[kernel-sec-discuss] r4078 - active retired

Ben Hutchings benh at moszumanska.debian.org
Sun Jan 3 01:57:48 UTC 2016 

Author: benh
Date: 2016-01-03 01:57:48 +0000 (Sun, 03 Jan 2016)
New Revision: 4078

Added:
   retired/CVE-2015-8374
   retired/CVE-2015-8660
Removed:
   active/CVE-2015-8374
   active/CVE-2015-8660
Log:
Retire CVE-2015-8374 and CVE-2015-8660, fixed or ignored on all branches

Deleted: active/CVE-2015-8374
===================================================================
--- active/CVE-2015-8374	2016-01-03 01:56:36 UTC (rev 4077)
+++ active/CVE-2015-8374	2016-01-03 01:57:48 UTC (rev 4078)
@@ -1,12 +0,0 @@
-Description:
-References:
-Notes:
-Bugs:
-upstream: released (v4.4-rc1) [0305cd5f7fca85dae392b9ba85b116896eb7c1c7]
-3.16-upstream-stable: released (v3.16.7-ckt21) [c40009c43c849713cad7a850af0e522e3132bc5d]
-3.2-upstream-stable: released (3.2.74)
-2.6.32-upstream-stable: ignored "btrfs in 2.6.32 is just a tech preview and not usable for production"
-sid: released (4.2.6-2) [bugfix/all/btrfs-fix-truncation-of-compressed-and-inlined-exten.patch]
-3.16-jessie-security: released (3.16.7-ckt20-1+deb8u1) [bugfix/all/btrfs-fix-truncation-of-compressed-and-inlined-exten.patch]
-3.2-wheezy-security: ignored "btrfs in wheezy is just a tech preview and not usable for production"
-2.6.32-squeeze-security: ignored "btrfs in squeeze is just a tech preview and not usable for production"

Deleted: active/CVE-2015-8660
===================================================================
--- active/CVE-2015-8660	2016-01-03 01:56:36 UTC (rev 4077)
+++ active/CVE-2015-8660	2016-01-03 01:57:48 UTC (rev 4078)
@@ -1,12 +0,0 @@
-Description: overlay: fix permission checking for setattr
-References:
-Notes:
-Bugs:
-upstream: released (v4.4-rc4) [acff81ec2c79492b180fade3c2894425cd35a545]
-3.16-upstream-stable: N/A "Vulnerable code not present, introduced in e9be9d5e76e34872f0c37d72e25bc27fe9e2c54c (v3.18-rc2)" 
-3.2-upstream-stable: N/A "Vulnerable code not present, introduced in e9be9d5e76e34872f0c37d72e25bc27fe9e2c54c (v3.18-rc2)"
-2.6.32-upstream-stable: N/A "Vulnerable code not present, introduced in e9be9d5e76e34872f0c37d72e25bc27fe9e2c54c (v3.18-rc2)"
-sid: released (4.3.3-3) [bugfix/all/ovl-fix-permission-checking-for-setattr.patch]
-3.16-jessie-security: N/A "Vulnerable code not present"
-3.2-wheezy-security: N/A "Vulnerable code not present"
-2.6.32-squeeze-security: N/A "Vulnerable code not present"

Copied: retired/CVE-2015-8374 (from rev 4077, active/CVE-2015-8374)
===================================================================
--- retired/CVE-2015-8374	                        (rev 0)
+++ retired/CVE-2015-8374	2016-01-03 01:57:48 UTC (rev 4078)
@@ -0,0 +1,12 @@
+Description:
+References:
+Notes:
+Bugs:
+upstream: released (v4.4-rc1) [0305cd5f7fca85dae392b9ba85b116896eb7c1c7]
+3.16-upstream-stable: released (v3.16.7-ckt21) [c40009c43c849713cad7a850af0e522e3132bc5d]
+3.2-upstream-stable: released (3.2.74)
+2.6.32-upstream-stable: ignored "btrfs in 2.6.32 is just a tech preview and not usable for production"
+sid: released (4.2.6-2) [bugfix/all/btrfs-fix-truncation-of-compressed-and-inlined-exten.patch]
+3.16-jessie-security: released (3.16.7-ckt20-1+deb8u1) [bugfix/all/btrfs-fix-truncation-of-compressed-and-inlined-exten.patch]
+3.2-wheezy-security: ignored "btrfs in wheezy is just a tech preview and not usable for production"
+2.6.32-squeeze-security: ignored "btrfs in squeeze is just a tech preview and not usable for production"

Copied: retired/CVE-2015-8660 (from rev 4077, active/CVE-2015-8660)
===================================================================
--- retired/CVE-2015-8660	                        (rev 0)
+++ retired/CVE-2015-8660	2016-01-03 01:57:48 UTC (rev 4078)
@@ -0,0 +1,12 @@
+Description: overlay: fix permission checking for setattr
+References:
+Notes:
+Bugs:
+upstream: released (v4.4-rc4) [acff81ec2c79492b180fade3c2894425cd35a545]
+3.16-upstream-stable: N/A "Vulnerable code not present, introduced in e9be9d5e76e34872f0c37d72e25bc27fe9e2c54c (v3.18-rc2)" 
+3.2-upstream-stable: N/A "Vulnerable code not present, introduced in e9be9d5e76e34872f0c37d72e25bc27fe9e2c54c (v3.18-rc2)"
+2.6.32-upstream-stable: N/A "Vulnerable code not present, introduced in e9be9d5e76e34872f0c37d72e25bc27fe9e2c54c (v3.18-rc2)"
+sid: released (4.3.3-3) [bugfix/all/ovl-fix-permission-checking-for-setattr.patch]
+3.16-jessie-security: N/A "Vulnerable code not present"
+3.2-wheezy-security: N/A "Vulnerable code not present"
+2.6.32-squeeze-security: N/A "Vulnerable code not present"

More information about the kernel-sec-discuss mailing list