[kernel-sec-discuss] r4820 - active
Ben Hutchings
benh at moszumanska.debian.org
Wed Dec 28 23:22:54 UTC 2016
Author: benh
Date: 2016-12-28 23:22:54 +0000 (Wed, 28 Dec 2016)
New Revision: 4820
Modified:
active/CVE-2015-8962
active/CVE-2015-8963
active/CVE-2015-8964
active/CVE-2016-7912
active/CVE-2016-7915
active/CVE-2016-7917
active/CVE-2016-8399
active/CVE-2016-8645
Log:
Mark CVE-2016-8645 as afecting 3.2
Modified: active/CVE-2015-8962
===================================================================
--- active/CVE-2015-8962 2016-12-28 22:40:48 UTC (rev 4819)
+++ active/CVE-2015-8962 2016-12-28 23:22:54 UTC (rev 4820)
@@ -6,5 +6,5 @@
3.16-upstream-stable: needed
3.2-upstream-stable: needed
sid: released (4.4.2-1)
-3.16-jessie-security: needed
+3.16-jessie-security: pending (3.16.39-1) [bugfix/all/sg-fix-double-free-when-drives-detach-during-sg_io.patch]
3.2-wheezy-security: pending (3.2.84-1) [bugfix/all/sg-fix-double-free-when-drives-detach-during-sg_io.patch]
Modified: active/CVE-2015-8963
===================================================================
--- active/CVE-2015-8963 2016-12-28 22:40:48 UTC (rev 4819)
+++ active/CVE-2015-8963 2016-12-28 23:22:54 UTC (rev 4820)
@@ -6,5 +6,5 @@
3.16-upstream-stable: needed
3.2-upstream-stable: needed
sid: released (4.4.2-1)
-3.16-jessie-security: needed
+3.16-jessie-security: pending (3.16.39-1) [bugfix/all/perf-fix-race-in-swevent-hash.patch]
3.2-wheezy-security: pending (3.2.84-1) [bugfix/all/perf-fix-race-in-swevent-hash.patch]
Modified: active/CVE-2015-8964
===================================================================
--- active/CVE-2015-8964 2016-12-28 22:40:48 UTC (rev 4819)
+++ active/CVE-2015-8964 2016-12-28 23:22:54 UTC (rev 4820)
@@ -14,5 +14,5 @@
3.16-upstream-stable: needed
3.2-upstream-stable: needed
sid: released (4.5.1-1)
-3.16-jessie-security: needed
+3.16-jessie-security: pending (3.16.39-1) [bugfix/all/tty-prevent-ldisc-drivers-from-re-using-stale-tty-fi.patch]
3.2-wheezy-security: pending (3.2.84-1) [bugfix/all/tty-prevent-ldisc-drivers-from-re-using-stale-tty-fi.patch]
Modified: active/CVE-2016-7912
===================================================================
--- active/CVE-2016-7912 2016-12-28 22:40:48 UTC (rev 4819)
+++ active/CVE-2016-7912 2016-12-28 23:22:54 UTC (rev 4820)
@@ -8,5 +8,5 @@
3.16-upstream-stable: needed
3.2-upstream-stable: N/A "Vulnerable code not present"
sid: released (4.5.3-1)
-3.16-jessie-security: needed
+3.16-jessie-security: pending (3.16.39-1) [bugfix/all/usb-gadget-f_fs-fix-use-after-free.patch]
3.2-wheezy-security: N/A "Vulnerable code not present"
Modified: active/CVE-2016-7915
===================================================================
--- active/CVE-2016-7915 2016-12-28 22:40:48 UTC (rev 4819)
+++ active/CVE-2016-7915 2016-12-28 23:22:54 UTC (rev 4820)
@@ -6,5 +6,5 @@
3.16-upstream-stable: needed
3.2-upstream-stable: needed
sid: released (4.6.1-1)
-3.16-jessie-security: needed
+3.16-jessie-security: pending (3.16.39-1) [bugfix/all/hid-core-prevent-out-of-bound-readings.patch]
3.2-wheezy-security: pending (3.2.84-1) [bugfix/all/hid-core-prevent-out-of-bound-readings.patch]
Modified: active/CVE-2016-7917
===================================================================
--- active/CVE-2016-7917 2016-12-28 22:40:48 UTC (rev 4819)
+++ active/CVE-2016-7917 2016-12-28 23:22:54 UTC (rev 4820)
@@ -15,5 +15,5 @@
3.16-upstream-stable: needed
3.2-upstream-stable: N/A "Vulnerable code not present"
sid: released (4.5.1-1)
-3.16-jessie-security: needed
+3.16-jessie-security: pending (3.16.39-1) [bugfix/all/netfilter-nfnetlink-correctly-validate-length-of-bat.patch]
3.2-wheezy-security: N/A "Vulnerable code not present"
Modified: active/CVE-2016-8399
===================================================================
--- active/CVE-2016-8399 2016-12-28 22:40:48 UTC (rev 4819)
+++ active/CVE-2016-8399 2016-12-28 23:22:54 UTC (rev 4820)
@@ -9,5 +9,5 @@
3.16-upstream-stable: needed
3.2-upstream-stable: needed
sid: released (4.8.15-1)
-3.16-jessie-security: needed
+3.16-jessie-security: pending (3.16.39-1) [bugfix/all/net-ping-check-minimum-size-on-icmp-header-length.patch]
3.2-wheezy-security: pending (3.2.84-1) [bugfix/all/net-ping-check-minimum-size-on-icmp-header-length.patch]
Modified: active/CVE-2016-8645
===================================================================
--- active/CVE-2016-8645 2016-12-28 22:40:48 UTC (rev 4819)
+++ active/CVE-2016-8645 2016-12-28 23:22:54 UTC (rev 4820)
@@ -11,13 +11,15 @@
http://www.spinics.net/lists/netdev/msg403787.html
http://www.spinics.net/lists/netdev/msg403789.html # patch v2
Notes:
- Issue introduced with the tcp-fastopen feature. Cf.
- http://www.openwall.com/lists/oss-security/2016/11/30/3
- Introduced in 3.6-rc1 with cf60af03ca4e71134206809ea892e49b92a88896
+ carnil> Issue introduced with the tcp-fastopen feature. Cf.
+ carnil> http://www.openwall.com/lists/oss-security/2016/11/30/3
+ carnil> Introduced in 3.6-rc1 with cf60af03ca4e71134206809ea892e49b92a88896
+ bwh> Eric Dumazet disputes that tcp-fastopen introduced the issue.
+ bwh> Only the specific case found by syzkaller seems to depend on it.
Bugs:
upstream: released (4.9-rc6) [ac6e780070e30e4c35bd395acfe9191e6268bdd3]
3.16-upstream-stable: needed
-3.2-upstream-stable: N/A "Vulnerability introduced in 3.6-rc1 with cf60af03ca4e71134206809ea892e49b92a88896"
+3.2-upstream-stable: needed
sid: released (4.8.11-1) [2b5f22e4f7fd208c8d392e5c3755cea1f562cb98]
3.16-jessie-security: needed
-3.2-wheezy-security: N/A "Vulnerable code not present"
+3.2-wheezy-security: needed
More information about the kernel-sec-discuss
mailing list