[kernel-sec-discuss] r3935 - active

[Ben Hutchings]

Author: benh
Date: 2015-09-25 17:17:46 +0000 (Fri, 25 Sep 2015)
New Revision: 3935

Modified:
   active/CVE-2015-5257
   active/CVE-2015-5283
Log:
Update status of CVE-2015-5257 and CVE-2015-5283

Modified: active/CVE-2015-5257
===================================================================
--- active/CVE-2015-5257	2015-09-23 06:34:04 UTC (rev 3934)
+++ active/CVE-2015-5257	2015-09-25 17:17:46 UTC (rev 3935)
@@ -1,13 +1,14 @@
-Description: NULL pointer dereference
+Description: NULL pointer dereference in whiteheat probe
 References:
  http://www.openwall.com/lists/oss-security/2015/09/23/1
+ https://git.kernel.org/cgit/linux/kernel/git/gregkh/usb.git/commit?id=cbb4be652d374f64661137756b8f357a1827d6a4
 Notes:
 Bugs:
-upstream:
-3.16-upstream-stable:
-3.2-upstream-stable:
-2.6.32-upstream-stable:
-sid:
-3.16-jessie-security:
-3.2-wheezy-security:
-2.6.32-squeeze-security:
+upstream: needed
+3.16-upstream-stable: needed
+3.2-upstream-stable: needed
+2.6.32-upstream-stable: needed
+sid: pending (4.2.1-1) [bugfix/all/usb-whiteheat-fix-potential-null-deref-at-probe.patch]
+3.16-jessie-security: needed
+3.2-wheezy-security: needed
+2.6.32-squeeze-security: needed

Modified: active/CVE-2015-5283
===================================================================
--- active/CVE-2015-5283	2015-09-23 06:34:04 UTC (rev 3934)
+++ active/CVE-2015-5283	2015-09-25 17:17:46 UTC (rev 3935)
@@ -3,11 +3,11 @@
  http://patchwork.ozlabs.org/patch/515996/
 Notes:
 Bugs:
-upstream:
-3.16-upstream-stable:
-3.2-upstream-stable:
-2.6.32-upstream-stable:
-sid:
-3.16-jessie-security:
-3.2-wheezy-security:
-2.6.32-squeeze-security:
+upstream: needed
+3.16-upstream-stable: needed
+3.2-upstream-stable: N/A ("Vulnerable code not present")
+2.6.32-upstream-stable: N/A ("Vulnerable code not present")
+sid: needed
+3.16-jessie-security: needed
+3.2-wheezy-security: N/A ("Vulnerable code not present")
+2.6.32-squeeze-security: N/A ("Vulnerable code not present")