[kernel-sec-discuss] r5445 - active retired
Ben Hutchings
benh at moszumanska.debian.org
Tue Aug 1 00:58:38 UTC 2017
Author: benh
Date: 2017-08-01 00:58:38 +0000 (Tue, 01 Aug 2017)
New Revision: 5445
Added:
retired/CVE-2015-8952
retired/CVE-2017-11472
retired/CVE-2017-11473
retired/CVE-2017-9984
retired/CVE-2017-9985
Removed:
active/CVE-2015-8952
active/CVE-2017-11472
active/CVE-2017-11473
active/CVE-2017-9984
active/CVE-2017-9985
Log:
Retire issues that are released, ignored or N/A on all branches
Deleted: active/CVE-2015-8952
===================================================================
--- active/CVE-2015-8952 2017-08-01 00:55:16 UTC (rev 5444)
+++ active/CVE-2015-8952 2017-08-01 00:58:38 UTC (rev 5445)
@@ -1,23 +0,0 @@
-Description:
-References:
- https://lwn.net/Articles/668718/
- https://bugzilla.redhat.com/show_bug.cgi?id=1360968
- https://bugzilla.kernel.org/show_bug.cgi?id=107301
-Notes:
- bwh> The upstream fix (rewrite of mbcache) is too intrusive to backport.
- bwh> We will mitigate this with cond_resched() as suggested in comment 1
- bwh> on the bz.k.o bug report. I didn't want to add the no_mbcache mount
- bwh> option as in comment 12 because it's a uAPI extension, but it has
- bwh> now been added upstream (commit cdb7ee4c6327) so I think it would be
- bwh> reasonable to add it to supported stable releases.
- bwh> The problem seems to have been introduced (or exacerbated) by commit
- bwh> 1f3e55fe02d1 in 3.15, which added a retry loop in mb_cache_entry_alloc().
-Bugs:
-upstream: released (4.6-rc1) [f9a61eb4e2471c56a63cd804c7474128138c38ac, 82939d7999dfc1f1998c4b1c12e2f19edbdff272, be0726d33cb8f411945884664924bed3cb8c70ee]
-4.9-upstream-stable: N/A "Fixed before branch point"
-3.16-upstream-stable: ignored "Too intrusive to backport"
-3.2-upstream-stable: ignored "Too intrusive to backport, and seems to be minor issue"
-sid: released (4.6.1-1)
-4.9-stretch-security: N/A "Fixed before branching point"
-3.16-jessie-security: ignored "Too intrusive to backport, but will be mitigated"
-3.2-wheezy-security: ignored "Too intrusive to backport, and seems to be minor issue"
Deleted: active/CVE-2017-11472
===================================================================
--- active/CVE-2017-11472 2017-08-01 00:55:16 UTC (rev 5444)
+++ active/CVE-2017-11472 2017-08-01 00:58:38 UTC (rev 5445)
@@ -1,16 +0,0 @@
-Description: ACPICA: Namespace: fix operand cache leak
-References:
-Notes:
- bwh> This is not a valid issue as ACPI tables are trusted. The issue of
- bwh> kASLR being broken through stack traces is mitigated by commit
- bwh> bb5e5ce545f2 "x86/dumpstack: Remove kernel text addresses from stack
- bwh> dump".) and by the dmesg_restrict feature.
-Bugs:
-upstream: released (4.12-rc1) [3b2d69114fefa474fca542e51119036dceb4aa6f]
-4.9-upstream-stable: ignored
-3.16-upstream-stable: ignored
-3.2-upstream-stable: ignored
-sid: ignored
-4.9-stretch-security: ignored
-3.16-jessie-security: ignored
-3.2-wheezy-security: ignored
Deleted: active/CVE-2017-11473
===================================================================
--- active/CVE-2017-11473 2017-08-01 00:55:16 UTC (rev 5444)
+++ active/CVE-2017-11473 2017-08-01 00:58:38 UTC (rev 5445)
@@ -1,14 +0,0 @@
-Description: x86/acpi: Prevent out of bound access caused by broken ACPI tables
-References:
- https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=70ac67826602edf8c0ccb413e5ba7eacf597a60c
-Notes:
- bwh> This is not a valid issue as ACPI tables are trusted.
-Bugs:
-upstream: released (4.13-rc2) [dad5ab0db8deac535d03e3fe3d8f2892173fa6a4]
-4.9-upstream-stable: released (4.9.40) [036d59f40ac94964a1bbc8959f78f34efac71fd5]
-3.16-upstream-stable: ignored
-3.2-upstream-stable: ignored
-sid: ignored
-4.9-stretch-security: ignored
-3.16-jessie-security: ignored
-3.2-wheezy-security: ignored
Deleted: active/CVE-2017-9984
===================================================================
--- active/CVE-2017-9984 2017-08-01 00:55:16 UTC (rev 5444)
+++ active/CVE-2017-9984 2017-08-01 00:58:38 UTC (rev 5445)
@@ -1,14 +0,0 @@
-Description: Double fetch problem in sound/isa/msnd/msnd_pinnacle.c
-References:
-Notes:
- bwh> Malicious ISA cards aren't worth worrying about, unlike USB devices.
-Bugs:
- https://bugzilla.kernel.org/show_bug.cgi?id=196131
-upstream: released (4.13-rc1) [20e2b791796bd68816fa115f12be5320de2b8021]
-4.9-upstream-stable: ignored "Minor issue"
-3.16-upstream-stable: ignored "Minor issue"
-3.2-upstream-stable: ignored "Minor issue"
-sid: ignored "Minor issue"
-4.9-stretch-security: ignored "Minor issue"
-3.16-jessie-security: ignored "Minor issue"
-3.2-wheezy-security: ignored "Minor issue"
Deleted: active/CVE-2017-9985
===================================================================
--- active/CVE-2017-9985 2017-08-01 00:55:16 UTC (rev 5444)
+++ active/CVE-2017-9985 2017-08-01 00:58:38 UTC (rev 5445)
@@ -1,14 +0,0 @@
-Description: Double fetch problem in sound/isa/msnd/msnd_midi.c
-References:
-Notes:
- bwh> Malicious ISA cards aren't worth worrying about, unlike USB devices.
-Bugs:
- https://bugzilla.kernel.org/show_bug.cgi?id=196133
-upstream: released (4.13-rc1) [20e2b791796bd68816fa115f12be5320de2b8021]
-4.9-upstream-stable: ignored "Minor issue"
-3.16-upstream-stable: ignored "Minor issue"
-3.2-upstream-stable: ignored "Minor issue"
-sid: ignored "Minor issue"
-4.9-stretch-security: ignored "Minor issue"
-3.16-jessie-security: ignored "Minor issue"
-3.2-wheezy-security: ignored "Minor issue"
Copied: retired/CVE-2015-8952 (from rev 5444, active/CVE-2015-8952)
===================================================================
--- retired/CVE-2015-8952 (rev 0)
+++ retired/CVE-2015-8952 2017-08-01 00:58:38 UTC (rev 5445)
@@ -0,0 +1,23 @@
+Description:
+References:
+ https://lwn.net/Articles/668718/
+ https://bugzilla.redhat.com/show_bug.cgi?id=1360968
+ https://bugzilla.kernel.org/show_bug.cgi?id=107301
+Notes:
+ bwh> The upstream fix (rewrite of mbcache) is too intrusive to backport.
+ bwh> We will mitigate this with cond_resched() as suggested in comment 1
+ bwh> on the bz.k.o bug report. I didn't want to add the no_mbcache mount
+ bwh> option as in comment 12 because it's a uAPI extension, but it has
+ bwh> now been added upstream (commit cdb7ee4c6327) so I think it would be
+ bwh> reasonable to add it to supported stable releases.
+ bwh> The problem seems to have been introduced (or exacerbated) by commit
+ bwh> 1f3e55fe02d1 in 3.15, which added a retry loop in mb_cache_entry_alloc().
+Bugs:
+upstream: released (4.6-rc1) [f9a61eb4e2471c56a63cd804c7474128138c38ac, 82939d7999dfc1f1998c4b1c12e2f19edbdff272, be0726d33cb8f411945884664924bed3cb8c70ee]
+4.9-upstream-stable: N/A "Fixed before branch point"
+3.16-upstream-stable: ignored "Too intrusive to backport"
+3.2-upstream-stable: ignored "Too intrusive to backport, and seems to be minor issue"
+sid: released (4.6.1-1)
+4.9-stretch-security: N/A "Fixed before branching point"
+3.16-jessie-security: ignored "Too intrusive to backport, but will be mitigated"
+3.2-wheezy-security: ignored "Too intrusive to backport, and seems to be minor issue"
Copied: retired/CVE-2017-11472 (from rev 5444, active/CVE-2017-11472)
===================================================================
--- retired/CVE-2017-11472 (rev 0)
+++ retired/CVE-2017-11472 2017-08-01 00:58:38 UTC (rev 5445)
@@ -0,0 +1,16 @@
+Description: ACPICA: Namespace: fix operand cache leak
+References:
+Notes:
+ bwh> This is not a valid issue as ACPI tables are trusted. The issue of
+ bwh> kASLR being broken through stack traces is mitigated by commit
+ bwh> bb5e5ce545f2 "x86/dumpstack: Remove kernel text addresses from stack
+ bwh> dump".) and by the dmesg_restrict feature.
+Bugs:
+upstream: released (4.12-rc1) [3b2d69114fefa474fca542e51119036dceb4aa6f]
+4.9-upstream-stable: ignored
+3.16-upstream-stable: ignored
+3.2-upstream-stable: ignored
+sid: ignored
+4.9-stretch-security: ignored
+3.16-jessie-security: ignored
+3.2-wheezy-security: ignored
Copied: retired/CVE-2017-11473 (from rev 5444, active/CVE-2017-11473)
===================================================================
--- retired/CVE-2017-11473 (rev 0)
+++ retired/CVE-2017-11473 2017-08-01 00:58:38 UTC (rev 5445)
@@ -0,0 +1,14 @@
+Description: x86/acpi: Prevent out of bound access caused by broken ACPI tables
+References:
+ https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=70ac67826602edf8c0ccb413e5ba7eacf597a60c
+Notes:
+ bwh> This is not a valid issue as ACPI tables are trusted.
+Bugs:
+upstream: released (4.13-rc2) [dad5ab0db8deac535d03e3fe3d8f2892173fa6a4]
+4.9-upstream-stable: released (4.9.40) [036d59f40ac94964a1bbc8959f78f34efac71fd5]
+3.16-upstream-stable: ignored
+3.2-upstream-stable: ignored
+sid: ignored
+4.9-stretch-security: ignored
+3.16-jessie-security: ignored
+3.2-wheezy-security: ignored
Copied: retired/CVE-2017-9984 (from rev 5444, active/CVE-2017-9984)
===================================================================
--- retired/CVE-2017-9984 (rev 0)
+++ retired/CVE-2017-9984 2017-08-01 00:58:38 UTC (rev 5445)
@@ -0,0 +1,14 @@
+Description: Double fetch problem in sound/isa/msnd/msnd_pinnacle.c
+References:
+Notes:
+ bwh> Malicious ISA cards aren't worth worrying about, unlike USB devices.
+Bugs:
+ https://bugzilla.kernel.org/show_bug.cgi?id=196131
+upstream: released (4.13-rc1) [20e2b791796bd68816fa115f12be5320de2b8021]
+4.9-upstream-stable: ignored "Minor issue"
+3.16-upstream-stable: ignored "Minor issue"
+3.2-upstream-stable: ignored "Minor issue"
+sid: ignored "Minor issue"
+4.9-stretch-security: ignored "Minor issue"
+3.16-jessie-security: ignored "Minor issue"
+3.2-wheezy-security: ignored "Minor issue"
Copied: retired/CVE-2017-9985 (from rev 5444, active/CVE-2017-9985)
===================================================================
--- retired/CVE-2017-9985 (rev 0)
+++ retired/CVE-2017-9985 2017-08-01 00:58:38 UTC (rev 5445)
@@ -0,0 +1,14 @@
+Description: Double fetch problem in sound/isa/msnd/msnd_midi.c
+References:
+Notes:
+ bwh> Malicious ISA cards aren't worth worrying about, unlike USB devices.
+Bugs:
+ https://bugzilla.kernel.org/show_bug.cgi?id=196133
+upstream: released (4.13-rc1) [20e2b791796bd68816fa115f12be5320de2b8021]
+4.9-upstream-stable: ignored "Minor issue"
+3.16-upstream-stable: ignored "Minor issue"
+3.2-upstream-stable: ignored "Minor issue"
+sid: ignored "Minor issue"
+4.9-stretch-security: ignored "Minor issue"
+3.16-jessie-security: ignored "Minor issue"
+3.2-wheezy-security: ignored "Minor issue"
More information about the kernel-sec-discuss
mailing list