[kernel-sec-discuss] r4133 - active
Ben Hutchings
benh at moszumanska.debian.org
Thu Feb 4 18:24:52 UTC 2016
Author: benh
Date: 2016-02-04 18:24:52 +0000 (Thu, 04 Feb 2016)
New Revision: 4133
Modified:
active/CVE-2013-4312
Log:
Unmark CVE-2013-4312 as released in jessie, sid
This is only slightly mitigated and we should not consider it fixed
without backporting the second commit..
Modified: active/CVE-2013-4312
===================================================================
--- active/CVE-2013-4312 2016-02-01 15:27:24 UTC (rev 4132)
+++ active/CVE-2013-4312 2016-02-04 18:24:52 UTC (rev 4133)
@@ -2,19 +2,20 @@
References:
https://lkml.org/lkml/2015/12/31/15
Notes:
- 712f4aad406bb1ed67f3f98d04c044191f0ff593 according to the commit message
- mitigated the issue.
- .
- There is a second commit [759c01142a5d0f364a462346168a56de28a80f52] to mitigate
- CVE-2013-4312, but this is slightly more involving. Ben suggested to wait before
- starting to backport this as well and look for possible regressions/problems.
+ carnil> 712f4aad406bb1ed67f3f98d04c044191f0ff593 according to the commit
+ carnil> message mitigated the issue.
+ bwh> This was applied in 3.16.7-ckt20-1+deb8u3 and 4.3.3-6.
+ carnil> There is a second commit [759c01142a5d0f364a462346168a56de28a80f52] to
+ carnil> mitigate CVE-2013-4312, but this is slightly more involving. Ben
+ carnil> suggested to wait before starting to backport this as well and look
+ carnil> for possible regressions/problems.
Bugs:
https://bugzilla.kernel.org/show_bug.cgi?id=20402
-upstream: released (4.5-rc1) [712f4aad406bb1ed67f3f98d04c044191f0ff593]
+upstream: released (4.5-rc1) [712f4aad406bb1ed67f3f98d04c044191f0ff593, 759c01142a5d0f364a462346168a56de28a80f52]
3.16-upstream-stable: needed
3.2-upstream-stable: needed
2.6.32-upstream-stable: needed
-sid: released (4.3.3-6) [bugfix/all/unix-properly-account-for-FDs-passed-over-unix-socke.patch]
-3.16-jessie-security: released (3.16.7-ckt20-1+deb8u3) [bugfix/all/unix-properly-account-for-FDs-passed-over-unix-socke.patch]
-3.2-wheezy-security: pending (3.2.73-2+deb7u3) [bugfix/all/unix-properly-account-for-FDs-passed-over-unix-socke.patch]
-2.6.32-squeeze-security: pending (2.6.32-48squeeze19) [bugfix/all/unix-properly-account-for-FDs-passed-over-unix-socke.patch]
+sid: needed
+3.16-jessie-security: needed
+3.2-wheezy-security: needed
+2.6.32-squeeze-security: needed
More information about the kernel-sec-discuss
mailing list