[kernel-sec-discuss] r3799 - active

Moritz Muehlenhoff jmm at moszumanska.debian.org
Mon May 25 20:38:17 UTC 2015 

Author: jmm
Date: 2015-05-25 20:38:17 +0000 (Mon, 25 May 2015)
New Revision: 3799

Modified:
   active/CVE-2014-8159
   active/CVE-2014-9717
   active/CVE-2015-2041
   active/CVE-2015-2042
   active/CVE-2015-2922
   active/CVE-2015-3339
Log:
more fixes from 2.6.32.66


Modified: active/CVE-2014-8159
===================================================================
--- active/CVE-2014-8159	2015-05-25 20:36:31 UTC (rev 3798)
+++ active/CVE-2014-8159	2015-05-25 20:38:17 UTC (rev 3799)
@@ -4,7 +4,7 @@
 Notes:
 Bugs:
 upstream: released (4.0) [8494057ab5e40df590ef6ef7d66324d3ae33356b]
-2.6.32-upstream-stable: pending (2.6.32.66)
+2.6.32-upstream-stable: released (2.6.32.66)
 sid: released (3.16.7-ckt9-1) [bugfix/all/ib-core-prevent-integer-overflow-in-ib_umem_get.patch]
 3.16-jessie-security: N/A "Fixed before initial release"
 3.2-wheezy-security: released (3.2.68-1+deb7u1) [bugfix/all/ib-core-prevent-integer-overflow-in-ib_umem_get.patch]

Modified: active/CVE-2014-9717
===================================================================
--- active/CVE-2014-9717	2015-05-25 20:36:31 UTC (rev 3798)
+++ active/CVE-2014-9717	2015-05-25 20:38:17 UTC (rev 3799)
@@ -26,6 +26,7 @@
  jmm> http://www.spinics.net/lists/linux-containers/msg30797.html (18/19)
  jmm> http://www.spinics.net/lists/linux-containers/msg30802.html (19/19)
  bwh> I think the last four are needed for CVE-2015-2925, not CVE-2014-9717
+ jmm> These fixes rely on the fs_pin work by Al Viro
 Bugs:
 upstream: released (4.1-rc1) [a3b3c5627c8301ac850962b04f645dfab81e6a60^..e0c9c0afd2fc958ffa34b697972721d81df8a56f]
 2.6.32-upstream-stable: N/A "user namespaces known broken before 3.5"
@@ -33,5 +34,16 @@
 3.16-jessie-security: needed
 3.2-wheezy-security: N/A "user namespaces known broken before 3.5"
 2.6.32-squeeze-security: N/A "user namespaces known broken before 3.5"
-3.16-upstream-stable: needed
+3.16-upstream-stable: ignored "too intrusive to backport"
 3.2-upstream-stable: N/A "user namespaces known broken before 3.5"
+
+
+
+
+
+
+
+
+
+
+

Modified: active/CVE-2015-2041
===================================================================
--- active/CVE-2015-2041	2015-05-25 20:36:31 UTC (rev 3798)
+++ active/CVE-2015-2041	2015-05-25 20:38:17 UTC (rev 3799)
@@ -5,7 +5,7 @@
  bwh> is minimal: leaks 4 bytes of static data on 64-bit architectures.
 Bugs:
 upstream: released (v3.19-rc7) [6b8d9117ccb4f81b1244aafa7bc70ef8fa45fc49]
-2.6.32-upstream-stable: pending (2.6.32.66)
+2.6.32-upstream-stable: released (2.6.32.66)
 sid: released (3.16.7-ckt9-1)
 3.16-jessie-security: N/A "Fixed before initial release"
 3.2-wheezy-security: released (3.2.68-1+deb7u1) [bugfix/all/net-llc-use-correct-size-for-sysctl-timeout-entries.patch]

Modified: active/CVE-2015-2042
===================================================================
--- active/CVE-2015-2042	2015-05-25 20:36:31 UTC (rev 3798)
+++ active/CVE-2015-2042	2015-05-25 20:38:17 UTC (rev 3799)
@@ -5,7 +5,7 @@
  bwh> is minimal: leaks 4 bytes of static data on 64-bit architectures.
 Bugs:
 upstream: released (v3.19) [db27ebb111e9f69efece08e4cb6a34ff980f8896]
-2.6.32-upstream-stable: pending (2.6.32.66)
+2.6.32-upstream-stable: released (2.6.32.66)
 sid: released (3.16.7-ckt9-1)
 3.16-jessie-security: N/A "Fixed before initial release"
 3.2-wheezy-security: released (3.2.68-1+deb7u1) [bugfix/all/net-rds-use-correct-size-for-max-unacked-packets-and.patch]

Modified: active/CVE-2015-2922
===================================================================
--- active/CVE-2015-2922	2015-05-25 20:36:31 UTC (rev 3798)
+++ active/CVE-2015-2922	2015-05-25 20:38:17 UTC (rev 3799)
@@ -3,7 +3,7 @@
 Notes:
 Bugs:
 upstream: released (4.0) [6fd99094de2b83d1d4c8457f2c83483b2828e75a]
-2.6.32-upstream-stable: pending (2.6.32.66)
+2.6.32-upstream-stable: released (2.6.32.66)
 sid: released (3.16.7-ckt9-1) [bugfix/all/ipv6-don-t-reduce-hop-limit-for-an-interface.patch]
 3.16-jessie-security: N/A "Fixed before initial release"
 3.2-wheezy-security: released (3.2.68-1+deb7u1) [bugfix/all/ipv6-don-t-reduce-hop-limit-for-an-interface.patch]

Modified: active/CVE-2015-3339
===================================================================
--- active/CVE-2015-3339	2015-05-25 20:36:31 UTC (rev 3798)
+++ active/CVE-2015-3339	2015-05-25 20:38:17 UTC (rev 3799)
@@ -3,7 +3,7 @@
 Notes:
 Bugs:
 upstream: released (4.1-rc1) [8b01fc86b9f425899f8a3a8fc1c47d73c2c20543]
-2.6.32-upstream-stable: pending (2.6.32.66)
+2.6.32-upstream-stable: released (2.6.32.66)
 sid: released (3.16.7-ckt9-3) [bugfix/all/fs-take-i_mutex-during-prepare_binprm-for-set-ug-id-.patch]
 3.16-jessie-security: released (3.16.7-ckt9-3~deb8u1) [bugfix/all/fs-take-i_mutex-during-prepare_binprm-for-set-ug-id-.patch]
 3.2-wheezy-security: released (3.2.68-1+deb7u1) [bugfix/all/fs-take-i_mutex-during-prepare_binprm-for-set-ug-id-.patch]

More information about the kernel-sec-discuss mailing list