[kernel-sec-discuss] r4696 - active
Ben Hutchings
benh at moszumanska.debian.org
Thu Nov 10 07:41:07 UTC 2016
Author: benh
Date: 2016-11-10 07:41:07 +0000 (Thu, 10 Nov 2016)
New Revision: 4696
Modified:
active/CVE-2015-8970
active/CVE-2016-8632
active/CVE-2016-8633
active/CVE-2016-9083
active/CVE-2016-9084
Log:
Fill in issue statuses
Modified: active/CVE-2015-8970
===================================================================
--- active/CVE-2015-8970 2016-11-07 05:45:05 UTC (rev 4695)
+++ active/CVE-2015-8970 2016-11-10 07:41:07 UTC (rev 4696)
@@ -14,8 +14,8 @@
carnil> 6e8d8ecf438792ecf7a3207488fb4eebc4edb040 crypto: algif_skcipher - Add key check exception for cipher_null
Bugs:
upstream: released (4.5-rc1) [dd504589577d8e8e70f51f997ad487a4cb6c026f]
-3.16-upstream-stable:
-3.2-upstream-stable:
+3.16-upstream-stable: released (3.16.7-ckt25)
+3.2-upstream-stable: released (3.2.77)
sid: released (4.4.2-1)
-3.16-jessie-security:
-3.2-wheezy-security:
+3.16-jessie-security: released (3.16.7-ckt25-2+deb8u1)
+3.2-wheezy-security: released (3.2.78-1)
Modified: active/CVE-2016-8632
===================================================================
--- active/CVE-2016-8632 2016-11-07 05:45:05 UTC (rev 4695)
+++ active/CVE-2016-8632 2016-11-10 07:41:07 UTC (rev 4696)
@@ -2,10 +2,12 @@
References:
https://www.mail-archive.com/netdev@vger.kernel.org/msg133205.html
Notes:
+ bwh> Introduced by commit 067608e9d019
+ bwh> "tipc: introduce direct iovec to buffer chain fragmentation function"
Bugs:
-upstream:
-3.16-upstream-stable:
-3.2-upstream-stable:
-sid:
-3.16-jessie-security:
-3.2-wheezy-security:
+upstream: needed
+3.16-upstream-stable: N/A "Vulnerable code not present"
+3.2-upstream-stable: N/A "Vulnerable code not present"
+sid: needed
+3.16-jessie-security: N/A "Vulnerable code not present"
+3.2-wheezy-security: N/A "Vulnerable code not present"
Modified: active/CVE-2016-8633
===================================================================
--- active/CVE-2016-8633 2016-11-07 05:45:05 UTC (rev 4695)
+++ active/CVE-2016-8633 2016-11-10 07:41:07 UTC (rev 4696)
@@ -4,8 +4,8 @@
Notes:
Bugs:
upstream: released (4.9-rc4) [667121ace9dbafb368618dbabcf07901c962ddac]
-3.16-upstream-stable:
-3.2-upstream-stable:
-sid:
-3.16-jessie-security:
-3.2-wheezy-security:
+3.16-upstream-stable: needed
+3.2-upstream-stable: needed
+sid: needed
+3.16-jessie-security: needed
+3.2-wheezy-security: needed
Modified: active/CVE-2016-9083
===================================================================
--- active/CVE-2016-9083 2016-11-07 05:45:05 UTC (rev 4695)
+++ active/CVE-2016-9083 2016-11-10 07:41:07 UTC (rev 4696)
@@ -1,11 +1,11 @@
-Description:
+Description: Incomplete parameter validation in vfio_pci driver
References:
Notes:
https://patchwork.kernel.org/patch/9373631/
Bugs:
-upstream:
-3.16-upstream-stable:
-3.2-upstream-stable:
-sid:
-3.16-jessie-security:
-3.2-wheezy-security:
+upstream: released (4.9-rc4) [05692d7005a364add85c6e25a6c4447ce08f913a]
+3.16-upstream-stable: needed
+3.2-upstream-stable: N/A "Vulnerable code not present"
+sid: needed
+3.16-jessie-security: needed
+3.2-wheezy-security: N/A "Vulnerable code not present"
Modified: active/CVE-2016-9084
===================================================================
--- active/CVE-2016-9084 2016-11-07 05:45:05 UTC (rev 4695)
+++ active/CVE-2016-9084 2016-11-10 07:41:07 UTC (rev 4696)
@@ -1,11 +1,11 @@
-Description:
+Description: Integer overflow in vfio_pci driver
References:
Notes:
https://patchwork.kernel.org/patch/9373631/
Bugs:
-upstream:
-3.16-upstream-stable:
-3.2-upstream-stable:
-sid:
-3.16-jessie-security:
-3.2-wheezy-security:
+upstream: released (4.9-rc4) [05692d7005a364add85c6e25a6c4447ce08f913a]
+3.16-upstream-stable: needed
+3.2-upstream-stable: N/A "Vulnerable code not present"
+sid: needed
+3.16-jessie-security: needed
+3.2-wheezy-security: N/A "Vulnerable code not present"
More information about the kernel-sec-discuss
mailing list