[kernel-sec-discuss] r4086 - active

Ben Hutchings benh at moszumanska.debian.org
Tue Jan 12 18:53:29 UTC 2016


Author: benh
Date: 2016-01-12 18:53:29 +0000 (Tue, 12 Jan 2016)
New Revision: 4086

Modified:
   active/CVE-2015-8767
Log:
Mark CVE-2015-8767 as needed in all stable/security branches

Modified: active/CVE-2015-8767
===================================================================
--- active/CVE-2015-8767	2016-01-11 17:52:57 UTC (rev 4085)
+++ active/CVE-2015-8767	2016-01-12 18:53:29 UTC (rev 4086)
@@ -1,12 +1,16 @@
 Description: SCTP denial of service during heartbeat timeout functions
 References:
 Notes:
+ bwh> I'm not sure exactly how far back this is needed as I can't see
+ bwh> where the change of association is made.  But SCTP hasn't
+ bwh> changed a whole lot since 2.6.32 and most other security fixes
+ bwh> have been needed all the way back.
 Bugs:
 upstream: released (v4.3-rc4) [635682a14427d241bab7bbdeebb48a7d7b91638e]
-3.16-upstream-stable:
-3.2-upstream-stable:
-2.6.32-upstream-stable:
+3.16-upstream-stable: needed
+3.2-upstream-stable: needed
+2.6.32-upstream-stable: needed
 sid: released (4.3.1-1)
-3.16-jessie-security:
-3.2-wheezy-security:
-2.6.32-squeeze-security:
+3.16-jessie-security: needed
+3.2-wheezy-security: needed
+2.6.32-squeeze-security: needed




More information about the kernel-sec-discuss mailing list