[kernel-sec-discuss] r4389 - active retired

Ben Hutchings benh at moszumanska.debian.org
Mon May 16 00:21:00 UTC 2016 

Author: benh
Date: 2016-05-16 00:21:00 +0000 (Mon, 16 May 2016)
New Revision: 4389

Added:
   retired/CVE-2016-3139
Removed:
   active/CVE-2016-3139
Log:
Mark CVE-2016-3139 as ignored for stable/security branches, and retire it


Deleted: active/CVE-2016-3139
===================================================================
--- active/CVE-2016-3139	2016-05-16 00:13:51 UTC (rev 4388)
+++ active/CVE-2016-3139	2016-05-16 00:21:00 UTC (rev 4389)
@@ -1,16 +0,0 @@
-Description: crash on invalid USB device descriptors (wacom driver)
-References:
- http://seclists.org/bugtraq/2016/Mar/60
- https://bugzilla.redhat.com/show_bug.cgi?id=1283375
- https://bugzilla.redhat.com/show_bug.cgi?id=1283377
-Notes:
- jmm> drivers/input/tablet/wacom_sys.c in jessie and earlier, drivers/hid/wacom_sys.c in stretch
- carnil> The code has been rewritten in 3.17, specifically as well
- carnil> 01c846f9539c194c7a6e34af036b1115b8ed822a and not anymore vulnerable
-Bugs:
-upstream: released (3.17-rc1) [01c846f9539c194c7a6e34af036b1115b8ed822a]
-3.16-upstream-stable: needed
-3.2-upstream-stable: needed
-sid: released (4.0.2-1)
-3.16-jessie-security: needed
-3.2-wheezy-security: needed

Copied: retired/CVE-2016-3139 (from rev 4388, active/CVE-2016-3139)
===================================================================
--- retired/CVE-2016-3139	                        (rev 0)
+++ retired/CVE-2016-3139	2016-05-16 00:21:00 UTC (rev 4389)
@@ -0,0 +1,16 @@
+Description: crash on invalid USB device descriptors (wacom driver)
+References:
+ http://seclists.org/bugtraq/2016/Mar/60
+ https://bugzilla.redhat.com/show_bug.cgi?id=1283375
+ https://bugzilla.redhat.com/show_bug.cgi?id=1283377
+Notes:
+ jmm> drivers/input/tablet/wacom_sys.c in jessie and earlier, drivers/hid/wacom_sys.c in stretch
+ carnil> The code has been rewritten in 3.17, specifically as well
+ carnil> 01c846f9539c194c7a6e34af036b1115b8ed822a and not anymore vulnerable
+Bugs:
+upstream: released (3.17-rc1) [01c846f9539c194c7a6e34af036b1115b8ed822a]
+3.16-upstream-stable: ignored "minor issue"
+3.2-upstream-stable: ignored "minor issue"
+sid: released (4.0.2-1)
+3.16-jessie-security: ignored "minor issue"
+3.2-wheezy-security: ignored "minor issue"

More information about the kernel-sec-discuss mailing list