[kernel-sec-discuss] r4506 - active

Sat Jul 2 10:08:04 UTC 2016

Author: benh
Date: 2016-07-02 10:08:04 +0000 (Sat, 02 Jul 2016)
New Revision: 4506

Modified:
   active/CVE-2014-9904
   active/CVE-2016-5728
   active/CVE-2016-5828
   active/CVE-2016-5829
   active/CVE-2016-6130
Log:
Mark issues pending in jessie (and needed or N/A for other branches)

Modified: active/CVE-2014-9904
===================================================================

--- active/CVE-2014-9904	2016-07-01 13:49:50 UTC (rev 4505)
+++ active/CVE-2014-9904	2016-07-02 10:08:04 UTC (rev 4506)
@@ -3,8 +3,8 @@
 Notes: Introduced in 3.7-rc1 with b35cc8225845112a616e3a2266d2fde5ab13d3ab
 Bugs:
 upstream: released (3.17-rc1) [6217e5ede23285ddfee10d2e4ba0cc2d4c046205]
-3.16-upstream-stable:
+3.16-upstream-stable: needed
 3.2-upstream-stable: N/A "Introduced with b35cc8225845112a616e3a2266d2fde5ab13d3ab in 3.7-rc1"
 sid: released (4.0.2-1)
-3.16-jessie-security:
+3.16-jessie-security: pending (3.16.7-ckt25-2+deb8u3) [bugfix/all/alsa-compress-fix-an-integer-overflow-check.patch]
 3.2-wheezy-security: N/A "Vulnerable code not present"

Modified: active/CVE-2016-5728
===================================================================
--- active/CVE-2016-5728	2016-07-01 13:49:50 UTC (rev 4505)
+++ active/CVE-2016-5728	2016-07-02 10:08:04 UTC (rev 4506)
@@ -17,8 +17,8 @@
 Bugs:
  https://bugzilla.kernel.org/show_bug.cgi?id=116651
 upstream: released (v4.7-rc1) [9bf292bfca94694a721449e3fd752493856710f6]
-3.16-upstream-stable:
+3.16-upstream-stable: needed
 3.2-upstream-stable: N/A "Vulnerable code introduced in 3.13-rc1 with f69bcbf3b4c4b333dcd7a48eaf868bf0c88edab5"
 sid: released (4.6.1-1) [2a9369456a384d84c521c8ebb48d247e8738f84f]
-3.16-jessie-security:
+3.16-jessie-security: pending (3.16.7-ckt25-2+deb8u3) [bugfix/x86/misc-mic-fix-for-double-fetch-security-bug-in-vop-dr.patch]
 3.2-wheezy-security: N/A "Vulnerable code not present"

Modified: active/CVE-2016-5828
===================================================================
--- active/CVE-2016-5828	2016-07-01 13:49:50 UTC (rev 4505)
+++ active/CVE-2016-5828	2016-07-02 10:08:04 UTC (rev 4506)
@@ -8,5 +8,5 @@
 3.16-upstream-stable: needed
 3.2-upstream-stable: N/A "Introduced in 3.10-rc1 with bc2a9408fa65195288b41751016c36fd00a75a85"
 sid: needed
-3.16-jessie-security: needed
+3.16-jessie-security: pending (3.16.7-ckt25-2+deb8u3) [bugfix/powerpc/powerpc-tm-always-reclaim-in-start_thread-for-exec-c.patch]
 3.2-wheezy-security: N/A "Vulnerable code not present"

Modified: active/CVE-2016-5829
===================================================================
--- active/CVE-2016-5829	2016-07-01 13:49:50 UTC (rev 4505)
+++ active/CVE-2016-5829	2016-07-02 10:08:04 UTC (rev 4506)
@@ -3,8 +3,8 @@
 Notes:
 Bugs:
 upstream: released (4.7-rc5) [93a2001bdfd5376c3dc2158653034c20392d15c5]
-3.16-upstream-stable:
-3.2-upstream-stable:
+3.16-upstream-stable: needed
+3.2-upstream-stable: needed
 sid: pending (4.6.3-1) [bugfix/all/HID-hiddev-validate-num_values-for-HIDIOCGUSAGES-HID.patch]
-3.16-jessie-security:
-3.2-wheezy-security:
+3.16-jessie-security: pending (3.16.7-ckt25-2+deb8u3) [bugfix/all/hid-hiddev-validate-num_values-for-hidiocgusages-hid.patch]
+3.2-wheezy-security: needed

Modified: active/CVE-2016-6130
===================================================================
--- active/CVE-2016-6130	2016-07-01 13:49:50 UTC (rev 4505)
+++ active/CVE-2016-6130	2016-07-02 10:08:04 UTC (rev 4506)
@@ -1,11 +1,11 @@
-Description:
+Description: Information leak in s390 sclp driver
 References:
 Notes:
 Bugs:
  https://bugzilla.kernel.org/show_bug.cgi?id=116741
 upstream: released (4.6-rc6) [532c34b5fbf1687df63b3fcd5b2846312ac943c6]
-3.16-upstream-stable:
-3.2-upstream-stable:
+3.16-upstream-stable: needed
+3.2-upstream-stable: N/A "Vulnerable code introduced in 3.11 with d475f942b1dd6a897dac3ad4ed98d6994b275378"
 sid: released (4.6.1-1)
-3.16-jessie-security:
-3.2-wheezy-security:
+3.16-jessie-security: pending (3.16.7-ckt25-2+deb8u3) [bugfix/s390/s390-sclp_ctl-fix-potential-information-leak-with-de.patch]
+3.2-wheezy-security: N/A "Vulnerable code not present"


