[kernel-sec-discuss] r4408 - active
Ben Hutchings
benh at moszumanska.debian.org
Mon May 23 01:05:39 UTC 2016
Author: benh
Date: 2016-05-23 01:05:37 +0000 (Mon, 23 May 2016)
New Revision: 4408
Modified:
active/CVE-2016-3707
Log:
Update state of CVE-2016-3707
The code this involves is part of the PREEMPT_RT patch set which is
only included on our 3.2 branch. It's also in a debug feature that's
disabled by default and doesn't seem intended for use in production
systems. So ignore it there.
Modified: active/CVE-2016-3707
===================================================================
--- active/CVE-2016-3707 2016-05-21 14:56:01 UTC (rev 4407)
+++ active/CVE-2016-3707 2016-05-23 01:05:37 UTC (rev 4408)
@@ -6,10 +6,13 @@
carnil> This CVE is in effect only when the rt featureset
carnil> is enabled, and the aptch features/all/rt/ping-sysrq.patch
carnil> is active.
+ bwh> ... and when the feature is enabled by setting a sysctl. So far
+ bwh> as I can see, this is a debug feature that was not meant to be
+ bwh> enabled on production systems.
Bugs:
-upstream:
-3.16-upstream-stable:
-3.2-upstream-stable:
-sid:
-3.16-jessie-security:
-3.2-wheezy-security:
+upstream: N/A "Vulnerable code not present"
+3.16-upstream-stable: N/A "Vulnerable code not present"
+3.2-upstream-stable: N/A "Vulnerable code not present"
+sid: N/A "Vulnerable code not present"
+3.16-jessie-security: N/A "Vulnerable code not present"
+3.2-wheezy-security: ignored "Debug feature works as intended"
More information about the kernel-sec-discuss
mailing list