[kernel-sec-discuss] r4302 - active
Ben Hutchings
benh at moszumanska.debian.org
Wed Apr 6 16:13:07 UTC 2016
Author: benh
Date: 2016-04-06 16:13:07 +0000 (Wed, 06 Apr 2016)
New Revision: 4302
Modified:
active/CVE-2016-3672
Log:
Add more details to CVE-2016-3672 including upstream fix
Modified: active/CVE-2016-3672
===================================================================
--- active/CVE-2016-3672 2016-04-06 14:48:44 UTC (rev 4301)
+++ active/CVE-2016-3672 2016-04-06 16:13:07 UTC (rev 4302)
@@ -1,11 +1,14 @@
-Description: Unlimiting the stack not longer disables ASLR
+Description: Unlimiting the stack disables ASLR on i386
References:
http://hmarco.org/bugs/CVE-2016-3672-Unlimiting-the-stack-not-longer-disables-ASLR.html
Notes:
+ bwh> This problem has been known for a long time; I don't know why it got
+ bwh> a 2016 CVE ID. There is some risk of regression so we should
+ bwh> probably wait a while before backporting.
Bugs:
-upstream:
-3.16-upstream-stable:
-3.2-upstream-stable:
-sid:
-3.16-jessie-security:
-3.2-wheezy-security:
+upstream: released (4.6-rc1) [8b8addf891de8a00e4d39fc32f93f7c5eb8feceb]
+3.16-upstream-stable: needed
+3.2-upstream-stable: needed
+sid: needed
+3.16-jessie-security: needed
+3.2-wheezy-security: needed
More information about the kernel-sec-discuss
mailing list