[kernel-sec-discuss] r4219 - active
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu Mar 3 19:43:36 UTC 2016
Author: carnil
Date: 2016-03-03 19:43:36 +0000 (Thu, 03 Mar 2016)
New Revision: 4219
Modified:
active/CVE-2013-4312
active/CVE-2015-7566
active/CVE-2015-8767
active/CVE-2015-8785
active/CVE-2015-8812
active/CVE-2015-8816
active/CVE-2015-8830
active/CVE-2016-0723
active/CVE-2016-0774
active/CVE-2016-2069
active/CVE-2016-2384
active/CVE-2016-2543
active/CVE-2016-2544
active/CVE-2016-2545
active/CVE-2016-2546
active/CVE-2016-2547
active/CVE-2016-2548
active/CVE-2016-2549
active/CVE-2016-2550
Log:
Mark CVEs pending for DSA-3503-1 as released
Modified: active/CVE-2013-4312
===================================================================
--- active/CVE-2013-4312 2016-03-03 05:56:03 UTC (rev 4218)
+++ active/CVE-2013-4312 2016-03-03 19:43:36 UTC (rev 4219)
@@ -16,6 +16,6 @@
3.2-upstream-stable: released (3.2.78) [unix-properly-account-for-fds-passed-over-unix-sockets.patch, pipe-limit-the-per-user-amount-of-pages-allocated-in.patch]
2.6.32-upstream-stable: ignored
sid: released (4.3.5-1) [bugfix/all/pipe-limit-the-per-user-amount-of-pages-allocated-in.patch]
-3.16-jessie-security: pending (3.16.7-ckt20-1+deb8u4) [bugfix/all/unix-properly-account-for-FDs-passed-over-unix-socke.patch, bugfix/all/pipe-limit-the-per-user-amount-of-pages-allocated-in.patch]
-3.2-wheezy-security: pending (3.2.73-2+deb7u3) [bugfix/all/unix-properly-account-for-FDs-passed-over-unix-socke.patch, bugfix/all/pipe-limit-the-per-user-amount-of-pages-allocated-in.patch]
+3.16-jessie-security: released (3.16.7-ckt20-1+deb8u4) [bugfix/all/unix-properly-account-for-FDs-passed-over-unix-socke.patch, bugfix/all/pipe-limit-the-per-user-amount-of-pages-allocated-in.patch]
+3.2-wheezy-security: released (3.2.73-2+deb7u3) [bugfix/all/unix-properly-account-for-FDs-passed-over-unix-socke.patch, bugfix/all/pipe-limit-the-per-user-amount-of-pages-allocated-in.patch]
2.6.32-squeeze-security: ignored "Too risky to backport at EOL"
Modified: active/CVE-2015-7566
===================================================================
--- active/CVE-2015-7566 2016-03-03 05:56:03 UTC (rev 4218)
+++ active/CVE-2015-7566 2016-03-03 19:43:36 UTC (rev 4219)
@@ -11,5 +11,5 @@
2.6.32-upstream-stable: pending (2.6.32.71)
sid: released (4.3.3-6) [bugfix/all/usb-serial-visor-fix-crash-on-detecting-device-without-write_urbs.patch]
3.16-jessie-security: released (3.16.7-ckt20-1+deb8u3) [bugfix/all/usb-serial-visor-fix-crash-on-detecting-device-without-write_urbs.patch]
-3.2-wheezy-security: pending (3.2.73-2+deb7u3) [bugfix/all/usb-serial-visor-fix-crash-on-detecting-device-without-write_urbs.patch]
+3.2-wheezy-security: released (3.2.73-2+deb7u3) [bugfix/all/usb-serial-visor-fix-crash-on-detecting-device-without-write_urbs.patch]
2.6.32-squeeze-security: released (2.6.32-48squeeze19) [bugfix/all/usb-serial-visor-fix-crash-on-detecting-device-without-write_urbs.patch]
Modified: active/CVE-2015-8767
===================================================================
--- active/CVE-2015-8767 2016-03-03 05:56:03 UTC (rev 4218)
+++ active/CVE-2015-8767 2016-03-03 19:43:36 UTC (rev 4219)
@@ -12,5 +12,5 @@
2.6.32-upstream-stable: pending (2.6.32.71)
sid: released (4.3.1-1)
3.16-jessie-security: released (3.16.7-ckt20-1+deb8u3) [bugfix/all/sctp-prevent-soft-lockup-when-sctp_accept-is-called-.patch]
-3.2-wheezy-security: pending (3.2.73-2+deb7u3) [bugfix/all/sctp-prevent-soft-lockup-when-sctp_accept-is-called-.patch]
+3.2-wheezy-security: released (3.2.73-2+deb7u3) [bugfix/all/sctp-prevent-soft-lockup-when-sctp_accept-is-called-.patch]
2.6.32-squeeze-security: released (2.6.32-48squeeze19) [bugfix/all/sctp-prevent-soft-lockup-when-sctp_accept-is-called-.patch]
Modified: active/CVE-2015-8785
===================================================================
--- active/CVE-2015-8785 2016-03-03 05:56:03 UTC (rev 4218)
+++ active/CVE-2015-8785 2016-03-03 19:43:36 UTC (rev 4219)
@@ -7,6 +7,6 @@
3.2-upstream-stable: released (3.2.75)
2.6.32-upstream-stable: released (2.6.32.70)
sid: released (4.3.5-1) [bugfix/all/fuse-break-infinite-loop-in-fuse_fill_write_pages.patch]
-3.16-jessie-security: pending (3.16.7-ckt20-1+deb8u4) [bugfix/all/fuse-break-infinite-loop-in-fuse_fill_write_pages.patch]
-3.2-wheezy-security: pending (3.2.73-2+deb7u3) [bugfix/all/fuse-break-infinite-loop-in-fuse_fill_write_pages.patch]
+3.16-jessie-security: released (3.16.7-ckt20-1+deb8u4) [bugfix/all/fuse-break-infinite-loop-in-fuse_fill_write_pages.patch]
+3.2-wheezy-security: released (3.2.73-2+deb7u3) [bugfix/all/fuse-break-infinite-loop-in-fuse_fill_write_pages.patch]
2.6.32-squeeze-security: released (2.6.32-48squeeze19) [bugfix/all/stable/2.6.32.70-rc1.patch]
Modified: active/CVE-2015-8812
===================================================================
--- active/CVE-2015-8812 2016-03-03 05:56:03 UTC (rev 4218)
+++ active/CVE-2015-8812 2016-03-03 19:43:36 UTC (rev 4219)
@@ -9,6 +9,6 @@
3.2-upstream-stable: released (3.2.78) [iw_cxgb3-fix-incorrectly-returning-error-on-success.patch]
2.6.32-upstream-stable: needed
sid: released (4.4.2-1) [bugfix/all/iw_cxgb3-Fix-incorrectly-returning-error-on-success.patch]
-3.16-jessie-security: pending (3.16.7-ckt20-1+deb8u4) [bugfix/all/iw_cxgb3-Fix-incorrectly-returning-error-on-success.patch]
-3.2-wheezy-security: pending (3.2.73-2+deb7u3) [bugfix/all/iw_cxgb3-Fix-incorrectly-returning-error-on-success.patch]
+3.16-jessie-security: released (3.16.7-ckt20-1+deb8u4) [bugfix/all/iw_cxgb3-Fix-incorrectly-returning-error-on-success.patch]
+3.2-wheezy-security: released (3.2.73-2+deb7u3) [bugfix/all/iw_cxgb3-Fix-incorrectly-returning-error-on-success.patch]
2.6.32-squeeze-security: released (2.6.32-48squeeze20) [bugfix/all/rdma-cxgb3-don-t-free-skbs-on-net_xmit_-indications-.patch, bugfix/all/iw_cxgb3-Fix-incorrectly-returning-error-on-success.patch]
Modified: active/CVE-2015-8816
===================================================================
--- active/CVE-2015-8816 2016-03-03 05:56:03 UTC (rev 4218)
+++ active/CVE-2015-8816 2016-03-03 19:43:36 UTC (rev 4219)
@@ -6,7 +6,7 @@
3.16-upstream-stable: released (3.16.7-ckt23)
3.2-upstream-stable: released (3.2.76)
sid: released (4.4.2-1)
-3.16-jessie-security: pending (3.16.7-ckt20-1+deb8u4) [bugfix/all/usb-fix-invalid-memory-access-in-hub_activate.patch]
-3.2-wheezy-security: pending (3.2.73-2+deb7u3) [bugfix/all/usb-fix-invalid-memory-access-in-hub_activate.patch]
+3.16-jessie-security: released (3.16.7-ckt20-1+deb8u4) [bugfix/all/usb-fix-invalid-memory-access-in-hub_activate.patch]
+3.2-wheezy-security: released (3.2.73-2+deb7u3) [bugfix/all/usb-fix-invalid-memory-access-in-hub_activate.patch]
2.6.32-upstream-stable: released (2.6.32.70)
2.6.32-squeeze-security: released (2.6.32-48squeeze19)
Modified: active/CVE-2015-8830
===================================================================
--- active/CVE-2015-8830 2016-03-03 05:56:03 UTC (rev 4218)
+++ active/CVE-2015-8830 2016-03-03 19:43:36 UTC (rev 4219)
@@ -11,5 +11,5 @@
3.16-upstream-stable: needed
3.2-upstream-stable: N/A "Includes previous fix and not the regression"
sid: released (4.1.3-1)
-3.16-jessie-security: pending (3.16.7-ckt20-1+deb8u4) [bugfix/all/aio-properly-check-iovec-sizes.patch]
+3.16-jessie-security: released (3.16.7-ckt20-1+deb8u4) [bugfix/all/aio-properly-check-iovec-sizes.patch]
3.2-wheezy-security: N/A "Includes previous fix and not the regression"
Modified: active/CVE-2016-0723
===================================================================
--- active/CVE-2016-0723 2016-03-03 05:56:03 UTC (rev 4218)
+++ active/CVE-2016-0723 2016-03-03 19:43:36 UTC (rev 4219)
@@ -8,5 +8,5 @@
2.6.32-upstream-stable: pending (2.6.32.71)
sid: released (4.3.3-6) [bugfix/all/tty-fix-unsafe-ldisc-reference-via-ioctl-tiocgetd.patch]
3.16-jessie-security: released (3.16.7-ckt20-1+deb8u3) [bugfix/all/tty-fix-unsafe-ldisc-reference-via-ioctl-tiocgetd.patch]
-3.2-wheezy-security: pending (3.2.73-2+deb7u3) [bugfix/all/tty-fix-unsafe-ldisc-reference-via-ioctl-tiocgetd.patch]
+3.2-wheezy-security: released (3.2.73-2+deb7u3) [bugfix/all/tty-fix-unsafe-ldisc-reference-via-ioctl-tiocgetd.patch]
2.6.32-squeeze-security: released (2.6.32-48squeeze19) [bugfix/all/tty-fix-unsafe-ldisc-reference-via-ioctl-tiocgetd.patch]
Modified: active/CVE-2016-0774
===================================================================
--- active/CVE-2016-0774 2016-03-03 05:56:03 UTC (rev 4218)
+++ active/CVE-2016-0774 2016-03-03 19:43:36 UTC (rev 4219)
@@ -8,5 +8,5 @@
2.6.32-upstream-stable: needed
sid: N/A "upstream fix was correct"
3.16-jessie-security: N/A "upstream fix was correct"
-3.2-wheezy-security: pending (3.2.73-2+deb7u3) [bugfix/all/pipe-fix-buffer-offset-after-partially-failed-read.patch]
+3.2-wheezy-security: released (3.2.73-2+deb7u3) [bugfix/all/pipe-fix-buffer-offset-after-partially-failed-read.patch]
2.6.32-squeeze-security: released (2.6.32-48squeeze20) [bugfix/all/pipe-fix-buffer-offset-after-partially-failed-read.patch]
Modified: active/CVE-2016-2069
===================================================================
--- active/CVE-2016-2069 2016-03-03 05:56:03 UTC (rev 4218)
+++ active/CVE-2016-2069 2016-03-03 19:43:36 UTC (rev 4219)
@@ -7,6 +7,6 @@
3.2-upstream-stable: released (3.2.77) [x86-mm-add-barriers-and-document-switch_mm-vs-flush.patch, x86-mm-improve-switch_mm-barrier-comments.patch]
2.6.32-upstream-stable: pending (2.6.32.71)
sid: released (4.3.5-1)
-3.16-jessie-security: pending (3.16.7-ckt20-1+deb8u4) [bugfix/x86/x86-mm-Add-barriers-and-document-switch_mm-vs-flush-.patch, bugfix/x86/x86-mm-Improve-switch_mm-barrier-comments.patch]
-3.2-wheezy-security: pending (3.2.73-2+deb7u3) [bugfix/x86/x86-mm-Add-barriers-and-document-switch_mm-vs-flush-.patch, bugfix/x86/x86-mm-Improve-switch_mm-barrier-comments.patch]
+3.16-jessie-security: released (3.16.7-ckt20-1+deb8u4) [bugfix/x86/x86-mm-Add-barriers-and-document-switch_mm-vs-flush-.patch, bugfix/x86/x86-mm-Improve-switch_mm-barrier-comments.patch]
+3.2-wheezy-security: released (3.2.73-2+deb7u3) [bugfix/x86/x86-mm-Add-barriers-and-document-switch_mm-vs-flush-.patch, bugfix/x86/x86-mm-Improve-switch_mm-barrier-comments.patch]
2.6.32-squeeze-security: released (2.6.32-48squeeze19) [bugfix/x86/x86-mm-Add-barriers-and-document-switch_mm-vs-flush-.patch, bugfix/x86/x86-mm-Improve-switch_mm-barrier-comments.patch]
Modified: active/CVE-2016-2384
===================================================================
--- active/CVE-2016-2384 2016-03-03 05:56:03 UTC (rev 4218)
+++ active/CVE-2016-2384 2016-03-03 19:43:36 UTC (rev 4219)
@@ -7,6 +7,6 @@
3.2-upstream-stable: released (3.2.78) [alsa-usb-audio-avoid-freeing-umidi-object-twice.patch]
2.6.32-upstream-stable: needed
sid: released (4.4.2-1) [bugfix/all/alsa-usb-audio-avoid-freeing-umidi-object-twice.patch]
-3.16-jessie-security: pending (3.16.7-ckt20-1+deb8u4) [bugfix/all/alsa-usb-audio-avoid-freeing-umidi-object-twice.patch]
-3.2-wheezy-security: pending (3.2.73-2+deb7u3) [bugfix/all/alsa-usb-audio-avoid-freeing-umidi-object-twice.patch]
+3.16-jessie-security: released (3.16.7-ckt20-1+deb8u4) [bugfix/all/alsa-usb-audio-avoid-freeing-umidi-object-twice.patch]
+3.2-wheezy-security: released (3.2.73-2+deb7u3) [bugfix/all/alsa-usb-audio-avoid-freeing-umidi-object-twice.patch]
2.6.32-squeeze-security: released (2.6.32-48squeeze20) [bugfix/all/alsa-usb-audio-avoid-freeing-umidi-object-twice.patch]
Modified: active/CVE-2016-2543
===================================================================
--- active/CVE-2016-2543 2016-03-03 05:56:03 UTC (rev 4218)
+++ active/CVE-2016-2543 2016-03-03 19:43:36 UTC (rev 4219)
@@ -6,5 +6,5 @@
3.16-upstream-stable: released (3.16.7-ckt24)
3.2-upstream-stable: released (3.2.77)
sid: released (4.4.2-1)
-3.16-jessie-security: pending (3.16.7-ckt20-1+deb8u4) [bugfix/all/alsa-seq-fix-missing-null-check-at-remove_events-ioctl.patch]
-3.2-wheezy-security: pending (3.2.73-2+deb7u3) [bugfix/all/alsa-seq-fix-missing-null-check-at-remove_events-ioctl.patch]
+3.16-jessie-security: released (3.16.7-ckt20-1+deb8u4) [bugfix/all/alsa-seq-fix-missing-null-check-at-remove_events-ioctl.patch]
+3.2-wheezy-security: released (3.2.73-2+deb7u3) [bugfix/all/alsa-seq-fix-missing-null-check-at-remove_events-ioctl.patch]
Modified: active/CVE-2016-2544
===================================================================
--- active/CVE-2016-2544 2016-03-03 05:56:03 UTC (rev 4218)
+++ active/CVE-2016-2544 2016-03-03 19:43:36 UTC (rev 4219)
@@ -6,5 +6,5 @@
3.16-upstream-stable: released (3.16.7-ckt24)
3.2-upstream-stable: released (3.2.77)
sid: released (4.4.2-1)
-3.16-jessie-security: pending (3.16.7-ckt20-1+deb8u4) [bugfix/all/alsa-seq-fix-race-at-timer-setup-and-close.patch]
-3.2-wheezy-security: pending (3.2.73-2+deb7u3) [bugfix/all/alsa-seq-fix-race-at-timer-setup-and-close.patch]
+3.16-jessie-security: released (3.16.7-ckt20-1+deb8u4) [bugfix/all/alsa-seq-fix-race-at-timer-setup-and-close.patch]
+3.2-wheezy-security: released (3.2.73-2+deb7u3) [bugfix/all/alsa-seq-fix-race-at-timer-setup-and-close.patch]
Modified: active/CVE-2016-2545
===================================================================
--- active/CVE-2016-2545 2016-03-03 05:56:03 UTC (rev 4218)
+++ active/CVE-2016-2545 2016-03-03 19:43:36 UTC (rev 4219)
@@ -6,5 +6,5 @@
3.16-upstream-stable: released (3.16.7-ckt24)
3.2-upstream-stable: released (3.2.77)
sid: released (4.4.2-1)
-3.16-jessie-security: pending (3.16.7-ckt20-1+deb8u4) [bugfix/all/alsa-timer-fix-double-unlink-of-active_list.patch]
-3.2-wheezy-security: pending (3.2.73-2+deb7u3) [bugfix/all/alsa-timer-fix-double-unlink-of-active_list.patch]
+3.16-jessie-security: released (3.16.7-ckt20-1+deb8u4) [bugfix/all/alsa-timer-fix-double-unlink-of-active_list.patch]
+3.2-wheezy-security: released (3.2.73-2+deb7u3) [bugfix/all/alsa-timer-fix-double-unlink-of-active_list.patch]
Modified: active/CVE-2016-2546
===================================================================
--- active/CVE-2016-2546 2016-03-03 05:56:03 UTC (rev 4218)
+++ active/CVE-2016-2546 2016-03-03 19:43:36 UTC (rev 4219)
@@ -6,5 +6,5 @@
3.16-upstream-stable: released (3.16.7-ckt24)
3.2-upstream-stable: released (3.2.77)
sid: released (4.4.2-1)
-3.16-jessie-security: pending (3.16.7-ckt20-1+deb8u4) [bugfix/all/alsa-timer-fix-race-among-timer-ioctls.patch]
-3.2-wheezy-security: pending (3.2.73-2+deb7u3) [bugfix/all/alsa-timer-fix-race-among-timer-ioctls.patch]
+3.16-jessie-security: released (3.16.7-ckt20-1+deb8u4) [bugfix/all/alsa-timer-fix-race-among-timer-ioctls.patch]
+3.2-wheezy-security: released (3.2.73-2+deb7u3) [bugfix/all/alsa-timer-fix-race-among-timer-ioctls.patch]
Modified: active/CVE-2016-2547
===================================================================
--- active/CVE-2016-2547 2016-03-03 05:56:03 UTC (rev 4218)
+++ active/CVE-2016-2547 2016-03-03 19:43:36 UTC (rev 4219)
@@ -6,5 +6,5 @@
3.16-upstream-stable: released (3.16.7-ckt24)
3.2-upstream-stable: released (3.2.77)
sid: released (4.4.2-1)
-3.16-jessie-security: pending (3.16.7-ckt20-1+deb8u4) [bugfix/all/alsa-timer-harden-slave-timer-list-handling.patch]
-3.2-wheezy-security: pending (3.2.73-2+deb7u3) [bugfix/all/alsa-timer-harden-slave-timer-list-handling.patch]
+3.16-jessie-security: released (3.16.7-ckt20-1+deb8u4) [bugfix/all/alsa-timer-harden-slave-timer-list-handling.patch]
+3.2-wheezy-security: released (3.2.73-2+deb7u3) [bugfix/all/alsa-timer-harden-slave-timer-list-handling.patch]
Modified: active/CVE-2016-2548
===================================================================
--- active/CVE-2016-2548 2016-03-03 05:56:03 UTC (rev 4218)
+++ active/CVE-2016-2548 2016-03-03 19:43:36 UTC (rev 4219)
@@ -6,5 +6,5 @@
3.16-upstream-stable: released (3.16.7-ckt24)
3.2-upstream-stable: released (3.2.77)
sid: released (4.4.2-1)
-3.16-jessie-security: pending (3.16.7-ckt20-1+deb8u4) [bugfix/all/alsa-timer-harden-slave-timer-list-handling.patch]
-3.2-wheezy-security: pending (3.2.73-2+deb7u3) [bugfix/all/alsa-timer-harden-slave-timer-list-handling.patch]
+3.16-jessie-security: released (3.16.7-ckt20-1+deb8u4) [bugfix/all/alsa-timer-harden-slave-timer-list-handling.patch]
+3.2-wheezy-security: released (3.2.73-2+deb7u3) [bugfix/all/alsa-timer-harden-slave-timer-list-handling.patch]
Modified: active/CVE-2016-2549
===================================================================
--- active/CVE-2016-2549 2016-03-03 05:56:03 UTC (rev 4218)
+++ active/CVE-2016-2549 2016-03-03 19:43:36 UTC (rev 4219)
@@ -6,5 +6,5 @@
3.16-upstream-stable: released (3.16.7-ckt24)
3.2-upstream-stable: released (3.2.77)
sid: released (4.4.2-1)
-3.16-jessie-security: pending (3.16.7-ckt20-1+deb8u4) [bugfix/all/alsa-hrtimer-fix-stall-by-hrtimer_cancel.patch]
-3.2-wheezy-security: pending (3.2.73-2+deb7u3) [bugfix/all/alsa-hrtimer-fix-stall-by-hrtimer_cancel.patch]
+3.16-jessie-security: released (3.16.7-ckt20-1+deb8u4) [bugfix/all/alsa-hrtimer-fix-stall-by-hrtimer_cancel.patch]
+3.2-wheezy-security: released (3.2.73-2+deb7u3) [bugfix/all/alsa-hrtimer-fix-stall-by-hrtimer_cancel.patch]
Modified: active/CVE-2016-2550
===================================================================
--- active/CVE-2016-2550 2016-03-03 05:56:03 UTC (rev 4218)
+++ active/CVE-2016-2550 2016-03-03 19:43:36 UTC (rev 4219)
@@ -8,5 +8,5 @@
3.16-upstream-stable: released (3.16.7-ckt25)
3.2-upstream-stable: needed
sid: pending (4.4.3-1) [bugfix/all/unix-correctly-track-in-flight-fds-in-sending-process-user_struct.patch]
-3.16-jessie-security: pending (3.16.7-ckt20-1+deb8u4) [bugfix/all/unix-correctly-track-in-flight-fds-in-sending-process-user_struct.patch]
-3.2-wheezy-security: pending (3.2.73-2+deb7u3) [bugfix/all/unix-correctly-track-in-flight-fds-in-sending-process-user_struct.patch]
+3.16-jessie-security: released (3.16.7-ckt20-1+deb8u4) [bugfix/all/unix-correctly-track-in-flight-fds-in-sending-process-user_struct.patch]
+3.2-wheezy-security: released (3.2.73-2+deb7u3) [bugfix/all/unix-correctly-track-in-flight-fds-in-sending-process-user_struct.patch]
More information about the kernel-sec-discuss
mailing list