[kernel-sec-discuss] r4089 - active
Ben Hutchings
benh at moszumanska.debian.org
Thu Jan 14 22:42:22 UTC 2016
Author: benh
Date: 2016-01-14 22:42:22 +0000 (Thu, 14 Jan 2016)
New Revision: 4089
Modified:
active/CVE-2013-7446
active/CVE-2015-7513
active/CVE-2015-7550
active/CVE-2015-7833
active/CVE-2015-7990
active/CVE-2015-8543
active/CVE-2015-8550
active/CVE-2015-8551
active/CVE-2015-8552
active/CVE-2015-8569
active/CVE-2015-8575
Log:
Update upstraeam status for active issues
Modified: active/CVE-2013-7446
===================================================================
--- active/CVE-2013-7446 2016-01-14 22:27:00 UTC (rev 4088)
+++ active/CVE-2013-7446 2016-01-14 22:42:22 UTC (rev 4089)
@@ -7,7 +7,7 @@
bwh> Patch claims this was introduced by commit ec0d215f9420, i.e. Linux 2.6.26
Bugs:
upstream: released (4.4-rc4) [7d267278a9ece963d77eefec61630223fce08c6c]
-3.16-upstream-stable: needed
+3.16-upstream-stable: released (3.16.7-ckt22)
3.2-upstream-stable: released (3.2.75) [unix-avoid-use-after-free-in-ep_remove_wait_queue.patch]
2.6.32-upstream-stable: pending (2.6.32.70)
sid: released (4.2.6-2) [bugfix/all/unix-avoid-use-after-free-in-ep_remove_wait_queue.patch]
Modified: active/CVE-2015-7513
===================================================================
--- active/CVE-2015-7513 2016-01-14 22:27:00 UTC (rev 4088)
+++ active/CVE-2015-7513 2016-01-14 22:42:22 UTC (rev 4089)
@@ -3,8 +3,8 @@
Notes:
Bugs:
upstream: released (v4.4-rc7) [0185604c2d82c560dab2f2933a18f797e74ab5a8]
-3.16-upstream-stable: pending (3.16.7-ckt22)
-3.2-upstream-stable: needed
+3.16-upstream-stable: released (3.16.7-ckt22)
+3.2-upstream-stable: pending (3.2.76) [kvm-x86-reload-pit-counters-for-all-channels-when-restoring-state.patch]
2.6.32-upstream-stable: needed
sid: released (4.3.3-3) [bugfix/x86/KVM-x86-Reload-pit-counters-for-all-channels-when-re.patch]
3.16-jessie-security: released (3.16.7-ckt20-1+deb8u2) [bugfix/x86/KVM-x86-Reload-pit-counters-for-all-channels-when-re.patch]
Modified: active/CVE-2015-7550
===================================================================
--- active/CVE-2015-7550 2016-01-14 22:27:00 UTC (rev 4088)
+++ active/CVE-2015-7550 2016-01-14 22:42:22 UTC (rev 4089)
@@ -3,8 +3,8 @@
Notes:
Bugs:
upstream: released (4.4-rc8) [b4a1b4f5047e4f54e194681125c74c0aa64d637d]
-3.16-upstream-stable: pending (3.16.7-ckt22)
-3.2-upstream-stable: needed
+3.16-upstream-stable: released (3.16.7-ckt22)
+3.2-upstream-stable: pending (3.2.76) [keys-fix-race-between-read-and-revoke.patch]
2.6.32-upstream-stable: needed
sid: released (4.3.3-3) [bugfix/all/keys-fix-race-between-read-and-revoke.patch]
3.16-jessie-security: released (3.16.7-ckt20-1+deb8u2) [bugfix/all/keys-fix-race-between-read-and-revoke.patch]
Modified: active/CVE-2015-7833
===================================================================
--- active/CVE-2015-7833 2016-01-14 22:27:00 UTC (rev 4088)
+++ active/CVE-2015-7833 2016-01-14 22:42:22 UTC (rev 4089)
@@ -1,12 +1,10 @@
Description: usbvision: crash on invalid USB device descriptors
References:
- http://git.linuxtv.org/cgit.cgi/media_tree.git/commit?id=588afcc1c0e45358159090d95bf7b246fb67565f
- http://git.linuxtv.org/cgit.cgi/media_tree.git/commit?id=fa52bd506f274b7619955917abfde355e3d19ffe
Notes:
bwh> linux versions 3.2.68-1+deb7u6, 3.16.7-ckt11-1+deb8u6 and 4.2.6-1
bwh> have the first patch only.
Bugs:
-upstream: needed
+upstream: pending (4.5-rc1) [588afcc1c0e45358159090d95bf7b246fb67565f, fa52bd506f274b7619955917abfde355e3d19ffe]
3.16-upstream-stable: needed
3.2-upstream-stable: needed
2.6.32-upstream-stable: needed
Modified: active/CVE-2015-7990
===================================================================
--- active/CVE-2015-7990 2016-01-14 22:27:00 UTC (rev 4088)
+++ active/CVE-2015-7990 2016-01-14 22:42:22 UTC (rev 4089)
@@ -4,7 +4,7 @@
Notes:
Bugs:
upstream: released (4.4-rc4) [8c7188b23474cca017b3ef354c4a58456f68303a]
-3.16-upstream-stable: needed
+3.16-upstream-stable: released (3.16.7-ckt22)
3.2-upstream-stable: released (3.2.75) [rds-fix-race-condition-when-sending-a-message-on-unbound-socket.patch]
2.6.32-upstream-stable: pending (2.6.32.70)
sid: released (4.2.6-1) [bugfix/all/rds-fix-race-condition-when-sending-a-message-on-unbound-socket.patch]
Modified: active/CVE-2015-8543
===================================================================
--- active/CVE-2015-8543 2016-01-14 22:27:00 UTC (rev 4088)
+++ active/CVE-2015-8543 2016-01-14 22:42:22 UTC (rev 4089)
@@ -8,7 +8,7 @@
bwh> For earlier versions it's not important.
Bugs:
upstream: released (4.4-rc6) [79462ad02e861803b3840cc782248c7359451cd9]
-3.16-upstream-stable: pending (3.16.7-ckt22)
+3.16-upstream-stable: released (3.16.7-ckt22)
3.2-upstream-stable: released (3.2.75) [net-add-validation-for-the-socket-syscall-protocol-argument.patch]
2.6.32-upstream-stable: needed
sid: released (4.3.3-1) [bugfix/all/net-add-validation-for-the-socket-syscall-protocol.patch]
Modified: active/CVE-2015-8550
===================================================================
--- active/CVE-2015-8550 2016-01-14 22:27:00 UTC (rev 4088)
+++ active/CVE-2015-8550 2016-01-14 22:42:22 UTC (rev 4089)
@@ -3,8 +3,8 @@
Notes:
Bugs:
upstream: released (4.4-rc6) [454d5d882c7e412b840e3c99010fe81a9862f6fb, 0f589967a73f1f30ab4ac4dd9ce0bb399b4d6357, 68a33bfd8403e4e22847165d149823a2e0e67c9c, 1f13d75ccb806260079e0679d55d9253e370ec8a, 18779149101c0dd43ded43669ae2a92d21b6f9cb, be69746ec12f35b484707da505c6c76ff06f97dc, 8135cf8b092723dbfcc611fe6fdcb3a36c9951c5]
-3.16-upstream-stable: needed
-3.2-upstream-stable: needed
+3.16-upstream-stable: pending (3.16.7-ckt23)
+3.2-upstream-stable: pending (3.2.76) [xen-add-ring_copy_request.patch, xen-netback-don-t-use-last-request-to-determine-minimum-tx-credit.patch, xen-netback-use-ring_copy_request-throughout.patch, xen-blkback-only-read-request-operation-from-shared-ring-once.patch, xen-pciback-save-xen_pci_op-commands-before-processing-it.patch#]
2.6.32-upstream-stable: N/A "Vulnerable code not present"
sid: released (4.3.3-3) [bugfix/all/xen-add-ring_copy_request.patch, bugfix/all/xen-netback-don-t-use-last-request-to-determine-mini.patch, bugfix/all/xen-netback-use-ring_copy_request-throughout.patch, bugfix/all/xen-blkback-only-read-request-operation-from-shared-.patch, bugfix/all/xen-blkback-read-from-indirect-descriptors-only-once.patch, bugfix/all/xen-scsiback-safely-copy-requests.patch, bugfix/all/xen-pciback-save-xen_pci_op-commands-before-processi.patch]
3.16-jessie-security: released (3.16.7-ckt20-1+deb8u2) [bugfix/all/xen-add-ring_copy_request.patch, bugfix/all/xen-netback-don-t-use-last-request-to-determine-mini.patch, bugfix/all/xen-netback-use-ring_copy_request-throughout.patch, bugfix/all/xen-blkback-only-read-request-operation-from-shared-.patch, bugfix/all/xen-blkback-read-from-indirect-descriptors-only-once.patch, bugfix/all/xen-pciback-save-xen_pci_op-commands-before-processi.patch]
Modified: active/CVE-2015-8551
===================================================================
--- active/CVE-2015-8551 2016-01-14 22:27:00 UTC (rev 4088)
+++ active/CVE-2015-8551 2016-01-14 22:42:22 UTC (rev 4089)
@@ -3,8 +3,8 @@
Notes: Same set of fixes as for CVE-2015-8552
Bugs:
upstream: released (4.4-rc6) [56441f3c8e5bd45aab10dd9f8c505dd4bec03b0d, 5e0ce1455c09dd61d029b8ad45d82e1ac0b6c4c9, a396f3a210c3a61e94d6b87ec05a75d0be2a60d0, 7cfb905b9638982862f0331b36ccaaca5d383b49, 408fb0e5aa7fda0059db282ff58c3b2a4278baa0]
-3.16-upstream-stable: needed
-3.2-upstream-stable: needed
+3.16-upstream-stable: pending (3.16.7-ckt23)
+3.2-upstream-stable: pending (3.2.76) [xen-pciback-return-error-on-xen_pci_op_enable_msi-when-device-has.patch, xen-pciback-return-error-on-xen_pci_op_enable_msix-when-device-has.patch, xen-pciback-do-not-install-an-irq-handler-for-msi-interrupts.patch, xen-pciback-for-xen_pci_op_disable_msi-only-disable-if-device.patch, xen-pciback-don-t-allow-msi-x-ops-if-pci_command_memory-is-not-set.patch]
2.6.32-upstream-stable: N/A "Vulnerable code not present"
sid: released (4.3.3-3) [bugfix/all/xen-pciback-return-error-on-xen_pci_op_enable_msi-wh.patch, bugfix/all/xen-pciback-return-error-on-xen_pci_op_enable_msix-w.patch, bugfix/all/xen-pciback-do-not-install-an-irq-handler-for-msi-in.patch, bugfix/all/xen-pciback-for-xen_pci_op_disable_msi-x-only-disabl.patch, bugfix/all/xen-pciback-don-t-allow-msi-x-ops-if-pci_command_mem.patch]
3.16-jessie-security: released (3.16.7-ckt20-1+deb8u2) [bugfix/all/xen-pciback-return-error-on-xen_pci_op_enable_msi-wh.patch, bugfix/all/xen-pciback-return-error-on-xen_pci_op_enable_msix-w.patch, bugfix/all/xen-pciback-do-not-install-an-irq-handler-for-msi-in.patch, bugfix/all/xen-pciback-for-xen_pci_op_disable_msi-x-only-disabl.patch, bugfix/all/xen-pciback-don-t-allow-msi-x-ops-if-pci_command_mem.patch]
Modified: active/CVE-2015-8552
===================================================================
--- active/CVE-2015-8552 2016-01-14 22:27:00 UTC (rev 4088)
+++ active/CVE-2015-8552 2016-01-14 22:42:22 UTC (rev 4089)
@@ -3,8 +3,8 @@
Notes: Same set of fixes as for CVE-2015-8551
Bugs:
upstream: released (4.4-rc6) [56441f3c8e5bd45aab10dd9f8c505dd4bec03b0d, 5e0ce1455c09dd61d029b8ad45d82e1ac0b6c4c9, a396f3a210c3a61e94d6b87ec05a75d0be2a60d0, 7cfb905b9638982862f0331b36ccaaca5d383b49, 408fb0e5aa7fda0059db282ff58c3b2a4278baa0]
-3.16-upstream-stable: needed
-3.2-upstream-stable: needed
+3.16-upstream-stable: pending (3.16.7-ckt23)
+3.2-upstream-stable: pending (3.2.76) [xen-pciback-return-error-on-xen_pci_op_enable_msi-when-device-has.patch, xen-pciback-return-error-on-xen_pci_op_enable_msix-when-device-has.patch, xen-pciback-do-not-install-an-irq-handler-for-msi-interrupts.patch, xen-pciback-for-xen_pci_op_disable_msi-only-disable-if-device.patch, xen-pciback-don-t-allow-msi-x-ops-if-pci_command_memory-is-not-set.patch]
2.6.32-upstream-stable: N/A "Vulnerable code not present"
sid: released (4.3.3-3) [bugfix/all/xen-pciback-return-error-on-xen_pci_op_enable_msi-wh.patch, bugfix/all/xen-pciback-return-error-on-xen_pci_op_enable_msix-w.patch, bugfix/all/xen-pciback-do-not-install-an-irq-handler-for-msi-in.patch, bugfix/all/xen-pciback-for-xen_pci_op_disable_msi-x-only-disabl.patch, bugfix/all/xen-pciback-don-t-allow-msi-x-ops-if-pci_command_mem.patch]
3.16-jessie-security: released (3.16.7-ckt20-1+deb8u2) [bugfix/all/xen-pciback-return-error-on-xen_pci_op_enable_msi-wh.patch, bugfix/all/xen-pciback-return-error-on-xen_pci_op_enable_msix-w.patch, bugfix/all/xen-pciback-do-not-install-an-irq-handler-for-msi-in.patch, bugfix/all/xen-pciback-for-xen_pci_op_disable_msi-x-only-disabl.patch, bugfix/all/xen-pciback-don-t-allow-msi-x-ops-if-pci_command_mem.patch]
Modified: active/CVE-2015-8569
===================================================================
--- active/CVE-2015-8569 2016-01-14 22:27:00 UTC (rev 4088)
+++ active/CVE-2015-8569 2016-01-14 22:42:22 UTC (rev 4089)
@@ -5,7 +5,7 @@
Notes:
Bugs:
upstream: released (4.4-rc6) [09ccfd238e5a0e670d8178cf50180ea81ae09ae1]
-3.16-upstream-stable: pending (3.16.7-ckt22)
+3.16-upstream-stable: released (3.16.7-ckt22)
3.2-upstream-stable: released (3.2.75) [pptp-verify-sockaddr_len-in-pptp_bind-and-pptp_connect.patch]
2.6.32-upstream-stable: N/A "Vulnerable code not present"
sid: released (4.3.3-3) [bugfix/all/pptp-verify-sockaddr_len-in-pptp_bind-and-pptp_conne.patch]
Modified: active/CVE-2015-8575
===================================================================
--- active/CVE-2015-8575 2016-01-14 22:27:00 UTC (rev 4088)
+++ active/CVE-2015-8575 2016-01-14 22:42:22 UTC (rev 4089)
@@ -3,7 +3,7 @@
Notes:
Bugs:
upstream: released (4.4-rc6) [5233252fce714053f0151680933571a2da9cbfb4]
-3.16-upstream-stable: pending (3.16.7-ckt22)
+3.16-upstream-stable: released (3.16.7-ckt22)
3.2-upstream-stable: released (3.2.75) [bluetooth-validate-socket-address-length-in-sco_sock_bind.patch]
2.6.32-upstream-stable: needed
sid: released (4.3.3-3) [bugfix/all/bluetooth-validate-socket-address-length-in-sco_sock.patch]
More information about the kernel-sec-discuss
mailing list