[kernel-sec-discuss] r4135 - active
Ben Hutchings
benh at moszumanska.debian.org
Thu Feb 4 20:36:25 UTC 2016
Author: benh
Date: 2016-02-04 20:36:25 +0000 (Thu, 04 Feb 2016)
New Revision: 4135
Modified:
active/CVE-2013-4312
Log:
Mark CVE-2013-4312 pending for sid
Modified: active/CVE-2013-4312
===================================================================
--- active/CVE-2013-4312 2016-02-04 18:26:21 UTC (rev 4134)
+++ active/CVE-2013-4312 2016-02-04 20:36:25 UTC (rev 4135)
@@ -4,7 +4,7 @@
Notes:
carnil> 712f4aad406bb1ed67f3f98d04c044191f0ff593 according to the commit
carnil> message mitigated the issue.
- bwh> This was applied in 3.16.7-ckt20-1+deb8u3 and 4.3.3-6.
+ bwh> This was applied in 3.16.7-ckt20-1+deb8u3, 4.3.3-6, and 4.3.5.
carnil> There is a second commit [759c01142a5d0f364a462346168a56de28a80f52] to
carnil> mitigate CVE-2013-4312, but this is slightly more involving. Ben
carnil> suggested to wait before starting to backport this as well and look
@@ -15,7 +15,7 @@
3.16-upstream-stable: needed
3.2-upstream-stable: needed
2.6.32-upstream-stable: needed
-sid: needed
+sid: pending (4.3.5-1) [bugfix/all/pipe-limit-the-per-user-amount-of-pages-allocated-in.patch]
3.16-jessie-security: needed
3.2-wheezy-security: needed
2.6.32-squeeze-security: ignored "Too risky to backport at EOL"
More information about the kernel-sec-discuss
mailing list