[kernel-sec-discuss] r3659 - active

Ben Hutchings benh at moszumanska.debian.org
Thu Jan 29 01:02:19 UTC 2015 

Author: benh
Date: 2015-01-29 01:02:19 +0000 (Thu, 29 Jan 2015)
New Revision: 3659

Modified:
   active/CVE-2013-6885
   active/CVE-2014-8133
   active/CVE-2014-8134
   active/CVE-2014-8160
   active/CVE-2014-9419
   active/CVE-2014-9420
   active/CVE-2014-9584
   active/CVE-2014-9585
Log:
Mark issues pending/needed for 2.6.32

Modified: active/CVE-2013-6885
===================================================================
--- active/CVE-2013-6885	2015-01-29 01:00:24 UTC (rev 3658)
+++ active/CVE-2013-6885	2015-01-29 01:02:19 UTC (rev 3659)
@@ -6,6 +6,6 @@
 2.6.32-upstream-stable: needed
 sid: released (3.14.2-1)
 3.2-wheezy-security: released (3.2.65-1+deb7u1) [bugfix/x86/x86-cpu-amd-add-workaround-for-family-16h-erratum-79.patch]
-2.6.32-squeeze-security: needed
+2.6.32-squeeze-security: pending (2.6.32-48squeeze11) [bugfix/x86/x86-cpu-amd-add-workaround-for-family-16h-erratum-79.patch]
 3.16-upstream-stable: N/A "fixed before 3.16"
 3.2-upstream-stable: needed

Modified: active/CVE-2014-8133
===================================================================
--- active/CVE-2014-8133	2015-01-29 01:00:24 UTC (rev 3658)
+++ active/CVE-2014-8133	2015-01-29 01:02:19 UTC (rev 3659)
@@ -6,6 +6,6 @@
 2.6.32-upstream-stable: needed
 sid: released (3.16.7-ckt4-1)
 3.2-wheezy-security: released (3.2.65-1+deb7u1) [bugfix/x86/x86-tls-validate-tls-entries-to-protect-espfix.patch]
-2.6.32-squeeze-security: needed
+2.6.32-squeeze-security: pending (2.6.32-48squeeze11) [bugfix/x86/x86-tls-validate-tls-entries-to-protect-espfix.patch]
 3.16-upstream-stable: released (3.16.7-ckt4)
 3.2-upstream-stable: released (3.2.66) [x86-tls-validate-tls-entries-to-protect-espfix.patch]

Modified: active/CVE-2014-8134
===================================================================
--- active/CVE-2014-8134	2015-01-29 01:00:24 UTC (rev 3658)
+++ active/CVE-2014-8134	2015-01-29 01:02:19 UTC (rev 3659)
@@ -9,6 +9,6 @@
 2.6.32-upstream-stable: needed
 sid: released (3.16.7-ckt4-1)
 3.2-wheezy-security: released (3.2.65-1) [bugfix/x86/x86-kvm-clear-paravirt_enabled-on-kvm-guests-for-espfix32-s-benefit.patch]
-2.6.32-squeeze-security: needed
+2.6.32-squeeze-security: pending (2.6.32-48squeeze11) [bugfix/x86/x86-kvm-clear-paravirt_enabled-on-kvm-guests-for-espfix32-s-benefit.patch]
 3.16-upstream-stable: released (3.16.7-ckt4)
 3.2-upstream-stable: released (3.2.66) [x86-kvm-clear-paravirt_enabled-on-kvm-guests-for-espfix32-s-benefit.patch]

Modified: active/CVE-2014-8160
===================================================================
--- active/CVE-2014-8160	2015-01-29 01:00:24 UTC (rev 3658)
+++ active/CVE-2014-8160	2015-01-29 01:02:19 UTC (rev 3659)
@@ -4,9 +4,9 @@
 Notes:
 Bugs:
 upstream: released (3.18) [db29a9508a9246e77087c5531e45b2c88ec6988b]
-2.6.32-upstream-stable: 
+2.6.32-upstream-stable: needed
 sid: released (3.16.7-ckt4-1) [bugfix/all/netfilter-conntrack-disable-generic-tracking-for-kno.patch]
 3.2-wheezy-security:
-2.6.32-squeeze-security:
+2.6.32-squeeze-security: pending (2.6.32-48squeeze11) [bugfix/all/netfilter-conntrack-disable-generic-tracking-for-kno.patch]
 3.16-upstream-stable:
 3.2-upstream-stable:

Modified: active/CVE-2014-9419
===================================================================
--- active/CVE-2014-9419	2015-01-29 01:00:24 UTC (rev 3658)
+++ active/CVE-2014-9419	2015-01-29 01:02:19 UTC (rev 3659)
@@ -1,11 +1,15 @@
 Description: x86_64: userspace address leak
 References:
 Notes:
+ bwh> This depends on fixes to FPU context management that have not been
+ bwh> applied to 2.6.32.y.  We probably can't fix it there, except by
+ bwh> picking only commit b3b0870ef3ff ("i387: do not preload FPU state at
+ bwh> task switch time") which will hurt FP performance.
 Bugs:
 upstream: released (v3.19-rc1) [f647d7c155f069c1a068030255c300663516420e]
-2.6.32-upstream-stable:
+2.6.32-upstream-stable: needed
 sid: released (3.16.7-ckt4-1)
 3.2-wheezy-security: released (3.2.65-1+deb7u1) [bugfix/x86/x86_64-switch_to-load-tls-descriptors-before-switchi.patch]
-2.6.32-squeeze-security:
+2.6.32-squeeze-security: needed
 3.16-upstream-stable: released (3.16.7-ckt4)
 3.2-upstream-stable:

Modified: active/CVE-2014-9420
===================================================================
--- active/CVE-2014-9420	2015-01-29 01:00:24 UTC (rev 3658)
+++ active/CVE-2014-9420	2015-01-29 01:02:19 UTC (rev 3659)
@@ -3,9 +3,9 @@
 Notes:
 Bugs:
 upstream: released (v3.19-rc1) [f54e18f1b831c92f6512d2eedb224cd63d607d3d]
-2.6.32-upstream-stable:
+2.6.32-upstream-stable: needed
 sid: released (3.16.7-ckt4-1)
 3.2-wheezy-security: released (3.2.65-1) [bugfix/all/isofs-fix-infinite-looping-over-ce-entries.patch]
-2.6.32-squeeze-security:
+2.6.32-squeeze-security: pending (2.6.32-48squeeze11) [bugfix/all/isofs-fix-infinite-looping-over-ce-entries.patch]
 3.16-upstream-stable: released (3.16.7-ckt4)
 3.2-upstream-stable:

Modified: active/CVE-2014-9584
===================================================================
--- active/CVE-2014-9584	2015-01-29 01:00:24 UTC (rev 3658)
+++ active/CVE-2014-9584	2015-01-29 01:02:19 UTC (rev 3659)
@@ -6,6 +6,6 @@
 2.6.32-upstream-stable: needed
 sid: released (3.16.7-ckt4-1)
 3.2-wheezy-security: released (3.2.65-1+deb7u1) [bugfix/all/isofs-fix-unchecked-printing-of-er-records.patch]
-2.6.32-squeeze-security: needed
+2.6.32-squeeze-security: pending (2.6.32-48squeeze11) [bugfix/all/isofs-fix-unchecked-printing-of-er-records.patch]
 3.16-upstream-stable: released (3.16.7-ckt4)
 3.2-upstream-stable: needed

Modified: active/CVE-2014-9585
===================================================================
--- active/CVE-2014-9585	2015-01-29 01:00:24 UTC (rev 3658)
+++ active/CVE-2014-9585	2015-01-29 01:02:19 UTC (rev 3659)
@@ -4,9 +4,9 @@
 Notes:
 Bugs:
 upstream: released (3.19-rc4) [394f56fe480140877304d342dec46d50dc823d46]
-2.6.32-upstream-stable:
+2.6.32-upstream-stable: needed
 sid: released (3.16.7-ckt4-1) [bugfix/x86/x86_64-vdso-fix-the-vdso-address-randomization-algor.patch]
 3.2-wheezy-security:
-2.6.32-squeeze-security:
+2.6.32-squeeze-security: pending (2.6.32-48squeeze11) [bugfix/x86/x86_64-vdso-fix-the-vdso-address-randomization-algor.patch]
 3.16-upstream-stable: pending (3.16.7-ckt5)
 3.2-upstream-stable:

More information about the kernel-sec-discuss mailing list