[kernel-sec-discuss] r4007 - active retired

Moritz Muehlenhoff jmm at moszumanska.debian.org
Tue Nov 17 07:48:09 UTC 2015 

Author: jmm
Date: 2015-11-17 07:48:08 +0000 (Tue, 17 Nov 2015)
New Revision: 4007

Added:
   retired/CVE-2015-5156
Removed:
   active/CVE-2015-5156
Modified:
   active/CVE-2015-7885
Log:
retire (fixed everywhere and pending for 2.6.32.x)


Deleted: active/CVE-2015-5156
===================================================================
--- active/CVE-2015-5156	2015-11-17 07:42:55 UTC (rev 4006)
+++ active/CVE-2015-5156	2015-11-17 07:48:08 UTC (rev 4007)
@@ -1,14 +0,0 @@
-Description: virtio memory corruption
-References:
- http://marc.info/?l=linux-netdev&m=143868216724068&w=2
-Notes:
-Bugs:
-upstream: released (4.2-rc7) [48900cb6af4282fa0fb6ff4d72a81aa3dadb5c39]
-3.16-upstream-stable: released (3.16.7-ckt18)
-3.2-upstream-stable: released (3.2.72) [virtio-net-drop-netif_f_fraglist.patch]
-2.6.32-upstream-stable: pending (2.6.32.69)
-sid: released (4.1.5-1) [bugfix/all/virtio-net-drop-netif_f_fraglist.patch]
-3.16-jessie-security: released (3.16.7-ckt11-1+deb8u4) [bugfix/all/virtio-net-drop-netif_f_fraglist.patch]
-3.2-wheezy-security: released (3.2.68-1+deb7u4) [bugfix/all/virtio-net-drop-netif_f_fraglist.patch]
-2.6.32-squeeze-security: released (2.6.32-48squeeze14) [bugfix/all/virtio-net-drop-netif_f_fraglist.patch]
-

Modified: active/CVE-2015-7885
===================================================================
--- active/CVE-2015-7885	2015-11-17 07:42:55 UTC (rev 4006)
+++ active/CVE-2015-7885	2015-11-17 07:48:08 UTC (rev 4007)
@@ -1,14 +1,12 @@
 Description: staging/dgnc: fix info leak in ioctl
 References:
- Fixed:  https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git/commit/?id=4b6184336ebb5c8dc1eae7f7ab46ee608a748b05
- not yet in linux tree
 Notes:
 Bugs:
 upstream: released (4.4-rc1) [4b6184336ebb5c8dc1eae7f7ab46ee608a748b05]
 3.16-upstream-stable: needed
 3.2-upstream-stable: N/A "Vulnerable code not present"
 2.6.32-upstream-stable: N/A "Vulnerable code not present"
-sid:  ignored "driver is not enabled in Debian configuration"
-3.16-jessie-security:  ignored "driver is not enabled in Debian configuration"
+sid: ignored "driver is not enabled in Debian configuration"
+3.16-jessie-security: ignored "driver is not enabled in Debian configuration"
 3.2-wheezy-security: N/A "Vulnerable code not present"
 2.6.32-squeeze-security: N/A "Vulnerable code not present"

Copied: retired/CVE-2015-5156 (from rev 4004, active/CVE-2015-5156)
===================================================================
--- retired/CVE-2015-5156	                        (rev 0)
+++ retired/CVE-2015-5156	2015-11-17 07:48:08 UTC (rev 4007)
@@ -0,0 +1,14 @@
+Description: virtio memory corruption
+References:
+ http://marc.info/?l=linux-netdev&m=143868216724068&w=2
+Notes:
+Bugs:
+upstream: released (4.2-rc7) [48900cb6af4282fa0fb6ff4d72a81aa3dadb5c39]
+3.16-upstream-stable: released (3.16.7-ckt18)
+3.2-upstream-stable: released (3.2.72) [virtio-net-drop-netif_f_fraglist.patch]
+2.6.32-upstream-stable: pending (2.6.32.69)
+sid: released (4.1.5-1) [bugfix/all/virtio-net-drop-netif_f_fraglist.patch]
+3.16-jessie-security: released (3.16.7-ckt11-1+deb8u4) [bugfix/all/virtio-net-drop-netif_f_fraglist.patch]
+3.2-wheezy-security: released (3.2.68-1+deb7u4) [bugfix/all/virtio-net-drop-netif_f_fraglist.patch]
+2.6.32-squeeze-security: released (2.6.32-48squeeze14) [bugfix/all/virtio-net-drop-netif_f_fraglist.patch]
+

More information about the kernel-sec-discuss mailing list