[kernel-sec-discuss] r4077 - active
Ben Hutchings
benh at moszumanska.debian.org
Sun Jan 3 01:56:37 UTC 2016
Author: benh
Date: 2016-01-03 01:56:36 +0000 (Sun, 03 Jan 2016)
New Revision: 4077
Modified:
active/CVE-2015-7513
active/CVE-2015-7550
active/CVE-2015-8550
active/CVE-2015-8551
active/CVE-2015-8552
active/CVE-2015-8569
active/CVE-2015-8575
active/CVE-2015-8660
active/CVE-2015-8709
Log:
Mark 4.3.3-3 as released
Modified: active/CVE-2015-7513
===================================================================
--- active/CVE-2015-7513 2016-01-02 18:00:16 UTC (rev 4076)
+++ active/CVE-2015-7513 2016-01-03 01:56:36 UTC (rev 4077)
@@ -6,7 +6,7 @@
3.16-upstream-stable: needed
3.2-upstream-stable: needed
2.6.32-upstream-stable: needed
-sid: pending (4.3.3-3) [bugfix/x86/KVM-x86-Reload-pit-counters-for-all-channels-when-re.patch]
+sid: released (4.3.3-3) [bugfix/x86/KVM-x86-Reload-pit-counters-for-all-channels-when-re.patch]
3.16-jessie-security: pending (3.16.7-ckt20-1+deb8u2) [bugfix/x86/KVM-x86-Reload-pit-counters-for-all-channels-when-re.patch]
3.2-wheezy-security: pending (3.2.73-2+deb7u2) [bugfix/x86/KVM-x86-Reload-pit-counters-for-all-channels-when-re.patch]
2.6.32-squeeze-security: ignored "KVM not supported in Squeeze LTS"
Modified: active/CVE-2015-7550
===================================================================
--- active/CVE-2015-7550 2016-01-02 18:00:16 UTC (rev 4076)
+++ active/CVE-2015-7550 2016-01-03 01:56:36 UTC (rev 4077)
@@ -6,7 +6,7 @@
3.16-upstream-stable: needed
3.2-upstream-stable: needed
2.6.32-upstream-stable: needed
-sid: pending (4.3.3-3) [bugfix/all/keys-fix-race-between-read-and-revoke.patch]
+sid: released (4.3.3-3) [bugfix/all/keys-fix-race-between-read-and-revoke.patch]
3.16-jessie-security: pending (3.16.7-ckt20-1+deb8u2) [bugfix/all/keys-fix-race-between-read-and-revoke.patch]
3.2-wheezy-security: pending (3.2.73-2+deb7u2) [bugfix/all/keys-fix-race-between-read-and-revoke.patch]
2.6.32-squeeze-security: released (2.6.32-48squeeze18) [bugfix/all/keys-fix-race-between-read-and-revoke.patch]
Modified: active/CVE-2015-8550
===================================================================
--- active/CVE-2015-8550 2016-01-02 18:00:16 UTC (rev 4076)
+++ active/CVE-2015-8550 2016-01-03 01:56:36 UTC (rev 4077)
@@ -6,7 +6,7 @@
3.16-upstream-stable: needed
3.2-upstream-stable: needed
2.6.32-upstream-stable: N/A "Vulnerable code not present"
-sid: pending (4.3.3-3) [bugfix/all/xen-add-ring_copy_request.patch, bugfix/all/xen-netback-don-t-use-last-request-to-determine-mini.patch, bugfix/all/xen-netback-use-ring_copy_request-throughout.patch, bugfix/all/xen-blkback-only-read-request-operation-from-shared-.patch, bugfix/all/xen-blkback-read-from-indirect-descriptors-only-once.patch, bugfix/all/xen-scsiback-safely-copy-requests.patch, bugfix/all/xen-pciback-save-xen_pci_op-commands-before-processi.patch]
+sid: released (4.3.3-3) [bugfix/all/xen-add-ring_copy_request.patch, bugfix/all/xen-netback-don-t-use-last-request-to-determine-mini.patch, bugfix/all/xen-netback-use-ring_copy_request-throughout.patch, bugfix/all/xen-blkback-only-read-request-operation-from-shared-.patch, bugfix/all/xen-blkback-read-from-indirect-descriptors-only-once.patch, bugfix/all/xen-scsiback-safely-copy-requests.patch, bugfix/all/xen-pciback-save-xen_pci_op-commands-before-processi.patch]
3.16-jessie-security: pending (3.16.7-ckt20-1+deb8u2) [bugfix/all/xen-add-ring_copy_request.patch, bugfix/all/xen-netback-don-t-use-last-request-to-determine-mini.patch, bugfix/all/xen-netback-use-ring_copy_request-throughout.patch, bugfix/all/xen-blkback-only-read-request-operation-from-shared-.patch, bugfix/all/xen-blkback-read-from-indirect-descriptors-only-once.patch, bugfix/all/xen-pciback-save-xen_pci_op-commands-before-processi.patch]
3.2-wheezy-security: pending (3.2.73-2+deb7u2) [bugfix/all/xen-add-ring_copy_request.patch, bugfix/all/xen-netback-don-t-use-last-request-to-determine-mini.patch, bugfix/all/xen-netback-use-ring_copy_request-throughout.patch, bugfix/all/xen-blkback-only-read-request-operation-from-shared-.patch, bugfix/all/xen-pciback-save-xen_pci_op-commands-before-processi.patch]
2.6.32-squeeze-security: ignored "Xen not supported in Squeeze LTS"
Modified: active/CVE-2015-8551
===================================================================
--- active/CVE-2015-8551 2016-01-02 18:00:16 UTC (rev 4076)
+++ active/CVE-2015-8551 2016-01-03 01:56:36 UTC (rev 4077)
@@ -6,7 +6,7 @@
3.16-upstream-stable: needed
3.2-upstream-stable: needed
2.6.32-upstream-stable: N/A "Vulnerable code not present"
-sid: pending (4.3.3-3) [bugfix/all/xen-pciback-return-error-on-xen_pci_op_enable_msi-wh.patch, bugfix/all/xen-pciback-return-error-on-xen_pci_op_enable_msix-w.patch, bugfix/all/xen-pciback-do-not-install-an-irq-handler-for-msi-in.patch, bugfix/all/xen-pciback-for-xen_pci_op_disable_msi-x-only-disabl.patch, bugfix/all/xen-pciback-don-t-allow-msi-x-ops-if-pci_command_mem.patch]
+sid: released (4.3.3-3) [bugfix/all/xen-pciback-return-error-on-xen_pci_op_enable_msi-wh.patch, bugfix/all/xen-pciback-return-error-on-xen_pci_op_enable_msix-w.patch, bugfix/all/xen-pciback-do-not-install-an-irq-handler-for-msi-in.patch, bugfix/all/xen-pciback-for-xen_pci_op_disable_msi-x-only-disabl.patch, bugfix/all/xen-pciback-don-t-allow-msi-x-ops-if-pci_command_mem.patch]
3.16-jessie-security: pending (3.16.7-ckt20-1+deb8u2) [bugfix/all/xen-pciback-return-error-on-xen_pci_op_enable_msi-wh.patch, bugfix/all/xen-pciback-return-error-on-xen_pci_op_enable_msix-w.patch, bugfix/all/xen-pciback-do-not-install-an-irq-handler-for-msi-in.patch, bugfix/all/xen-pciback-for-xen_pci_op_disable_msi-x-only-disabl.patch, bugfix/all/xen-pciback-don-t-allow-msi-x-ops-if-pci_command_mem.patch]
3.2-wheezy-security: pending (3.2.73-2+deb7u2) [bugfix/all/xen-pciback-return-error-on-xen_pci_op_enable_msi-wh.patch, bugfix/all/xen-pciback-return-error-on-xen_pci_op_enable_msix-w.patch, bugfix/all/xen-pciback-do-not-install-an-irq-handler-for-msi-in.patch, bugfix/all/xen-pciback-for-xen_pci_op_disable_msi-x-only-disabl.patch, bugfix/all/xen-pciback-don-t-allow-msi-x-ops-if-pci_command_mem.patch]
2.6.32-squeeze-security: ignored "Xen not supported in Squeeze LTS"
Modified: active/CVE-2015-8552
===================================================================
--- active/CVE-2015-8552 2016-01-02 18:00:16 UTC (rev 4076)
+++ active/CVE-2015-8552 2016-01-03 01:56:36 UTC (rev 4077)
@@ -6,7 +6,7 @@
3.16-upstream-stable: needed
3.2-upstream-stable: needed
2.6.32-upstream-stable: N/A "Vulnerable code not present"
-sid: pending (4.3.3-3) [bugfix/all/xen-pciback-return-error-on-xen_pci_op_enable_msi-wh.patch, bugfix/all/xen-pciback-return-error-on-xen_pci_op_enable_msix-w.patch, bugfix/all/xen-pciback-do-not-install-an-irq-handler-for-msi-in.patch, bugfix/all/xen-pciback-for-xen_pci_op_disable_msi-x-only-disabl.patch, bugfix/all/xen-pciback-don-t-allow-msi-x-ops-if-pci_command_mem.patch]
+sid: released (4.3.3-3) [bugfix/all/xen-pciback-return-error-on-xen_pci_op_enable_msi-wh.patch, bugfix/all/xen-pciback-return-error-on-xen_pci_op_enable_msix-w.patch, bugfix/all/xen-pciback-do-not-install-an-irq-handler-for-msi-in.patch, bugfix/all/xen-pciback-for-xen_pci_op_disable_msi-x-only-disabl.patch, bugfix/all/xen-pciback-don-t-allow-msi-x-ops-if-pci_command_mem.patch]
3.16-jessie-security: pending (3.16.7-ckt20-1+deb8u2) [bugfix/all/xen-pciback-return-error-on-xen_pci_op_enable_msi-wh.patch, bugfix/all/xen-pciback-return-error-on-xen_pci_op_enable_msix-w.patch, bugfix/all/xen-pciback-do-not-install-an-irq-handler-for-msi-in.patch, bugfix/all/xen-pciback-for-xen_pci_op_disable_msi-x-only-disabl.patch, bugfix/all/xen-pciback-don-t-allow-msi-x-ops-if-pci_command_mem.patch]
3.2-wheezy-security: pending (3.2.73-2+deb7u2) [bugfix/all/xen-pciback-return-error-on-xen_pci_op_enable_msi-wh.patch, bugfix/all/xen-pciback-return-error-on-xen_pci_op_enable_msix-w.patch, bugfix/all/xen-pciback-do-not-install-an-irq-handler-for-msi-in.patch, bugfix/all/xen-pciback-for-xen_pci_op_disable_msi-x-only-disabl.patch, bugfix/all/xen-pciback-don-t-allow-msi-x-ops-if-pci_command_mem.patch]
2.6.32-squeeze-security: ignored "Xen not supported in Squeeze LTS"
Modified: active/CVE-2015-8569
===================================================================
--- active/CVE-2015-8569 2016-01-02 18:00:16 UTC (rev 4076)
+++ active/CVE-2015-8569 2016-01-03 01:56:36 UTC (rev 4077)
@@ -8,7 +8,7 @@
3.16-upstream-stable: needed
3.2-upstream-stable: released (3.2.75) [pptp-verify-sockaddr_len-in-pptp_bind-and-pptp_connect.patch]
2.6.32-upstream-stable: N/A "Vulnerable code not present"
-sid: pending (4.3.3-3) [bugfix/all/pptp-verify-sockaddr_len-in-pptp_bind-and-pptp_conne.patch]
+sid: released (4.3.3-3) [bugfix/all/pptp-verify-sockaddr_len-in-pptp_bind-and-pptp_conne.patch]
3.16-jessie-security: pending (3.16.7-ckt20-1+deb8u2) [bugfix/all/pptp-verify-sockaddr_len-in-pptp_bind-and-pptp_conne.patch]
3.2-wheezy-security: pending (3.2.73-2+deb7u2) [bugfix/all/pptp-verify-sockaddr_len-in-pptp_bind-and-pptp_conne.patch]
2.6.32-squeeze-security: N/A "Vulnerable code not present"
Modified: active/CVE-2015-8575
===================================================================
--- active/CVE-2015-8575 2016-01-02 18:00:16 UTC (rev 4076)
+++ active/CVE-2015-8575 2016-01-03 01:56:36 UTC (rev 4077)
@@ -6,7 +6,7 @@
3.16-upstream-stable: needed
3.2-upstream-stable: released (3.2.75) [bluetooth-validate-socket-address-length-in-sco_sock_bind.patch]
2.6.32-upstream-stable: needed
-sid: pending (4.3.3-3) [bugfix/all/bluetooth-validate-socket-address-length-in-sco_sock.patch]
+sid: released (4.3.3-3) [bugfix/all/bluetooth-validate-socket-address-length-in-sco_sock.patch]
3.16-jessie-security: pending (3.16.7-ckt20-1+deb8u2) [bugfix/all/bluetooth-validate-socket-address-length-in-sco_sock.patch]
3.2-wheezy-security: pending (3.2.73-2+deb7u2) [bugfix/all/bluetooth-validate-socket-address-length-in-sco_sock.patch]
2.6.32-squeeze-security: released (2.6.32-48squeeze18) [bugfix/all/bluetooth-validate-socket-address-length-in-sco_sock.patch]
Modified: active/CVE-2015-8660
===================================================================
--- active/CVE-2015-8660 2016-01-02 18:00:16 UTC (rev 4076)
+++ active/CVE-2015-8660 2016-01-03 01:56:36 UTC (rev 4077)
@@ -6,7 +6,7 @@
3.16-upstream-stable: N/A "Vulnerable code not present, introduced in e9be9d5e76e34872f0c37d72e25bc27fe9e2c54c (v3.18-rc2)"
3.2-upstream-stable: N/A "Vulnerable code not present, introduced in e9be9d5e76e34872f0c37d72e25bc27fe9e2c54c (v3.18-rc2)"
2.6.32-upstream-stable: N/A "Vulnerable code not present, introduced in e9be9d5e76e34872f0c37d72e25bc27fe9e2c54c (v3.18-rc2)"
-sid: pending (4.3.3-3) [bugfix/all/ovl-fix-permission-checking-for-setattr.patch]
+sid: released (4.3.3-3) [bugfix/all/ovl-fix-permission-checking-for-setattr.patch]
3.16-jessie-security: N/A "Vulnerable code not present"
3.2-wheezy-security: N/A "Vulnerable code not present"
2.6.32-squeeze-security: N/A "Vulnerable code not present"
Modified: active/CVE-2015-8709
===================================================================
--- active/CVE-2015-8709 2016-01-02 18:00:16 UTC (rev 4076)
+++ active/CVE-2015-8709 2016-01-03 01:56:36 UTC (rev 4077)
@@ -9,7 +9,7 @@
3.16-upstream-stable: needed
3.2-upstream-stable: N/A "Vulnerable code not present"
2.6.32-upstream-stable: N/A "Vulnerable code not present"
-sid: pending (4.3.3-3) [bugfix/all/ptrace-being-capable-wrt-a-process-requires-mapped-uids-gids.patch]
+sid: released (4.3.3-3) [bugfix/all/ptrace-being-capable-wrt-a-process-requires-mapped-uids-gids.patch]
3.16-jessie-security: pending (3.16.7-ckt20-1+deb8u2) [bugfix/all/ptrace-being-capable-wrt-a-process-requires-mapped-uids-gids.patch]
3.2-wheezy-security: N/A "Vulnerable code not present"
2.6.32-squeeze-security: N/A "Vulnerable code not present"
More information about the kernel-sec-discuss
mailing list