[kernel-sec-discuss] r3857 - active

Ben Hutchings benh at moszumanska.debian.org
Sat Jul 11 02:46:47 UTC 2015 

Author: benh
Date: 2015-07-11 02:46:46 +0000 (Sat, 11 Jul 2015)
New Revision: 3857

Modified:
   active/CVE-2015-3212
   active/CVE-2015-4692
   active/CVE-2015-4700
Log:
Update status of recent issues

Modified: active/CVE-2015-3212
===================================================================
--- active/CVE-2015-3212	2015-07-06 20:58:51 UTC (rev 3856)
+++ active/CVE-2015-3212	2015-07-11 02:46:46 UTC (rev 3857)
@@ -4,11 +4,11 @@
 Notes:
  Introduced in v3.1-rc1 by 9f7d653b67aed2d92540fbb0a8adaf
 Bugs:
-upstream:
-3.16-upstream-stable:
-3.2-upstream-stable:
+upstream: released (4.2-rc1) [2d45a02d0166caf2627fe91897c6ffc3b19514c4]
+3.16-upstream-stable: needed
+3.2-upstream-stable: needed
 2.6.32-upstream-stable: N/A "Introduced with 9f7d653b67aed2d92540fbb0a8adaf"
-sid:
-3.16-jessie-security:
-3.2-wheezy-security:
+sid: pending (4.0.8-1)
+3.16-jessie-security: needed
+3.2-wheezy-security: needed
 2.6.32-squeeze-security: N/A "Introduced with 9f7d653b67aed2d92540fbb0a8adaf"

Modified: active/CVE-2015-4692
===================================================================
--- active/CVE-2015-4692	2015-07-06 20:58:51 UTC (rev 3856)
+++ active/CVE-2015-4692	2015-07-11 02:46:46 UTC (rev 3857)
@@ -4,11 +4,11 @@
  Introduced by 66450a21f99636af4fafac2afd33f1a40631bc3a (v3.10-rc1)
  https://lkml.org/lkml/2015/6/4/163
 Bugs:
-upstream:
-3.16-upstream-stable:
+upstream: released (4.2-rc1) [ce40cd3fc7fa40a6119e5fe6c0f2bc0eb4541009]
+3.16-upstream-stable: needed
 3.2-upstream-stable: N/A "Introduced with 66450a21f99636af4fafac2afd33f1a40631bc3a"
 2.6.32-upstream-stable: N/A "Introduced with 66450a21f99636af4fafac2afd33f1a40631bc3a"
-sid:
-3.16-jessie-security:
+sid: needed
+3.16-jessie-security: needed
 3.2-wheezy-security: N/A "Introduced with 66450a21f99636af4fafac2afd33f1a40631bc3a"
 2.6.32-squeeze-security: N/A "Introduced with 66450a21f99636af4fafac2afd33f1a40631bc3a"

Modified: active/CVE-2015-4700
===================================================================
--- active/CVE-2015-4700	2015-07-06 20:58:51 UTC (rev 3856)
+++ active/CVE-2015-4700	2015-07-11 02:46:46 UTC (rev 3857)
@@ -1,12 +1,14 @@
 Description: Crafted BPF filters may crash kernel during JIT optimisation
 References:
-Notes: Introduced in 0a14842f5a3c0e88a1e59fac5c3025db39721f74
+Notes: Introduced in 0a14842f5a3c0e88a1e59fac5c3025db39721f74.
+ This is mitigated by the fact that BPF JIT has always been disabled by
+ default.
 Bugs:
 upstream: released (v4.1-rc6) [3f7352bf21f8fd7ba3e2fcef9488756f188e12be]
-3.16-upstream-stable:
-3.2-upstream-stable:
+3.16-upstream-stable: needed
+3.2-upstream-stable: needed
 2.6.32-upstream-stable: N/A "Introduced in 3.0 with 0a14842f5a3c0e88a1e59fac5c3025db39721f74"
-sid:
-3.16-jessie-security:
-3.2-wheezy-security:
+sid: needed
+3.16-jessie-security: needed
+3.2-wheezy-security: needed
 2.6.32-squeeze-security: N/A "Introduced in 3.0 with 0a14842f5a3c0e88a1e59fac5c3025db39721f74"

More information about the kernel-sec-discuss mailing list