msi-wh.patch, bugfix/all/xen-pciback-return-error-on-xen_pci_op_enable_msix-w.patch, bugfix/all/xen-pciback-do-not-install-an-irq-handler-for-msi-in.patch, bugfix/all/xen-pciback-for-xen_pci_op_disable_msi-x-only-disabl.patch, bugfix/all/xen-pciback-don-t-allow-msi-x-ops-if-pci_command_mem.patch]
3.2-wheezy-security: needed
2.6.32-squeeze-security: ignored "Xen not supported in Squeeze LTS"
Modified: active/CVE-2015-8569
===================================================================
--- active/CVE-2015-8569 2015-12-27 06:44:42 UTC (rev 4064)
+++ active/CVE-2015-8569 2015-12-27 14:33:34 UTC (rev 4065)
@@ -9,6 +9,6 @@
3.2-upstream-stable: pending (3.2.75) [pptp-verify-sockaddr_len-in-pptp_bind-and-pptp_connect.patch]
2.6.32-upstream-stable: N/A "Vulnerable code not present"
sid: pending (4.3.3-3) [bugfix/all/pptp-verify-sockaddr_len-in-pptp_bind-and-pptp_conne.patch]
-3.16-jessie-security: needed
+3.16-jessie-security: pending (3.16.7-ckt20-1+deb8u2) [bugfix/all/pptp-verify-sockaddr_len-in-pptp_bind-and-pptp_conne.patch]
3.2-wheezy-security: needed
2.6.32-squeeze-security: N/A "Vulnerable code not present"
Modified: active/CVE-2015-8575
===================================================================
--- active/CVE-2015-8575 2015-12-27 06:44:42 UTC (rev 4064)
+++ active/CVE-2015-8575 2015-12-27 14:33:34 UTC (rev 4065)
@@ -7,6 +7,6 @@
3.2-upstream-stable: pending (3.2.75) [bluetooth-validate-socket-address-length-in-sco_sock_bind.patch]
2.6.32-upstream-stable: needed
sid: pending (4.3.3-3) [bugfix/all/bluetooth-validate-socket-address-length-in-sco_sock.patch]
-3.16-jessie-security: needed
+3.16-jessie-security: pending (3.16.7-ckt20-1+deb8u2) [bugfix/all/bluetooth-validate-socket-address-length-in-sco_sock.patch]
3.2-wheezy-security: needed
2.6.32-squeeze-security: needed
Modified: active/CVE-2015-userns-ptrace-priv-esc
===================================================================
--- active/CVE-2015-userns-ptrace-priv-esc 2015-12-27 06:44:42 UTC (rev 4064)
+++ active/CVE-2015-userns-ptrace-priv-esc 2015-12-27 14:33:34 UTC (rev 4065)
@@ -10,6 +10,6 @@
3.2-upstream-stable: N/A "Vulnerable code not present"
2.6.32-upstream-stable: N/A "Vulnerable code not present"
sid: pending (4.3.3-3) [bugfix/all/ptrace-being-capable-wrt-a-process-requires-mapped-uids-gids.patch]
-3.16-jessie-security: needed
+3.16-jessie-security: pending (3.16.7-ckt20-1+deb8u2) [bugfix/all/ptrace-being-capable-wrt-a-process-requires-mapped-uids-gids.patch]
3.2-wheezy-security: N/A "Vulnerable code not present"
2.6.32-squeeze-security: N/A "Vulnerable code not present"
More information about the kernel-sec-discuss
mailing list