[kernel-sec-discuss] r4445 - active

Ben Hutchings benh at moszumanska.debian.org
Wed Jun 15 22:22:50 UTC 2016 

Author: benh
Date: 2016-06-15 22:22:50 +0000 (Wed, 15 Jun 2016)
New Revision: 4445

Modified:
   active/CVE-2015-7515
   active/CVE-2016-0821
   active/CVE-2016-2143
   active/CVE-2016-2184
   active/CVE-2016-2185
   active/CVE-2016-2186
   active/CVE-2016-2187
   active/CVE-2016-3134
   active/CVE-2016-3136
   active/CVE-2016-3137
   active/CVE-2016-3138
   active/CVE-2016-3140
   active/CVE-2016-3156
   active/CVE-2016-3157
   active/CVE-2016-3672
   active/CVE-2016-3951
   active/CVE-2016-3955
   active/CVE-2016-3961
   active/CVE-2016-4485
   active/CVE-2016-4486
   active/CVE-2016-4565
   active/CVE-2016-4580
   active/CVE-2016-4805
   active/CVE-2016-4913
Log:
Mark issues pending for wheezy in 3.2.81-1 (not 3.2.80-1)

Modified: active/CVE-2015-7515
===================================================================
--- active/CVE-2015-7515	2016-06-15 22:20:19 UTC (rev 4444)
+++ active/CVE-2015-7515	2016-06-15 22:22:50 UTC (rev 4445)
@@ -10,4 +10,4 @@
 3.2-upstream-stable: released (3.2.79) [input-aiptek-fix-crash-on-detecting-device-without-endpoints.patch]
 sid: released (4.4.2-1)
 3.16-jessie-security: needed
-3.2-wheezy-security: pending (3.2.80-1)
+3.2-wheezy-security: pending (3.2.81-1)

Modified: active/CVE-2016-0821
===================================================================
--- active/CVE-2016-0821	2016-06-15 22:20:19 UTC (rev 4444)
+++ active/CVE-2016-0821	2016-06-15 22:22:50 UTC (rev 4445)
@@ -7,4 +7,4 @@
 3.2-upstream-stable: released (3.2.79) [include-linux-poison.h-fix-list_poison-1-2-offset.patch]
 sid: released (4.3.1-1)
 3.16-jessie-security: pending (3.16.7-ckt25-2+deb8u1) [bugfix/all/include-linux-poison.h-fix-list_poison-1-2-offset.patch]
-3.2-wheezy-security: pending (3.2.80-1)
+3.2-wheezy-security: pending (3.2.81-1)

Modified: active/CVE-2016-2143
===================================================================
--- active/CVE-2016-2143	2016-06-15 22:20:19 UTC (rev 4444)
+++ active/CVE-2016-2143	2016-06-15 22:22:50 UTC (rev 4445)
@@ -8,4 +8,4 @@
 3.2-upstream-stable: released (3.2.79) [s390-mm-four-page-table-levels-vs.-fork.patch]
 sid: released (4.4.6-1)
 3.16-jessie-security: pending (3.16.7-ckt25-2+deb8u1) [bugfix/s390/s390-mm-four-page-table-levels-vs.-fork.patch]
-3.2-wheezy-security: pending (3.2.80-1)
+3.2-wheezy-security: pending (3.2.81-1)

Modified: active/CVE-2016-2184
===================================================================
--- active/CVE-2016-2184	2016-06-15 22:20:19 UTC (rev 4444)
+++ active/CVE-2016-2184	2016-06-15 22:22:50 UTC (rev 4445)
@@ -10,4 +10,4 @@
 3.2-upstream-stable: released (3.2.80) [alsa-usb-audio-fix-null-dereference-in-create_fixed_stream_quirk.patch, alsa-usb-audio-add-sanity-checks-for-endpoint-accesses.patch]
 sid: released (4.5.1-1)
 3.16-jessie-security: needed
-3.2-wheezy-security: pending (3.2.80-1)
+3.2-wheezy-security: pending (3.2.81-1)

Modified: active/CVE-2016-2185
===================================================================
--- active/CVE-2016-2185	2016-06-15 22:20:19 UTC (rev 4444)
+++ active/CVE-2016-2185	2016-06-15 22:22:50 UTC (rev 4445)
@@ -10,4 +10,4 @@
 3.2-upstream-stable: released (3.2.80) [input-ati_remote2-fix-crashes-on-detecting-device-with-invalid.patch]
 sid: released (4.5.1-1)
 3.16-jessie-security: needed
-3.2-wheezy-security: pending (3.2.80-1)
+3.2-wheezy-security: pending (3.2.81-1)

Modified: active/CVE-2016-2186
===================================================================
--- active/CVE-2016-2186	2016-06-15 22:20:19 UTC (rev 4444)
+++ active/CVE-2016-2186	2016-06-15 22:22:50 UTC (rev 4445)
@@ -10,4 +10,4 @@
 3.2-upstream-stable: released (3.2.80) [input-powermate-fix-oops-with-malicious-usb-descriptors.patch]
 sid: released (4.5.1-1)
 3.16-jessie-security: needed
-3.2-wheezy-security: pending (3.2.80-1)
+3.2-wheezy-security: pending (3.2.81-1)

Modified: active/CVE-2016-2187
===================================================================
--- active/CVE-2016-2187	2016-06-15 22:20:19 UTC (rev 4444)
+++ active/CVE-2016-2187	2016-06-15 22:22:50 UTC (rev 4445)
@@ -8,4 +8,4 @@
 3.2-upstream-stable: released (3.2.81) [input-gtco-fix-crash-on-detecting-device-without-endpoints.patch]
 sid: released (4.5.2-1) [bugfix/all/input-gtco-fix-crash-on-detecting-device-without-end.patch]
 3.16-jessie-security: needed
-3.2-wheezy-security: needed
+3.2-wheezy-security: pending (3.2.81-1)

Modified: active/CVE-2016-3134
===================================================================
--- active/CVE-2016-3134	2016-06-15 22:20:19 UTC (rev 4444)
+++ active/CVE-2016-3134	2016-06-15 22:22:50 UTC (rev 4445)
@@ -16,4 +16,4 @@
 3.2-upstream-stable: released (3.2.80) [netfilter-x_tables-validate-e-target_offset-early.patch, netfilter-x_tables-make-sure-e-next_offset-covers-remaining-blob.patch]
 sid: released (4.5.1-1) [bugfix/all/netfilter-x_tables-validate-e-target_offset-early.patch, bugfix/all/netfilter-x_tables-make-sure-e-next_offset-covers-re.patch]
 3.16-jessie-security: pending (3.16.7-ckt25-2+deb8u1) [bugfix/all/netfilter-x_tables-validate-e-target_offset-early.patch, bugfix/all/netfilter-x_tables-make-sure-e-next_offset-covers-remaining-blob.patch]
-3.2-wheezy-security: pending (3.2.80-1)
+3.2-wheezy-security: pending (3.2.81-1)

Modified: active/CVE-2016-3136
===================================================================
--- active/CVE-2016-3136	2016-06-15 22:20:19 UTC (rev 4444)
+++ active/CVE-2016-3136	2016-06-15 22:22:50 UTC (rev 4445)
@@ -9,4 +9,4 @@
 3.2-upstream-stable: released (3.2.80) [usb-mct_u232-add-sanity-checking-in-probe.patch]
 sid: released (4.5.1-1)
 3.16-jessie-security: needed
-3.2-wheezy-security: pending (3.2.80-1)
+3.2-wheezy-security: pending (3.2.81-1)

Modified: active/CVE-2016-3137
===================================================================
--- active/CVE-2016-3137	2016-06-15 22:20:19 UTC (rev 4444)
+++ active/CVE-2016-3137	2016-06-15 22:22:50 UTC (rev 4445)
@@ -9,4 +9,4 @@
 3.2-upstream-stable: released (3.2.80) [usb-cypress_m8-add-endpoint-sanity-check.patch]
 sid: released (4.5.1-1)
 3.16-jessie-security: needed
-3.2-wheezy-security: pending (3.2.80-1)
+3.2-wheezy-security: pending (3.2.81-1)

Modified: active/CVE-2016-3138
===================================================================
--- active/CVE-2016-3138	2016-06-15 22:20:19 UTC (rev 4444)
+++ active/CVE-2016-3138	2016-06-15 22:22:50 UTC (rev 4445)
@@ -9,4 +9,4 @@
 3.2-upstream-stable: released (3.2.80) [usb-cdc-acm-more-sanity-checking.patch]
 sid: released (4.5.1-1)
 3.16-jessie-security: needed
-3.2-wheezy-security: pending (3.2.80-1)
+3.2-wheezy-security: pending (3.2.81-1)

Modified: active/CVE-2016-3140
===================================================================
--- active/CVE-2016-3140	2016-06-15 22:20:19 UTC (rev 4444)
+++ active/CVE-2016-3140	2016-06-15 22:22:50 UTC (rev 4445)
@@ -10,4 +10,4 @@
 3.2-upstream-stable: released (3.2.80) [usb-digi_acceleport-do-sanity-checking-for-the-number-of-ports.patch]
 sid: released (4.5.1-1)
 3.16-jessie-security: needed
-3.2-wheezy-security: pending (3.2.80-1)
+3.2-wheezy-security: pending (3.2.81-1)

Modified: active/CVE-2016-3156
===================================================================
--- active/CVE-2016-3156	2016-06-15 22:20:19 UTC (rev 4444)
+++ active/CVE-2016-3156	2016-06-15 22:22:50 UTC (rev 4445)
@@ -7,4 +7,4 @@
 3.2-upstream-stable: released (3.2.80) [ipv4-don-t-do-expensive-useless-work-during-inetdev-destroy.patch]
 sid: released (4.5.1-1) [bugfix/all/ipv4-don-t-do-expensive-useless-work-during-inetdev-.patch]
 3.16-jessie-security: pending (3.16.7-ckt25-2+deb8u1) [bugfix/all/ipv4-don-t-do-expensive-useless-work-during-inetdev-.patch]
-3.2-wheezy-security: pending (3.2.80-1)
+3.2-wheezy-security: pending (3.2.81-1)

Modified: active/CVE-2016-3157
===================================================================
--- active/CVE-2016-3157	2016-06-15 22:20:19 UTC (rev 4444)
+++ active/CVE-2016-3157	2016-06-15 22:22:50 UTC (rev 4445)
@@ -8,4 +8,4 @@
 3.2-upstream-stable: released (3.2.80) [x86-iopl-64-properly-context-switch-iopl-on-xen-pv.patch]
 sid: released (4.5.1-1)
 3.16-jessie-security: pending (3.16.7-ckt25-2+deb8u1) [bugfix/x86/x86-iopl-64-properly-context-switch-iopl-on-xen-pv.patch]
-3.2-wheezy-security: pending (3.2.80-1)
+3.2-wheezy-security: pending (3.2.81-1)

Modified: active/CVE-2016-3672
===================================================================
--- active/CVE-2016-3672	2016-06-15 22:20:19 UTC (rev 4444)
+++ active/CVE-2016-3672	2016-06-15 22:22:50 UTC (rev 4445)
@@ -11,4 +11,4 @@
 3.2-upstream-stable: released (3.2.80) [x86-standardize-mmap_rnd-usage.patch, x86-mm-32-enable-full-randomization-on-i386-and-x86_32.patch]
 sid: released (4.5.1-1) [bugfix/all/x86-mm-32-enable-full-randomization-on-i386-and-x86_.patch]
 3.16-jessie-security: pending (3.16.7-ckt25-2+deb8u1) [bugfix/x86/x86-standardize-mmap_rnd-usage.patch, bugfix/x86/x86-mm-32-enable-full-randomization-on-i386-and-x86_32.patch]
-3.2-wheezy-security: pending (3.2.80-1)
+3.2-wheezy-security: pending (3.2.81-1)

Modified: active/CVE-2016-3951
===================================================================
--- active/CVE-2016-3951	2016-06-15 22:20:19 UTC (rev 4444)
+++ active/CVE-2016-3951	2016-06-15 22:22:50 UTC (rev 4445)
@@ -8,4 +8,4 @@
 3.2-upstream-stable: released (3.2.80) [usbnet-cleanup-after-bind-in-probe.patch]
 sid: released (4.5.1-1)
 3.16-jessie-security: pending (3.16.7-ckt25-2+deb8u1) [bugfix/all/cdc_ncm-do-not-call-usbnet_link_change-from-cdc_ncm_.patch, bugfix/all/usbnet-cleanup-after-bind-in-probe.patch]
-3.2-wheezy-security: pending (3.2.80-1)
+3.2-wheezy-security: pending (3.2.81-1)

Modified: active/CVE-2016-3955
===================================================================
--- active/CVE-2016-3955	2016-06-15 22:20:19 UTC (rev 4444)
+++ active/CVE-2016-3955	2016-06-15 22:22:50 UTC (rev 4445)
@@ -7,4 +7,4 @@
 3.2-upstream-stable: released (3.2.80) [usb-usbip-fix-potential-out-of-bounds-write.patch]
 sid: released (4.5.2-1) [bugfix/all/USB-usbip-fix-potential-out-of-bounds-write.patch]
 3.16-jessie-security: pending (3.16.7-ckt25-2+deb8u1) [bugfix/all/USB-usbip-fix-potential-out-of-bounds-write.patch]
-3.2-wheezy-security: pending (3.2.80-1)
+3.2-wheezy-security: pending (3.2.81-1)

Modified: active/CVE-2016-3961
===================================================================
--- active/CVE-2016-3961	2016-06-15 22:20:19 UTC (rev 4444)
+++ active/CVE-2016-3961	2016-06-15 22:22:50 UTC (rev 4445)
@@ -8,4 +8,4 @@
 3.2-upstream-stable: released (3.2.81) [hugetlb-ensure-hugepage-access-is-denied-if-hugepages-are-not.patch, mm-hugetlb-allow-hugepages_supported-to-be-architecture-specific.patch, x86-mm-xen-suppress-hugetlbfs-in-pv-guests.patch]
 sid: released (4.5.2-1) [bugfix/x86/x86-xen-suppress-hugetlbfs-in-PV-guests.patch]
 3.16-jessie-security: pending (3.16.7-ckt25-2+deb8u1) [bugfix/all/mm-hugetlb-allow-hugepages_supported-to-be-architect.patch, bugfix/x86/x86-mm-xen-Suppress-hugetlbfs-in-PV-guests.patch]
-3.2-wheezy-security: pending (3.2.80-1) [bugfix/all/hugetlb-ensure-hugepage-access-is-denied-if-hugepages-are-not.patch, bugfix/all/mm-hugetlb-allow-hugepages_supported-to-be-architect.patch, bugfix/x86/x86-mm-xen-Suppress-hugetlbfs-in-PV-guests.patch]
+3.2-wheezy-security: pending (3.2.81-1) [bugfix/all/hugetlb-ensure-hugepage-access-is-denied-if-hugepages-are-not.patch, bugfix/all/mm-hugetlb-allow-hugepages_supported-to-be-architect.patch, bugfix/x86/x86-mm-xen-Suppress-hugetlbfs-in-PV-guests.patch]

Modified: active/CVE-2016-4485
===================================================================
--- active/CVE-2016-4485	2016-06-15 22:20:19 UTC (rev 4444)
+++ active/CVE-2016-4485	2016-06-15 22:22:50 UTC (rev 4445)
@@ -7,4 +7,4 @@
 3.2-upstream-stable: released (3.2.81) [net-fix-infoleak-in-llc.patch]
 sid: released (4.5.4-1) [bugfix/all/net-fix-infoleak-in-llc.patch]
 3.16-jessie-security: needed
-3.2-wheezy-security: needed
+3.2-wheezy-security: pending (3.2.81-1)

Modified: active/CVE-2016-4486
===================================================================
--- active/CVE-2016-4486	2016-06-15 22:20:19 UTC (rev 4444)
+++ active/CVE-2016-4486	2016-06-15 22:22:50 UTC (rev 4445)
@@ -7,4 +7,4 @@
 3.2-upstream-stable: released (3.2.81) [net-fix-infoleak-in-rtnetlink.patch]
 sid: released (4.5.4-1) [bugfix/all/net-fix-infoleak-in-rtnetlink.patch]
 3.16-jessie-security: needed
-3.2-wheezy-security: needed
+3.2-wheezy-security: pending (3.2.81-1)

Modified: active/CVE-2016-4565
===================================================================
--- active/CVE-2016-4565	2016-06-15 22:20:19 UTC (rev 4444)
+++ active/CVE-2016-4565	2016-06-15 22:22:50 UTC (rev 4445)
@@ -7,4 +7,4 @@
 3.2-upstream-stable: released (3.2.81) [ib-security-restrict-use-of-the-write-interface.patch]
 sid: released (4.5.3-1)
 3.16-jessie-security: needed
-3.2-wheezy-security: needed
+3.2-wheezy-security: pending (3.2.81-1)

Modified: active/CVE-2016-4580
===================================================================
--- active/CVE-2016-4580	2016-06-15 22:20:19 UTC (rev 4444)
+++ active/CVE-2016-4580	2016-06-15 22:22:50 UTC (rev 4445)
@@ -8,4 +8,4 @@
 3.2-upstream-stable: released (3.2.81) [net-fix-a-kernel-infoleak-in-x25-module.patch]
 sid: released (4.5.5-1)
 3.16-jessie-security:
-3.2-wheezy-security:
+3.2-wheezy-security: pending (3.2.81-1)

Modified: active/CVE-2016-4805
===================================================================
--- active/CVE-2016-4805	2016-06-15 22:20:19 UTC (rev 4444)
+++ active/CVE-2016-4805	2016-06-15 22:22:50 UTC (rev 4445)
@@ -7,4 +7,4 @@
 3.2-upstream-stable: released (3.2.80) [7fda126c5155acc3e61596ce4c5dcf3859e22444]
 sid: released (4.5.2-1)
 3.16-jessie-security: needed
-3.2-wheezy-security: needed
+3.2-wheezy-security: pending (3.2.81-1)

Modified: active/CVE-2016-4913
===================================================================
--- active/CVE-2016-4913	2016-06-15 22:20:19 UTC (rev 4444)
+++ active/CVE-2016-4913	2016-06-15 22:22:50 UTC (rev 4445)
@@ -7,4 +7,4 @@
 3.2-upstream-stable: released (3.2.81) [get_rock_ridge_filename-handle-malformed-nm-entries.patch]
 sid: released (4.5.4-1) [bugfix/all/get_rock_ridge_filename-handle-malformed-nm-entries.patch]
 3.16-jessie-security: pending (3.16.7-ckt25-2+deb8u1) [bugfix/all/get_rock_ridge_filename-handle-malformed-NM-entries.patch]
-3.2-wheezy-security: pending (3.2.80-1) [bugfix/all/get_rock_ridge_filename-handle-malformed-NM-entries.patch]
+3.2-wheezy-security: pending (3.2.81-1) [bugfix/all/get_rock_ridge_filename-handle-malformed-NM-entries.patch]

More information about the kernel-sec-discuss mailing list