[kernel-sec-discuss] r3683 - active
Ben Hutchings
benh at moszumanska.debian.org
Tue Feb 17 22:53:31 UTC 2015
Author: benh
Date: 2015-02-17 22:53:31 +0000 (Tue, 17 Feb 2015)
New Revision: 3683
Modified:
active/CVE-2014-9419
Log:
Mark CVE-2014-9419 as ignored for 2.6.32
Modified: active/CVE-2014-9419
===================================================================
--- active/CVE-2014-9419 2015-02-17 05:27:22 UTC (rev 3682)
+++ active/CVE-2014-9419 2015-02-17 22:53:31 UTC (rev 3683)
@@ -1,14 +1,17 @@
Description: x86_64: userspace address leak
References:
Notes:
- bwh> This depends on fixes to FPU/SSE state management from Linux 3.3
- bwh> and earlier that have not been applied to 2.6.32.y. It seemed like
- bwh> a good idea to apply those fixes anyway, so I'm trying that.
+ bwh> This depends on fixes to FPU state management that have not been
+ bwh> applied to 2.6.32.y. In order to fix it, we would need to either
+ bwh> pick only commit b3b0870ef3ff ("i387: do not preload FPU state at
+ bwh> task switch time") which will hurt FP performance, or backport a
+ bwh> large number of changes. I did prepare a backport but don't feel
+ bwh> confident enough to use it.
Bugs:
upstream: released (v3.19-rc1) [f647d7c155f069c1a068030255c300663516420e]
-2.6.32-upstream-stable: needed
+2.6.32-upstream-stable: ignored ("complete fix is too invasive to backport")
sid: released (3.16.7-ckt4-1)
3.2-wheezy-security: released (3.2.65-1+deb7u1) [bugfix/x86/x86_64-switch_to-load-tls-descriptors-before-switchi.patch]
-2.6.32-squeeze-security: pending (2.6.32-48squeeze11) [bugfix/x86/x86_64-switch_to-load-tls-descriptors-before-switchi.patch]
+2.6.32-squeeze-security: ignored ("complete fix is too invasive to backport")
3.16-upstream-stable: released (3.16.7-ckt4)
3.2-upstream-stable: pending (3.2.67) [x86_64-switch_to-load-tls-descriptors-before-switching-ds-and-es.patch]
More information about the kernel-sec-discuss
mailing list