[kernel-sec-discuss] r4737 - active

Ben Hutchings benh at moszumanska.debian.org
Mon Nov 28 19:03:31 UTC 2016 

Author: benh
Date: 2016-11-28 19:03:30 +0000 (Mon, 28 Nov 2016)
New Revision: 4737

Modified:
   active/CVE-2015-1350
   active/CVE-2015-8955
   active/CVE-2015-8956
   active/CVE-2016-3857
   active/CVE-2016-6480
   active/CVE-2016-6828
   active/CVE-2016-7042
   active/CVE-2016-7097
   active/CVE-2016-7425
   active/CVE-2016-8633
   active/CVE-2016-8658
   active/CVE-2016-9083
   active/CVE-2016-9084
Log:
Mark 3.2.84 and 3.16.39 as released

Modified: active/CVE-2015-1350
===================================================================
--- active/CVE-2015-1350	2016-11-28 09:22:27 UTC (rev 4736)
+++ active/CVE-2015-1350	2016-11-28 19:03:30 UTC (rev 4737)
@@ -12,5 +12,5 @@
 sid: pending (4.8.9-1) [bugfix/all/xfs-Propagate-dentry-down-to-inode_change_ok.patch, bugfix/all/ceph-Propagate-dentry-down-to-inode_change_ok.patch, bugfix/all/fuse-Propagate-dentry-down-to-inode_change_ok.patch, bugfix/all/fs-Give-dentry-to-inode_change_ok-instead-of-inode.patch, bugfix/all/fs-Avoid-premature-clearing-of-capabilities.patch]
 3.16-jessie-security: needed
 3.2-wheezy-security: needed
-3.16-upstream-stable: pending (3.16.39) [fs-give-dentry-to-inode_change_ok-instead-of-inode.patch, fs-avoid-premature-clearing-of-capabilities.patch]
-3.2-upstream-stable: pending (3.2.84) [fs-give-dentry-to-inode_change_ok-instead-of-inode.patch, fs-avoid-premature-clearing-of-capabilities.patch]
+3.16-upstream-stable: released (3.16.39) [fs-give-dentry-to-inode_change_ok-instead-of-inode.patch, fs-avoid-premature-clearing-of-capabilities.patch]
+3.2-upstream-stable: released (3.2.84) [fs-give-dentry-to-inode_change_ok-instead-of-inode.patch, fs-avoid-premature-clearing-of-capabilities.patch]

Modified: active/CVE-2015-8955
===================================================================
--- active/CVE-2015-8955	2016-11-28 09:22:27 UTC (rev 4736)
+++ active/CVE-2015-8955	2016-11-28 19:03:30 UTC (rev 4737)
@@ -4,7 +4,7 @@
  bwh> Minor issue for Debian since we restrict access to perf_event by default
 Bugs:
 upstream: released (4.1-rc1) [8fff105e13041e49b82f92eef034f363a6b1c071]
-3.16-upstream-stable: pending (3.16.39) [arm64-perf-reject-groups-spanning-multiple-hw-pmus.patch]
+3.16-upstream-stable: released (3.16.39) [arm64-perf-reject-groups-spanning-multiple-hw-pmus.patch]
 3.2-upstream-stable: N/A "Vulnerable architecture not present"
 sid: released (4.1.3-1)
 3.16-jessie-security: needed

Modified: active/CVE-2015-8956
===================================================================
--- active/CVE-2015-8956	2016-11-28 09:22:27 UTC (rev 4736)
+++ active/CVE-2015-8956	2016-11-28 19:03:30 UTC (rev 4737)
@@ -5,8 +5,8 @@
  bwh> logging statement which is disabled by default.
 Bugs:
 upstream: released (4.2-rc1) [951b6a0717db97ce420547222647bcc40bf1eacd]
-3.16-upstream-stable: pending (3.16.39) [bluetooth-fix-potential-null-dereference-in-rfcomm-bind-callback.patch]
-3.2-upstream-stable: pending (3.2.84) [bluetooth-fix-potential-null-dereference-in-rfcomm-bind-callback.patch]
+3.16-upstream-stable: released (3.16.39) [bluetooth-fix-potential-null-dereference-in-rfcomm-bind-callback.patch]
+3.2-upstream-stable: released (3.2.84) [bluetooth-fix-potential-null-dereference-in-rfcomm-bind-callback.patch]
 sid: released (4.2.1-1)
 3.16-jessie-security: released (3.16.36-1+deb8u2) [bugfix/all/bluetooth-fix-potential-null-dereference-in-rfcomm-b.patch]
 3.2-wheezy-security: released (3.2.82-1) [bugfix/all/bluetooth-fix-potential-null-dereference-in-rfcomm-b.patch]

Modified: active/CVE-2016-3857
===================================================================
--- active/CVE-2016-3857	2016-11-28 09:22:27 UTC (rev 4736)
+++ active/CVE-2016-3857	2016-11-28 19:03:30 UTC (rev 4737)
@@ -4,8 +4,8 @@
  CONFIG_OABI_COMPAT disabled in 3.13.4-1, cf. #728975
 Bugs:
 upstream: released (4.8-rc2) [7de249964f5578e67b99699c5f0b405738d820a2]
-3.16-upstream-stable: pending (3.16.39) [arm-oabi-compat-add-missing-access-checks.patch]
-3.2-upstream-stable: pending (3.2.84) [arm-oabi-compat-add-missing-access-checks.patch]
+3.16-upstream-stable: released (3.16.39) [arm-oabi-compat-add-missing-access-checks.patch]
+3.2-upstream-stable: released (3.2.84) [arm-oabi-compat-add-missing-access-checks.patch]
 sid: released (4.7.2-1)
 3.16-jessie-security: ignored "Feature is disabled and unlikely to be enabled in custom kernels"
 3.2-wheezy-security: released (3.2.81-2) [bugfix/arm/arm-oabi-compat-add-missing-access-checks.patch]

Modified: active/CVE-2016-6480
===================================================================
--- active/CVE-2016-6480	2016-11-28 09:22:27 UTC (rev 4736)
+++ active/CVE-2016-6480	2016-11-28 19:03:30 UTC (rev 4737)
@@ -6,8 +6,8 @@
 Notes:
 Bugs:
 upstream: released (4.8-rc3) [fa00c437eef8dc2e7b25f8cd868cfa405fcc2bb3]
-3.16-upstream-stable: pending (3.16.39) [aacraid-check-size-values-after-double-fetch-from-user.patch]
-3.2-upstream-stable: pending (3.2.84) [aacraid-check-size-values-after-double-fetch-from-user.patch]
+3.16-upstream-stable: released (3.16.39) [aacraid-check-size-values-after-double-fetch-from-user.patch]
+3.2-upstream-stable: released (3.2.84) [aacraid-check-size-values-after-double-fetch-from-user.patch]
 sid: released (4.7.2-1) [bugfix/all/aacraid-check-size-values-after-double-fetch-from-us.patch]
 3.16-jessie-security: released (3.16.36-1+deb8u1) [bugfix/all/aacraid-Check-size-values-after-double-fetch-from-us.patch]
 3.2-wheezy-security: released (3.2.81-2) [bugfix/all/aacraid-check-size-values-after-double-fetch-from-us.patch]

Modified: active/CVE-2016-6828
===================================================================
--- active/CVE-2016-6828	2016-11-28 09:22:27 UTC (rev 4736)
+++ active/CVE-2016-6828	2016-11-28 19:03:30 UTC (rev 4737)
@@ -5,8 +5,8 @@
 Notes:
 Bugs:
 upstream: released (4.8-rc5) [bb1fceca22492109be12640d49f5ea5a544c6bb4]
-3.16-upstream-stable: pending (3.16.39) [tcp-fix-use-after-free-in-tcp_xmit_retransmit_queue.patch]
-3.2-upstream-stable: pending (3.2.84) [tcp-fix-use-after-free-in-tcp_xmit_retransmit_queue.patch]
+3.16-upstream-stable: released (3.16.39) [tcp-fix-use-after-free-in-tcp_xmit_retransmit_queue.patch]
+3.2-upstream-stable: released (3.2.84) [tcp-fix-use-after-free-in-tcp_xmit_retransmit_queue.patch]
 sid: released (4.7.2-1) [bugfix/all/tcp-fix-use-after-free-in-tcp_xmit_retransmit_queue.patch]
 3.16-jessie-security: released (3.16.36-1+deb8u1) [bugfix/all/tcp-fix-use-after-free-in-tcp_xmit_retransmit_queue.patch]
 3.2-wheezy-security: released (3.2.81-2) [bugfix/all/tcp-fix-use-after-free-in-tcp_xmit_retransmit_queue.patch]

Modified: active/CVE-2016-7042
===================================================================
--- active/CVE-2016-7042	2016-11-28 09:22:27 UTC (rev 4736)
+++ active/CVE-2016-7042	2016-11-28 19:03:30 UTC (rev 4737)
@@ -5,8 +5,8 @@
 Notes:
 Bugs:
 upstream: released (4.9-rc3) [03dab869b7b239c4e013ec82aea22e181e441cfc]
-3.16-upstream-stable: pending (3.16.39) [keys-fix-short-sprintf-buffer-in-proc-keys-show-function.patch]
-3.2-upstream-stable: pending (3.2.84) [keys-fix-short-sprintf-buffer-in-proc-keys-show-function.patch]
+3.16-upstream-stable: released (3.16.39) [keys-fix-short-sprintf-buffer-in-proc-keys-show-function.patch]
+3.2-upstream-stable: released (3.2.84) [keys-fix-short-sprintf-buffer-in-proc-keys-show-function.patch]
 sid: released (4.7.8-1) [bugfix/all/KEYS-Fix-short-sprintf-buffer-in-proc-keys-show-func.patch]
 3.16-jessie-security: released (3.16.36-1+deb8u2) [bugfix/all/KEYS-Fix-short-sprintf-buffer-in-proc-keys-show-func.patch]
 3.2-wheezy-security: released (3.2.82-1) [bugfix/all/keys-fix-short-sprintf-buffer-in-proc-keys-show-func.patch]

Modified: active/CVE-2016-7097
===================================================================
--- active/CVE-2016-7097	2016-11-28 09:22:27 UTC (rev 4736)
+++ active/CVE-2016-7097	2016-11-28 19:03:30 UTC (rev 4737)
@@ -6,8 +6,8 @@
 Notes:
 Bugs:
 upstream: released (4.9-rc1) [073931017b49d9458aa351605b43a7e34598caef]
-3.16-upstream-stable: pending (3.16.39) [posix_acl-clear-sgid-bit-when-setting-file-permissions.patch]
-3.2-upstream-stable: pending (3.2.84) [posix_acl-clear-sgid-bit-when-setting-file-permissions.patch]
+3.16-upstream-stable: released (3.16.39) [posix_acl-clear-sgid-bit-when-setting-file-permissions.patch]
+3.2-upstream-stable: released (3.2.84) [posix_acl-clear-sgid-bit-when-setting-file-permissions.patch]
 sid: released (4.7.8-1) [bugfix/all/posix_acl-clear-sgid-bit-when-setting-file-permissio.patch]
 3.16-jessie-security: needed
 3.2-wheezy-security: needed

Modified: active/CVE-2016-7425
===================================================================
--- active/CVE-2016-7425	2016-11-28 09:22:27 UTC (rev 4736)
+++ active/CVE-2016-7425	2016-11-28 19:03:30 UTC (rev 4737)
@@ -5,8 +5,8 @@
 Notes:
 Bugs:
 upstream: released (4.9-rc1) [7bc2b55a5c030685b399bb65b6baa9ccc3d1f167]
-3.16-upstream-stable: pending (3.16.39) [scsi-arcmsr-buffer-overflow-in-arcmsr_iop_message_xfer.patch]
-3.2-upstream-stable: pending (3.2.84) [scsi-arcmsr-buffer-overflow-in-arcmsr_iop_message_xfer.patch]
+3.16-upstream-stable: released (3.16.39) [scsi-arcmsr-buffer-overflow-in-arcmsr_iop_message_xfer.patch]
+3.2-upstream-stable: released (3.2.84) [scsi-arcmsr-buffer-overflow-in-arcmsr_iop_message_xfer.patch]
 sid: released (4.7.8-1) [bugfix/all/scsi-arcmsr-buffer-overflow-in-arcmsr_iop_message_xf.patch]
 3.16-jessie-security: released (3.16.36-1+deb8u2) [bugfix/all/scsi-arcmsr-Buffer-overflow-in-arcmsr_iop_message_xf.patch]
 3.2-wheezy-security: released (3.2.82-1) [bugfix/all/scsi-arcmsr-buffer-overflow-in-arcmsr_iop_message_xf.patch]

Modified: active/CVE-2016-8633
===================================================================
--- active/CVE-2016-8633	2016-11-28 09:22:27 UTC (rev 4736)
+++ active/CVE-2016-8633	2016-11-28 19:03:30 UTC (rev 4737)
@@ -4,8 +4,8 @@
 Notes:
 Bugs:
 upstream: released (4.9-rc4) [667121ace9dbafb368618dbabcf07901c962ddac]
-3.16-upstream-stable: pending (3.16.39) [firewire-net-guard-against-rx-buffer-overflows.patch]
-3.2-upstream-stable: pending (3.2.84) [firewire-net-guard-against-rx-buffer-overflows.patch]
+3.16-upstream-stable: released (3.16.39) [firewire-net-guard-against-rx-buffer-overflows.patch]
+3.2-upstream-stable: released (3.2.84) [firewire-net-guard-against-rx-buffer-overflows.patch]
 sid: released (4.8.7-1)
 3.16-jessie-security: needed
 3.2-wheezy-security: needed

Modified: active/CVE-2016-8658
===================================================================
--- active/CVE-2016-8658	2016-11-28 09:22:27 UTC (rev 4736)
+++ active/CVE-2016-8658	2016-11-28 19:03:30 UTC (rev 4737)
@@ -8,7 +8,7 @@
  bwh> drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
 Bugs:
 upstream: released (v4.8-rc8) [ded89912156b1a47d940a0c954c43afbabd0c42c]
-3.16-upstream-stable: pending (3.16.39) [brcmfmac-avoid-potential-stack-overflow-in-brcmf_cfg80211_start_ap.patch]
+3.16-upstream-stable: released (3.16.39) [brcmfmac-avoid-potential-stack-overflow-in-brcmf_cfg80211_start_ap.patch]
 3.2-upstream-stable: N/A "Vulnerable code not present"
 sid: released (4.7.5-1)
 3.16-jessie-security: needed

Modified: active/CVE-2016-9083
===================================================================
--- active/CVE-2016-9083	2016-11-28 09:22:27 UTC (rev 4736)
+++ active/CVE-2016-9083	2016-11-28 19:03:30 UTC (rev 4737)
@@ -4,7 +4,7 @@
  https://patchwork.kernel.org/patch/9373631/
 Bugs:
 upstream: released (4.9-rc4) [05692d7005a364add85c6e25a6c4447ce08f913a]
-3.16-upstream-stable: pending (3.16.39) [vfio-pci-fix-integer-overflows-bitmask-check.patch]
+3.16-upstream-stable: released (3.16.39) [vfio-pci-fix-integer-overflows-bitmask-check.patch]
 3.2-upstream-stable: N/A "Vulnerable code not present"
 sid: needed
 3.16-jessie-security: needed

Modified: active/CVE-2016-9084
===================================================================
--- active/CVE-2016-9084	2016-11-28 09:22:27 UTC (rev 4736)
+++ active/CVE-2016-9084	2016-11-28 19:03:30 UTC (rev 4737)
@@ -4,7 +4,7 @@
  https://patchwork.kernel.org/patch/9373631/
 Bugs:
 upstream: released (4.9-rc4) [05692d7005a364add85c6e25a6c4447ce08f913a]
-3.16-upstream-stable: pending (3.16.39) [vfio-pci-fix-integer-overflows-bitmask-check.patch]
+3.16-upstream-stable: released (3.16.39) [vfio-pci-fix-integer-overflows-bitmask-check.patch]
 3.2-upstream-stable: N/A "Vulnerable code not present"
 sid: needed
 3.16-jessie-security: needed

More information about the kernel-sec-discuss mailing list