[kernel-sec-discuss] r5177 - active

Ben Hutchings benh at moszumanska.debian.org
Wed Apr 19 18:04:45 UTC 2017 

Author: benh
Date: 2017-04-19 18:04:45 +0000 (Wed, 19 Apr 2017)
New Revision: 5177

Modified:
   active/CVE-2016-10044
   active/CVE-2016-10200
   active/CVE-2016-10208
   active/CVE-2016-6213
   active/CVE-2017-2596
   active/CVE-2017-5967
   active/CVE-2017-5970
   active/CVE-2017-6353
Log:
Mark issues pending for jessie via point release instead of security update

Modified: active/CVE-2016-10044
===================================================================
--- active/CVE-2016-10044	2017-04-19 18:03:15 UTC (rev 5176)
+++ active/CVE-2016-10044	2017-04-19 18:04:45 UTC (rev 5177)
@@ -18,5 +18,5 @@
 3.16-upstream-stable: released (3.16.43) [aio-mark-aio-pseudo-fs-noexec.patch]
 3.2-upstream-stable: ignored "changes required are too invasive"
 sid: released (4.7.8-1)
-3.16-jessie-security: pending (3.16.39-1+deb8u3) [bugfix/all/aio-mark-aio-pseudo-fs-noexec.patch]
+3.16-jessie-security: pending (3.16.43-1) [bugfix/all/aio-mark-aio-pseudo-fs-noexec.patch]
 3.2-wheezy-security: ignored "changes required are too invasive"

Modified: active/CVE-2016-10200
===================================================================
--- active/CVE-2016-10200	2017-04-19 18:03:15 UTC (rev 5176)
+++ active/CVE-2016-10200	2017-04-19 18:04:45 UTC (rev 5177)
@@ -7,5 +7,5 @@
 3.16-upstream-stable: released (3.16.40) [7c3ad0d86f80618c00a5d6a267080238185038f6]
 3.2-upstream-stable: released (3.2.88) [2147a17048314f069838aace1d08b8c719448b50]
 sid: released (4.8.15-1)
-3.16-jessie-security: pending (3.16.39-1+deb8u3) [bugfix/all/l2tp-fix-racy-sock_zapped-flag-check-in-l2tp_ip-6-_b.patch]
+3.16-jessie-security: pending (3.16.43-1) [bugfix/all/l2tp-fix-racy-sock_zapped-flag-check-in-l2tp_ip-6-_b.patch]
 3.2-wheezy-security: pending (3.2.86-2) [bugfix/all/l2tp-fix-racy-sock_zapped-flag-check-in-l2tp_ip-6-_b.patch]

Modified: active/CVE-2016-10208
===================================================================
--- active/CVE-2016-10208	2017-04-19 18:03:15 UTC (rev 5176)
+++ active/CVE-2016-10208	2017-04-19 18:04:45 UTC (rev 5177)
@@ -12,5 +12,5 @@
 3.16-upstream-stable: released (3.16.41) [cde863587b6809fdf61ea3c5391ecf06884b5516]
 3.2-upstream-stable: N/A "Introduced in 3.6-rc1 with 952fc18ef9ec707ebdc16c0786ec360295e5ff15"
 sid: released (4.9.10-1)
-3.16-jessie-security: pending (3.16.39-1+deb8u3) [bugfix/all/ext4-validate-s_first_meta_bg-at-mount-time.patch]
+3.16-jessie-security: pending (3.16.43-1) [bugfix/all/ext4-validate-s_first_meta_bg-at-mount-time.patch]
 3.2-wheezy-security: N/A "Introduced in 3.6-rc1 with 952fc18ef9ec707ebdc16c0786ec360295e5ff15"

Modified: active/CVE-2016-6213
===================================================================
--- active/CVE-2016-6213	2017-04-19 18:03:15 UTC (rev 5176)
+++ active/CVE-2016-6213	2017-04-19 18:04:45 UTC (rev 5177)
@@ -11,5 +11,5 @@
 3.16-upstream-stable: released (3.16.41) [b71f455440fd7ed03f088580b3a117352fc815dd]
 3.2-upstream-stable: N/A "Unprivileged users cannot manipulate mounts"
 sid: released (4.8.11-1) [bugfix/all/mnt-Add-a-per-mount-namespace-limit-on-the-number-of.patch]
-3.16-jessie-security: pending (3.16.39-1+deb8u3) [bugfix/all/mnt-add-a-per-mount-namespace-limit-on-the-number-of.patch]
+3.16-jessie-security: pending (3.16.43-1) [bugfix/all/mnt-add-a-per-mount-namespace-limit-on-the-number-of.patch]
 3.2-wheezy-security: N/A "Unprivileged users cannot manipulate mounts"

Modified: active/CVE-2017-2596
===================================================================
--- active/CVE-2017-2596	2017-04-19 18:03:15 UTC (rev 5176)
+++ active/CVE-2017-2596	2017-04-19 18:04:45 UTC (rev 5177)
@@ -11,5 +11,5 @@
 3.16-upstream-stable: released (3.16.42) [591fc80b6369a886a1d21cacf11f91b455781df3]
 3.2-upstream-stable: N/A "Vulnerable code not present"
 sid: released (4.9.13-1) [bugfix/x86/kvm-fix-page-struct-leak-in-handle_vmon.patch]
-3.16-jessie-security: released (3.16.39-1+deb8u1) [bugfix/x86/kvm-fix-page-struct-leak-in-handle_vmon.patch]
+3.16-jessie-security: released (3.16.43-1) [bugfix/x86/kvm-fix-page-struct-leak-in-handle_vmon.patch]
 3.2-wheezy-security: N/A "Vulnerable code not present"

Modified: active/CVE-2017-5967
===================================================================
--- active/CVE-2017-5967	2017-04-19 18:03:15 UTC (rev 5176)
+++ active/CVE-2017-5967	2017-04-19 18:04:45 UTC (rev 5177)
@@ -13,5 +13,5 @@
 3.16-upstream-stable: ignored "Upstream fix is not suitable for backporting"
 3.2-upstream-stable: ignored "Upstream fix is not suitable for backporting"
 sid: released (4.9.13-1) [debian/time-mark-timer_stats-as-broken.patch]
-3.16-jessie-security: pending (3.16.39-1+deb8u3) [bugfix/all/timer-restrict-timer_stats-to-initial-pid-namespace.patch]
+3.16-jessie-security: pending (3.16.43-1) [bugfix/all/timer-restrict-timer_stats-to-initial-pid-namespace.patch]
 3.2-wheezy-security: pending (3.2.86-2) [bugfix/all/timer-restrict-timer_stats-to-initial-pid-namespace.patch]

Modified: active/CVE-2017-5970
===================================================================
--- active/CVE-2017-5970	2017-04-19 18:03:15 UTC (rev 5176)
+++ active/CVE-2017-5970	2017-04-19 18:04:45 UTC (rev 5177)
@@ -11,5 +11,5 @@
 3.16-upstream-stable: released (3.16.41) [ipv4-keep-skb-dst-around-in-presence-of-ip-options.patch]
 3.2-upstream-stable: released (3.2.88) [ipv4-keep-skb-dst-around-in-presence-of-ip-options.patch]
 sid: released (4.9.10-1) [bugfix/all/ipv4-keep-skb-dst-around-in-presence-of-IP-options.patch]
-3.16-jessie-security: released (3.16.39-1+deb8u1) [bugfix/all/ipv4-keep-skb-dst-around-in-presence-of-ip-options.patch]
+3.16-jessie-security: released (3.16.43-1) [bugfix/all/ipv4-keep-skb-dst-around-in-presence-of-ip-options.patch]
 3.2-wheezy-security: needed

Modified: active/CVE-2017-6353
===================================================================
--- active/CVE-2017-6353	2017-04-19 18:03:15 UTC (rev 5176)
+++ active/CVE-2017-6353	2017-04-19 18:04:45 UTC (rev 5177)
@@ -13,5 +13,5 @@
 3.16-upstream-stable: released (3.16.42) [sctp-deny-peeloff-operation-on-asocs-with-threads-sleeping-on-it.patch]
 3.2-upstream-stable: released (3.2.87) [sctp-deny-peeloff-operation-on-asocs-with-threads-sleeping-on-it.patch]
 sid: released (4.9.13-1) [bugfix/all/sctp-deny-peeloff-operation-on-asocs-with-threads-sl.patch]
-3.16-jessie-security: released (3.16.39-1+deb8u2) [bugfix/all/sctp-deny-peeloff-operation-on-asocs-with-threads-sl.patch]
+3.16-jessie-security: released (3.16.43-1) [bugfix/all/sctp-deny-peeloff-operation-on-asocs-with-threads-sl.patch]
 3.2-wheezy-security: released (3.2.86-1) [bugfix/all/sctp-deny-peeloff-operation-on-asocs-with-threads-sleeping-on-it.patch]

More information about the kernel-sec-discuss mailing list