[kernel-sec-discuss] r5450 - active
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sun Aug 6 12:36:49 UTC 2017
Author: carnil
Date: 2017-08-06 12:36:49 +0000 (Sun, 06 Aug 2017)
New Revision: 5450
Modified:
active/CVE-2017-1000365
active/CVE-2017-10810
active/CVE-2017-10911
active/CVE-2017-11176
active/CVE-2017-7346
active/CVE-2017-7482
active/CVE-2017-7533
active/CVE-2017-7541
active/CVE-2017-7542
active/CVE-2017-9605
Log:
Track 4.9.30-2+deb9u3 already as released as commited to git and uploaded (DSA not yet released)
Modified: active/CVE-2017-1000365
===================================================================
--- active/CVE-2017-1000365 2017-08-03 19:07:09 UTC (rev 5449)
+++ active/CVE-2017-1000365 2017-08-06 12:36:49 UTC (rev 5450)
@@ -9,6 +9,6 @@
3.16-upstream-stable: released (3.16.46) [d7575b387f81c1a92e32c25dcb6a0e14458ae66c]
3.2-upstream-stable: released (3.2.91) [cea299eb189fca09c413432b807abd607385b3bc]
sid: released (4.11.11-1)
-4.9-stretch-security: pending (4.9.30-2+deb9u3) [bugfix/all/fs-exec.c-account-for-argv-envp-pointers.patch]
+4.9-stretch-security: released (4.9.30-2+deb9u3) [bugfix/all/fs-exec.c-account-for-argv-envp-pointers.patch]
3.16-jessie-security: pending (3.16.43-2+deb8u3) [bugfix/all/fs-exec.c-account-for-argv-envp-pointers.patch]
3.2-wheezy-security: needed
Modified: active/CVE-2017-10810
===================================================================
--- active/CVE-2017-10810 2017-08-03 19:07:09 UTC (rev 5449)
+++ active/CVE-2017-10810 2017-08-06 12:36:49 UTC (rev 5450)
@@ -7,6 +7,6 @@
3.16-upstream-stable: N/A "Vulnerable code not present"
3.2-upstream-stable: N/A "Vulnerable code not present"
sid: released (4.11.11-1)
-4.9-stretch-security: pending (4.9.30-2+deb9u3) [bugfix/all/drm-virtio-don-t-leak-bo-on-drm_gem_object_init-fail.patch]
+4.9-stretch-security: released (4.9.30-2+deb9u3) [bugfix/all/drm-virtio-don-t-leak-bo-on-drm_gem_object_init-fail.patch]
3.16-jessie-security: N/A "Vulnerable code not present"
3.2-wheezy-security: N/A "Vulnerable code not present"
Modified: active/CVE-2017-10911
===================================================================
--- active/CVE-2017-10911 2017-08-03 19:07:09 UTC (rev 5449)
+++ active/CVE-2017-10911 2017-08-06 12:36:49 UTC (rev 5450)
@@ -8,6 +8,6 @@
3.16-upstream-stable: released (3.16.46) [d2cc7a18d6342a7025afd16aac6753ad02d788e5]
3.2-upstream-stable: released (3.2.91) [cc21fe1ff77acfab555df5577ea46fc89932f3b2]
sid: released (4.11.11-1)
-4.9-stretch-security: pending (4.9.30-2+deb9u3) [bugfix/all/xen-blkback-don-t-leak-stack-data-via-response-ring.patch]
+4.9-stretch-security: released (4.9.30-2+deb9u3) [bugfix/all/xen-blkback-don-t-leak-stack-data-via-response-ring.patch]
3.16-jessie-security: pending (3.16.43-2+deb8u3) [bugfix/all/xen-blkback-don-t-leak-stack-data-via-response-ring.patch]
3.2-wheezy-security: needed
Modified: active/CVE-2017-11176
===================================================================
--- active/CVE-2017-11176 2017-08-03 19:07:09 UTC (rev 5449)
+++ active/CVE-2017-11176 2017-08-06 12:36:49 UTC (rev 5450)
@@ -9,6 +9,6 @@
3.16-upstream-stable: needed
3.2-upstream-stable: needed
sid: released (4.11.11-1)
-4.9-stretch-security: pending (4.9.30-2+deb9u3) [bugfix/all/mqueue-fix-a-use-after-free-in-sys_mq_notify.patch]
+4.9-stretch-security: released (4.9.30-2+deb9u3) [bugfix/all/mqueue-fix-a-use-after-free-in-sys_mq_notify.patch]
3.16-jessie-security: pending (3.16.43-2+deb8u3) [bugfix/all/mqueue-fix-a-use-after-free-in-sys_mq_notify.patch]
3.2-wheezy-security: needed
Modified: active/CVE-2017-7346
===================================================================
--- active/CVE-2017-7346 2017-08-03 19:07:09 UTC (rev 5449)
+++ active/CVE-2017-7346 2017-08-06 12:36:49 UTC (rev 5450)
@@ -13,6 +13,6 @@
3.16-upstream-stable: released (3.16.45) [7943d19453aa1a1acf93bdb2812e0bef970ec23c]
3.2-upstream-stable: N/A "Vulnerable code not present"
sid: released (4.11.6-1)
-4.9-stretch-security: pending (4.9.30-2+deb9u3) [bugfix/x86/drm-vmwgfx-limit-the-number-of-mip-levels-in-vmw_gb_.patch]
+4.9-stretch-security: released (4.9.30-2+deb9u3) [bugfix/x86/drm-vmwgfx-limit-the-number-of-mip-levels-in-vmw_gb_.patch]
3.16-jessie-security: pending (3.16.43-2+deb8u3) [bugfix/x86/drm-vmwgfx-limit-the-number-of-mip-levels-in-vmw_gb_.patch]
3.2-wheezy-security: N/A "Vulnerable code not present"
Modified: active/CVE-2017-7482
===================================================================
--- active/CVE-2017-7482 2017-08-03 19:07:09 UTC (rev 5449)
+++ active/CVE-2017-7482 2017-08-06 12:36:49 UTC (rev 5450)
@@ -10,6 +10,6 @@
3.16-upstream-stable: released (3.16.45) [e3378be9d9cbe1f77ecfc03b4350991be58f3f82]
3.2-upstream-stable: released (3.2.90) [09c9faacebb3c1e279ec962cff3072995328ca29]
sid: released (4.11.11-1)
-4.9-stretch-security: pending (4.9.30-2+deb9u3) [bugfix/all/rxrpc-Fix-several-cases-where-a-padded-len-isn-t-che.patch]
+4.9-stretch-security: released (4.9.30-2+deb9u3) [bugfix/all/rxrpc-Fix-several-cases-where-a-padded-len-isn-t-che.patch]
3.16-jessie-security: pending (3.16.43-2+deb8u3) [bugfix/all/rxrpc-Fix-several-cases-where-a-padded-len-isn-t-che.patch]
3.2-wheezy-security: pending (3.2.90-1)
Modified: active/CVE-2017-7533
===================================================================
--- active/CVE-2017-7533 2017-08-03 19:07:09 UTC (rev 5449)
+++ active/CVE-2017-7533 2017-08-06 12:36:49 UTC (rev 5450)
@@ -12,6 +12,6 @@
3.16-upstream-stable: needed
3.2-upstream-stable: N/A "Vulnerable code introduced in (3.14-rc1) [7053aee26a3548ebaba046ae2e52396ccf56ac6c]"
sid: pending (4.12.3-1) [bugfix/all/dentry-name-snapshots.patch]
-4.9-stretch-security: pending (4.9.30-2+deb9u3) [bugfix/all/dentry-name-snapshots.patch]
+4.9-stretch-security: released (4.9.30-2+deb9u3) [bugfix/all/dentry-name-snapshots.patch]
3.16-jessie-security: needed
3.2-wheezy-security: N/A "Vulnerable code not present"
Modified: active/CVE-2017-7541
===================================================================
--- active/CVE-2017-7541 2017-08-03 19:07:09 UTC (rev 5449)
+++ active/CVE-2017-7541 2017-08-06 12:36:49 UTC (rev 5450)
@@ -9,6 +9,6 @@
3.16-upstream-stable: pending
3.2-upstream-stable: N/A "Vulnerable code not present"
sid: pending (4.12.3-1)
-4.9-stretch-security: pending (4.9.30-2+deb9u3) [bugfix/all/brcmfmac-fix-possible-buffer-overflow-in-brcmf_cfg80.patch]
+4.9-stretch-security: released (4.9.30-2+deb9u3) [bugfix/all/brcmfmac-fix-possible-buffer-overflow-in-brcmf_cfg80.patch]
3.16-jessie-security: pending (3.16.43-2+deb8u3) [bugfix/all/brcmfmac-fix-possible-buffer-overflow-in-brcmf_cfg80.patch]
3.2-wheezy-security: N/A "Vulnerable code not present"
Modified: active/CVE-2017-7542
===================================================================
--- active/CVE-2017-7542 2017-08-03 19:07:09 UTC (rev 5449)
+++ active/CVE-2017-7542 2017-08-06 12:36:49 UTC (rev 5450)
@@ -7,6 +7,6 @@
3.16-upstream-stable: needed
3.2-upstream-stable: needed
sid: pending (4.12.3-1) [bugfix/all/ipv6-avoid-overflow-of-offset-in-ip6_find_1stfragopt.patch]
-4.9-stretch-security: pending (4.9.30-2+deb9u3) [bugfix/all/ipv6-avoid-overflow-of-offset-in-ip6_find_1stfragopt.patch]
+4.9-stretch-security: released (4.9.30-2+deb9u3) [bugfix/all/ipv6-avoid-overflow-of-offset-in-ip6_find_1stfragopt.patch]
3.16-jessie-security: pending (3.16.43-2+deb8u3) [bugfix/all/ipv6-avoid-overflow-of-offset-in-ip6_find_1stfragopt.patch]
3.2-wheezy-security: needed
Modified: active/CVE-2017-9605
===================================================================
--- active/CVE-2017-9605 2017-08-03 19:07:09 UTC (rev 5449)
+++ active/CVE-2017-9605 2017-08-06 12:36:49 UTC (rev 5450)
@@ -9,6 +9,6 @@
3.16-upstream-stable: released (3.16.46) [26823129d84c6ca3e12b17af7a8e78c579b3bca5]
3.2-upstream-stable: N/A "Vulnerable code not present"
sid: released (4.11.6-1)
-4.9-stretch-security: pending (4.9.30-2+deb9u3) [bugfix/x86/drm-vmwgfx-Make-sure-backup_handle-is-always-valid.patch]
+4.9-stretch-security: released (4.9.30-2+deb9u3) [bugfix/x86/drm-vmwgfx-Make-sure-backup_handle-is-always-valid.patch]
3.16-jessie-security: pending (3.16.43-2+deb8u3) [bugfix/x86/drm-vmwgfx-Make-sure-backup_handle-is-always-valid.patch]
3.2-wheezy-security: N/A "Vulnerable code not present"
More information about the kernel-sec-discuss
mailing list