[kernel-sec-discuss] r4747 - active
Ben Hutchings
benh at moszumanska.debian.org
Wed Nov 30 02:13:59 UTC 2016
Author: benh
Date: 2016-11-30 02:13:59 +0000 (Wed, 30 Nov 2016)
New Revision: 4747
Modified:
active/CVE-2015-8962
active/CVE-2015-8963
active/CVE-2015-8964
active/CVE-2016-8645
active/CVE-2016-9555
Log:
Fill in description and status of various issues
Modified: active/CVE-2015-8962
===================================================================
--- active/CVE-2015-8962 2016-11-29 19:32:08 UTC (rev 4746)
+++ active/CVE-2015-8962 2016-11-30 02:13:59 UTC (rev 4747)
@@ -1,10 +1,10 @@
-Description:
+Description: Double-free in sg driver after hot-unplug during I/O
References:
Notes:
Bugs:
upstream: released (v4.4-rc1) [f3951a3709ff50990bf3e188c27d346792103432]
-3.16-upstream-stable:
-3.2-upstream-stable:
+3.16-upstream-stable: needed
+3.2-upstream-stable: needed
sid: released (4.4.2-1)
-3.16-jessie-security:
-3.2-wheezy-security:
+3.16-jessie-security: needed
+3.2-wheezy-security: needed
Modified: active/CVE-2015-8963
===================================================================
--- active/CVE-2015-8963 2016-11-29 19:32:08 UTC (rev 4746)
+++ active/CVE-2015-8963 2016-11-30 02:13:59 UTC (rev 4747)
@@ -1,10 +1,10 @@
-Description:
+Description: Use-after-free in perf subsystem after CPU hot-unplug
References:
Notes:
Bugs:
upstream: released (4.4) [12ca6ad2e3a896256f086497a7c7406a547ee373]
-3.16-upstream-stable:
-3.2-upstream-stable:
+3.16-upstream-stable: needed
+3.2-upstream-stable: needed
sid: released (4.4.2-1)
-3.16-jessie-security:
-3.2-wheezy-security:
+3.16-jessie-security: needed
+3.2-wheezy-security: needed
Modified: active/CVE-2015-8964
===================================================================
--- active/CVE-2015-8964 2016-11-29 19:32:08 UTC (rev 4746)
+++ active/CVE-2015-8964 2016-11-30 02:13:59 UTC (rev 4747)
@@ -1,10 +1,18 @@
-Description:
+Description: Potential information leak or use-after-free in tty subsystem
References:
+ https://source.android.com/security/bulletin/2016-11-01.html
Notes:
+ bwh> A known use-after-free bug in N_X25 has already been fixed
+ bwh> (commit ee9159ddce14, no CVE assigned). The Android security
+ bwh> bulletin says this fixes an information leak, presumably because
+ bwh> if receive_room is too large it will permit reading beyond a
+ bwh> buffer. We also need commit fd98e9419d8d ("isdn/gigaset: reset
+ bwh> tty->receive_room when attaching ser_gigaset") to avoid a
+ bwh> regression.
Bugs:
upstream: released (4.5-rc1) [dd42bf1197144ede075a9d4793123f7689e164bc]
-3.16-upstream-stable:
-3.2-upstream-stable:
+3.16-upstream-stable: needed
+3.2-upstream-stable: needed
sid: released (4.5.1-1)
-3.16-jessie-security:
-3.2-wheezy-security:
+3.16-jessie-security: needed
+3.2-wheezy-security: needed
Modified: active/CVE-2016-8645
===================================================================
--- active/CVE-2016-8645 2016-11-29 19:32:08 UTC (rev 4746)
+++ active/CVE-2016-8645 2016-11-30 02:13:59 UTC (rev 4747)
@@ -13,8 +13,8 @@
Notes:
Bugs:
upstream: released (4.9-rc6) [ac6e780070e30e4c35bd395acfe9191e6268bdd3]
-3.16-upstream-stable:
-3.2-upstream-stable:
+3.16-upstream-stable: needed
+3.2-upstream-stable: needed
sid: pending (4.8.11-1) [2b5f22e4f7fd208c8d392e5c3755cea1f562cb98]
-3.16-jessie-security:
-3.2-wheezy-security:
+3.16-jessie-security: needed
+3.2-wheezy-security: needed
Modified: active/CVE-2016-9555
===================================================================
--- active/CVE-2016-9555 2016-11-29 19:32:08 UTC (rev 4746)
+++ active/CVE-2016-9555 2016-11-30 02:13:59 UTC (rev 4747)
@@ -3,8 +3,8 @@
Notes:
Bugs:
upstream: released (4.9-rc4) [bf911e985d6bbaa328c20c3e05f4eb03de11fdd6]
-3.16-upstream-stable:
-3.2-upstream-stable:
+3.16-upstream-stable: needed
+3.2-upstream-stable: needed
sid: pending (4.8.11-1)
-3.16-jessie-security:
-3.2-wheezy-security:
+3.16-jessie-security: needed
+3.2-wheezy-security: needed
More information about the kernel-sec-discuss
mailing list