[kernel-sec-discuss] r5194 - active
Ben Hutchings
benh at moszumanska.debian.org
Sat Apr 22 02:15:38 UTC 2017
Author: benh
Date: 2017-04-22 02:15:38 +0000 (Sat, 22 Apr 2017)
New Revision: 5194
Modified:
active/CVE-2016-9604
active/CVE-2017-7472
Log:
Mark issues pending for jessie
Modified: active/CVE-2016-9604
===================================================================
--- active/CVE-2016-9604 2017-04-22 01:27:56 UTC (rev 5193)
+++ active/CVE-2016-9604 2017-04-22 02:15:38 UTC (rev 5194)
@@ -1,11 +1,15 @@
Description: KEYS: Disallow keyrings beginning with '.' to be joined as session keyrings
References:
Notes:
+ bwh> A similar issue was fixed in 3.17 by commit a4e3b8d79a5c
+ bwh> "KEYS: special dot prefixed keyring name bug fix" (which wrongly
+ bwh> removed another check - fixed by commit 54e2c2c1a9d6
+ bwh> "KEYS: Reinstate EPERM for a key type name beginning with a '.'")
Bugs:
upstream: pending [ee8f844e3c5a73b999edf733df1c529d6503ec2f]
4.9-upstream-stable: needed
3.16-upstream-stable: needed
3.2-upstream-stable: needed
sid: pending (4.9.24-1) [bugfix/all/keys-disallow-keyrings-beginning-with-.-to-be-joined.patch]
-3.16-jessie-security: needed
+3.16-jessie-security: pending (3.16.43-1) [bugfix/all/keys-disallow-keyrings-beginning-with-.-to-be-joined.patch]
3.2-wheezy-security: needed
Modified: active/CVE-2017-7472
===================================================================
--- active/CVE-2017-7472 2017-04-22 01:27:56 UTC (rev 5193)
+++ active/CVE-2017-7472 2017-04-22 02:15:38 UTC (rev 5194)
@@ -12,5 +12,5 @@
3.16-upstream-stable: needed
3.2-upstream-stable: needed
sid: pending (4.9.24-1) [bugfix/all/keys-fix-keyctl_set_reqkey_keyring-to-not-leak-threa.patch]
-3.16-jessie-security: needed
+3.16-jessie-security: pending (3.16.43-1) [bugfix/all/keys-fix-keyctl_set_reqkey_keyring-to-not-leak-threa.patch]
3.2-wheezy-security: needed
More information about the kernel-sec-discuss
mailing list