[kernel-sec-discuss] r4409 - active retired

Ben Hutchings benh at moszumanska.debian.org
Mon May 23 01:06:13 UTC 2016


Author: benh
Date: 2016-05-23 01:06:13 +0000 (Mon, 23 May 2016)
New Revision: 4409

Added:
   retired/CVE-2016-3707
Removed:
   active/CVE-2016-3707
Log:
Retire CVE-2016-3707

Deleted: active/CVE-2016-3707
===================================================================
--- active/CVE-2016-3707	2016-05-23 01:05:37 UTC (rev 4408)
+++ active/CVE-2016-3707	2016-05-23 01:06:13 UTC (rev 4409)
@@ -1,18 +0,0 @@
-Description: Sending SysRq command via ICMP echo request
-References:
- https://bugzilla.redhat.com/show_bug.cgi?id=1327484
- https://lwn.net/Articles/448790/
-Notes:
- carnil> This CVE is in effect only when the rt featureset
- carnil> is enabled, and the aptch features/all/rt/ping-sysrq.patch
- carnil> is active.
- bwh> ... and when the feature is enabled by setting a sysctl.  So far
- bwh> as I can see, this is a debug feature that was not meant to be
- bwh> enabled on production systems.
-Bugs:
-upstream: N/A "Vulnerable code not present"
-3.16-upstream-stable: N/A "Vulnerable code not present"
-3.2-upstream-stable: N/A "Vulnerable code not present"
-sid: N/A "Vulnerable code not present"
-3.16-jessie-security: N/A "Vulnerable code not present"
-3.2-wheezy-security: ignored "Debug feature works as intended"

Copied: retired/CVE-2016-3707 (from rev 4408, active/CVE-2016-3707)
===================================================================
--- retired/CVE-2016-3707	                        (rev 0)
+++ retired/CVE-2016-3707	2016-05-23 01:06:13 UTC (rev 4409)
@@ -0,0 +1,18 @@
+Description: Sending SysRq command via ICMP echo request
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=1327484
+ https://lwn.net/Articles/448790/
+Notes:
+ carnil> This CVE is in effect only when the rt featureset
+ carnil> is enabled, and the aptch features/all/rt/ping-sysrq.patch
+ carnil> is active.
+ bwh> ... and when the feature is enabled by setting a sysctl.  So far
+ bwh> as I can see, this is a debug feature that was not meant to be
+ bwh> enabled on production systems.
+Bugs:
+upstream: N/A "Vulnerable code not present"
+3.16-upstream-stable: N/A "Vulnerable code not present"
+3.2-upstream-stable: N/A "Vulnerable code not present"
+sid: N/A "Vulnerable code not present"
+3.16-jessie-security: N/A "Vulnerable code not present"
+3.2-wheezy-security: ignored "Debug feature works as intended"




More information about the kernel-sec-discuss mailing list