[kernel-sec-discuss] r4284 - active
Ben Hutchings
benh at moszumanska.debian.org
Mon Mar 28 20:57:29 UTC 2016
Author: benh
Date: 2016-03-28 20:57:28 +0000 (Mon, 28 Mar 2016)
New Revision: 4284
Modified:
active/CVE-2015-7515
active/CVE-2016-0821
active/CVE-2016-0823
active/CVE-2016-2117
active/CVE-2016-2184
active/CVE-2016-2185
active/CVE-2016-2186
active/CVE-2016-2188
active/CVE-2016-3134
active/CVE-2016-3136
active/CVE-2016-3137
active/CVE-2016-3138
active/CVE-2016-3139
active/CVE-2016-3140
active/CVE-2016-3156
active/CVE-2016-3157
active/CVE-2016-partial-SMAP-bypass
Log:
Fill in most of the unknown status fields
Modified: active/CVE-2015-7515
===================================================================
--- active/CVE-2015-7515 2016-03-27 06:11:23 UTC (rev 4283)
+++ active/CVE-2015-7515 2016-03-28 20:57:28 UTC (rev 4284)
@@ -7,7 +7,7 @@
Bugs:
upstream: released (v4.4-rc6) [8e20cf2bce122ce9262d6034ee5d5b76fbb92f96]
3.16-upstream-stable: pending (3.16.7-ckt26) [24b12688c53a46545a723cf084e25afde2ba39f3]
-3.2-upstream-stable:
+3.2-upstream-stable: needed
sid: released (4.4.2-1)
-3.16-jessie-security:
-3.2-wheezy-security:
+3.16-jessie-security: needed
+3.2-wheezy-security: needed
Modified: active/CVE-2016-0821
===================================================================
--- active/CVE-2016-0821 2016-03-27 06:11:23 UTC (rev 4283)
+++ active/CVE-2016-0821 2016-03-28 20:57:28 UTC (rev 4284)
@@ -3,8 +3,8 @@
Notes:
Bugs:
upstream: released (v4.3-rc1) [8a5e5e02fc83aaf67053ab53b359af08c6c49aaf]
-3.16-upstream-stable:
-3.2-upstream-stable:
+3.16-upstream-stable: needed
+3.2-upstream-stable: needed
sid: released (4.3.1-1)
-3.16-jessie-security:
-3.2-wheezy-security:
+3.16-jessie-security: needed
+3.2-wheezy-security: needed
Modified: active/CVE-2016-0823
===================================================================
--- active/CVE-2016-0823 2016-03-27 06:11:23 UTC (rev 4283)
+++ active/CVE-2016-0823 2016-03-28 20:57:28 UTC (rev 4284)
@@ -5,7 +5,7 @@
Bugs:
upstream: released (v4.0-rc5) [ab676b7d6fbf4b294bf198fb27ade5b0e865c7ce]
3.16-upstream-stable: released (3.16.7-ckt10)
-3.2-upstream-stable:
+3.2-upstream-stable: released (3.2.69)
sid: released (4.0.2-1)
-3.16-jessie-security:
-3.2-wheezy-security:
+3.16-jessie-security: released (3.16.7-ckt11-1+deb8u1)
+3.2-wheezy-security: released (3.2.73-2+deb7u1)
Modified: active/CVE-2016-2117
===================================================================
--- active/CVE-2016-2117 2016-03-27 06:11:23 UTC (rev 4283)
+++ active/CVE-2016-2117 2016-03-28 20:57:28 UTC (rev 4284)
@@ -3,10 +3,11 @@
http://www.openwall.com/lists/oss-security/2016/03/16/7
https://bugzilla.novell.com/show_bug.cgi?id=968697
Notes:
+ bwh> The only affected in-tree driver is atl2
Bugs:
-upstream:
-3.16-upstream-stable:
-3.2-upstream-stable:
-sid:
-3.16-jessie-security:
-3.2-wheezy-security:
+upstream: needed
+3.16-upstream-stable: needed
+3.2-upstream-stable: needed
+sid: needed
+3.16-jessie-security: needed
+3.2-wheezy-security: needed
Modified: active/CVE-2016-2184
===================================================================
--- active/CVE-2016-2184 2016-03-27 06:11:23 UTC (rev 4283)
+++ active/CVE-2016-2184 2016-03-28 20:57:28 UTC (rev 4284)
@@ -6,8 +6,8 @@
Notes:
Bugs:
upstream: released (v4.6-rc1) [0f886ca12765d20124bd06291c82951fd49a33be, 447d6275f0c21f6cc97a88b3a0c601436a4cdf2a]
-3.16-upstream-stable:
-3.2-upstream-stable:
-sid:
-3.16-jessie-security:
-3.2-wheezy-security:
+3.16-upstream-stable: needed
+3.2-upstream-stable: needed
+sid: needed
+3.16-jessie-security: needed
+3.2-wheezy-security: needed
Modified: active/CVE-2016-2185
===================================================================
--- active/CVE-2016-2185 2016-03-27 06:11:23 UTC (rev 4283)
+++ active/CVE-2016-2185 2016-03-28 20:57:28 UTC (rev 4284)
@@ -7,8 +7,8 @@
proposed patch: http://marc.info/?l=linux-input&m=145874841024379&w=2
Bugs:
upstream: needed
-3.16-upstream-stable:
-3.2-upstream-stable:
-sid:
-3.16-jessie-security:
-3.2-wheezy-security:
+3.16-upstream-stable: needed
+3.2-upstream-stable: needed
+sid: needed
+3.16-jessie-security: needed
+3.2-wheezy-security: needed
Modified: active/CVE-2016-2186
===================================================================
--- active/CVE-2016-2186 2016-03-27 06:11:23 UTC (rev 4283)
+++ active/CVE-2016-2186 2016-03-28 20:57:28 UTC (rev 4284)
@@ -6,8 +6,8 @@
Notes:
Bugs:
upstream: released (v4.6-rc1) [9c6ba456711687b794dcf285856fc14e2c76074f]
-3.16-upstream-stable:
-3.2-upstream-stable:
-sid:
-3.16-jessie-security:
-3.2-wheezy-security:
+3.16-upstream-stable: needed
+3.2-upstream-stable: needed
+sid: needed
+3.16-jessie-security: needed
+3.2-wheezy-security: needed
Modified: active/CVE-2016-2188
===================================================================
--- active/CVE-2016-2188 2016-03-27 06:11:23 UTC (rev 4283)
+++ active/CVE-2016-2188 2016-03-28 20:57:28 UTC (rev 4284)
@@ -5,10 +5,13 @@
http://seclists.org/bugtraq/2016/Mar/87
http://marc.info/?l=linux-usb&m=145796659429788&w=2
Notes:
+ bwh> Upstream fix looks useless - it handles the case where there
+ bwh> are zero endpoints, but not the case where there are some
+ bwh> endpoints but none of the expected type.
Bugs:
upstream: released (v4.6-rc1) [4ec0ef3a82125efc36173062a50624550a900ae0]
-3.16-upstream-stable:
-3.2-upstream-stable:
-sid:
-3.16-jessie-security:
-3.2-wheezy-security:
+3.16-upstream-stable: needed
+3.2-upstream-stable: needed
+sid: needed
+3.16-jessie-security: needed
+3.2-wheezy-security: needed
Modified: active/CVE-2016-3134
===================================================================
--- active/CVE-2016-3134 2016-03-27 06:11:23 UTC (rev 4283)
+++ active/CVE-2016-3134 2016-03-28 20:57:28 UTC (rev 4284)
@@ -12,8 +12,8 @@
https://patchwork.ozlabs.org/patch/599721/
Bugs:
upstream: needed
-3.16-upstream-stable:
-3.2-upstream-stable:
+3.16-upstream-stable: needed
+3.2-upstream-stable: needed
sid: needed
-3.16-jessie-security:
-3.2-wheezy-security:
+3.16-jessie-security: needed
+3.2-wheezy-security: needed
Modified: active/CVE-2016-3136
===================================================================
--- active/CVE-2016-3136 2016-03-27 06:11:23 UTC (rev 4283)
+++ active/CVE-2016-3136 2016-03-28 20:57:28 UTC (rev 4284)
@@ -6,8 +6,8 @@
Proposed patch: http://marc.info/?l=linux-usb&m=145813478817704&w=2
Bugs:
upstream: needed
-3.16-upstream-stable:
-3.2-upstream-stable:
-sid:
-3.16-jessie-security:
-3.2-wheezy-security:
+3.16-upstream-stable: needed
+3.2-upstream-stable: needed
+sid: needed
+3.16-jessie-security: needed
+3.2-wheezy-security: needed
Modified: active/CVE-2016-3137
===================================================================
--- active/CVE-2016-3137 2016-03-27 06:11:23 UTC (rev 4283)
+++ active/CVE-2016-3137 2016-03-28 20:57:28 UTC (rev 4284)
@@ -6,8 +6,8 @@
Proposed patch: http://www.spinics.net/lists/linux-usb/msg137874.html
Bugs:
upstream: needed
-3.16-upstream-stable:
-3.2-upstream-stable:
-sid:
-3.16-jessie-security:
-3.2-wheezy-security:
+3.16-upstream-stable: needed
+3.2-upstream-stable: needed
+sid: needed
+3.16-jessie-security: needed
+3.2-wheezy-security: needed
Modified: active/CVE-2016-3138
===================================================================
--- active/CVE-2016-3138 2016-03-27 06:11:23 UTC (rev 4283)
+++ active/CVE-2016-3138 2016-03-28 20:57:28 UTC (rev 4284)
@@ -5,8 +5,8 @@
Notes:
Bugs:
upstream: released (v4.6-rc1) [8835ba4a39cf53f705417b3b3a94eb067673f2c9]
-3.16-upstream-stable:
-3.2-upstream-stable:
-sid:
-3.16-jessie-security:
-3.2-wheezy-security:
+3.16-upstream-stable: needed
+3.2-upstream-stable: needed
+sid: needed
+3.16-jessie-security: needed
+3.2-wheezy-security: needed
Modified: active/CVE-2016-3139
===================================================================
--- active/CVE-2016-3139 2016-03-27 06:11:23 UTC (rev 4283)
+++ active/CVE-2016-3139 2016-03-28 20:57:28 UTC (rev 4284)
@@ -7,8 +7,8 @@
jmm> drivers/input/tablet/wacom_sys.c in jessie and earlier, drivers/hid/wacom_sys.c in stretch
Bugs:
upstream: needed
-3.16-upstream-stable:
-3.2-upstream-stable:
-sid:
-3.16-jessie-security:
-3.2-wheezy-security:
+3.16-upstream-stable: needed
+3.2-upstream-stable: needed
+sid: needed
+3.16-jessie-security: needed
+3.2-wheezy-security: needed
Modified: active/CVE-2016-3140
===================================================================
--- active/CVE-2016-3140 2016-03-27 06:11:23 UTC (rev 4283)
+++ active/CVE-2016-3140 2016-03-28 20:57:28 UTC (rev 4284)
@@ -6,8 +6,8 @@
Proposed patch: http://marc.info/?l=linux-usb&m=145796765030590&w=2
Bugs:
upstream: needed
-3.16-upstream-stable:
-3.2-upstream-stable:
-sid:
-3.16-jessie-security:
-3.2-wheezy-security:
+3.16-upstream-stable: needed
+3.2-upstream-stable: needed
+sid: needed
+3.16-jessie-security: needed
+3.2-wheezy-security: needed
Modified: active/CVE-2016-3156
===================================================================
--- active/CVE-2016-3156 2016-03-27 06:11:23 UTC (rev 4283)
+++ active/CVE-2016-3156 2016-03-28 20:57:28 UTC (rev 4284)
@@ -3,8 +3,8 @@
Notes:
Bugs:
upstream: released (v4.6-rc1) [fbd40ea0180a2d328c5adc61414dc8bab9335ce2]
-3.16-upstream-stable:
-3.2-upstream-stable:
-sid:
-3.16-jessie-security:
-3.2-wheezy-security:
+3.16-upstream-stable: needed
+3.2-upstream-stable: needed
+sid: needed
+3.16-jessie-security: needed
+3.2-wheezy-security: needed
Modified: active/CVE-2016-3157
===================================================================
--- active/CVE-2016-3157 2016-03-27 06:11:23 UTC (rev 4283)
+++ active/CVE-2016-3157 2016-03-28 20:57:28 UTC (rev 4284)
@@ -1,11 +1,11 @@
-Description: I/O port access privilege escalation in x86-64 Linux
+Description: I/O port access privilege escalation in x86-64 Linux under Xen
References:
http://xenbits.xen.org/xsa/advisory-171.html
Notes:
Bugs:
upstream: released (v4.6-rc1) [b7a584598aea7ca73140cb87b40319944dd3393f]
-3.16-upstream-stable:
-3.2-upstream-stable:
+3.16-upstream-stable: needed
+3.2-upstream-stable: needed
sid: pending (4.4.6-2) [bugfix/x86/x86-iopl-64-properly-context-switch-IOPL-on-Xen-PV.patch]
-3.16-jessie-security:
-3.2-wheezy-security:
+3.16-jessie-security: needed
+3.2-wheezy-security: needed
Modified: active/CVE-2016-partial-SMAP-bypass
===================================================================
--- active/CVE-2016-partial-SMAP-bypass 2016-03-27 06:11:23 UTC (rev 4283)
+++ active/CVE-2016-partial-SMAP-bypass 2016-03-28 20:57:28 UTC (rev 4284)
@@ -4,8 +4,8 @@
Notes:
Bugs:
upstream: released (v4.5-rc6) [3d44d51bd339766f0178f0cf2e8d048b4a4872aa]
-3.16-upstream-stable:
+3.16-upstream-stable: needed
3.2-upstream-stable: N/A "Vulnerable code not present, introduced in 63bcff2a307b9bcc712a8251eb27df8b2e117967 (v3.10-rc1)"
sid: released (4.4.4-1)
-3.16-jessie-security:
+3.16-jessie-security: needed
3.2-wheezy-security: N/A "Vulnerable code not present"
More information about the kernel-sec-discuss
mailing list