[kernel-sec-discuss] r5478 - active

Salvatore Bonaccorso carnil at moszumanska.debian.org
Wed Aug 16 04:35:35 UTC 2017


Author: carnil
Date: 2017-08-16 04:35:35 +0000 (Wed, 16 Aug 2017)
New Revision: 5478

Modified:
   active/CVE-2014-9940
   active/CVE-2017-1000363
   active/CVE-2017-1000365
   active/CVE-2017-10911
   active/CVE-2017-11176
   active/CVE-2017-7346
   active/CVE-2017-7482
   active/CVE-2017-7533
   active/CVE-2017-7541
   active/CVE-2017-7542
   active/CVE-2017-7889
   active/CVE-2017-9605
Log:
Mark 3.16.43-2+deb8u3 as released since tagged in git

Modified: active/CVE-2014-9940
===================================================================
--- active/CVE-2014-9940	2017-08-15 12:19:52 UTC (rev 5477)
+++ active/CVE-2014-9940	2017-08-16 04:35:35 UTC (rev 5478)
@@ -11,5 +11,5 @@
 3.2-upstream-stable: N/A "Vulnerable code not present"
 sid: released (4.0.2-1)
 4.9-stretch-security: N/A "Fixed before branching point"
-3.16-jessie-security: pending (3.16.43-2+deb8u3) [bugfix/all/regulator-core-Fix-regualtor_ena_gpio_free-not-to-ac.patch]
+3.16-jessie-security: released (3.16.43-2+deb8u3) [bugfix/all/regulator-core-Fix-regualtor_ena_gpio_free-not-to-ac.patch]
 3.2-wheezy-security: N/A "Vulnerable code not present"

Modified: active/CVE-2017-1000363
===================================================================
--- active/CVE-2017-1000363	2017-08-15 12:19:52 UTC (rev 5477)
+++ active/CVE-2017-1000363	2017-08-16 04:35:35 UTC (rev 5478)
@@ -8,5 +8,5 @@
 3.2-upstream-stable: released (3.2.91) [550845d02afb926d50d1487f9e2b954270c83963]
 sid: released (4.9.30-1)
 4.9-stretch-security: N/A "Fixed before branching point"
-3.16-jessie-security: pending (3.16.43-2+deb8u3) [bugfix/all/char-lp-fix-possible-integer-overflow-in-lp_setup.patch]
+3.16-jessie-security: released (3.16.43-2+deb8u3) [bugfix/all/char-lp-fix-possible-integer-overflow-in-lp_setup.patch]
 3.2-wheezy-security: needed

Modified: active/CVE-2017-1000365
===================================================================
--- active/CVE-2017-1000365	2017-08-15 12:19:52 UTC (rev 5477)
+++ active/CVE-2017-1000365	2017-08-16 04:35:35 UTC (rev 5478)
@@ -10,5 +10,5 @@
 3.2-upstream-stable: released (3.2.91) [cea299eb189fca09c413432b807abd607385b3bc]
 sid: released (4.11.11-1)
 4.9-stretch-security: released (4.9.30-2+deb9u3) [bugfix/all/fs-exec.c-account-for-argv-envp-pointers.patch]
-3.16-jessie-security: pending (3.16.43-2+deb8u3) [bugfix/all/fs-exec.c-account-for-argv-envp-pointers.patch]
+3.16-jessie-security: released (3.16.43-2+deb8u3) [bugfix/all/fs-exec.c-account-for-argv-envp-pointers.patch]
 3.2-wheezy-security: needed

Modified: active/CVE-2017-10911
===================================================================
--- active/CVE-2017-10911	2017-08-15 12:19:52 UTC (rev 5477)
+++ active/CVE-2017-10911	2017-08-16 04:35:35 UTC (rev 5478)
@@ -9,5 +9,5 @@
 3.2-upstream-stable: released (3.2.91) [cc21fe1ff77acfab555df5577ea46fc89932f3b2]
 sid: released (4.11.11-1)
 4.9-stretch-security: released (4.9.30-2+deb9u3) [bugfix/all/xen-blkback-don-t-leak-stack-data-via-response-ring.patch]
-3.16-jessie-security: pending (3.16.43-2+deb8u3) [bugfix/all/xen-blkback-don-t-leak-stack-data-via-response-ring.patch]
+3.16-jessie-security: released (3.16.43-2+deb8u3) [bugfix/all/xen-blkback-don-t-leak-stack-data-via-response-ring.patch]
 3.2-wheezy-security: needed

Modified: active/CVE-2017-11176
===================================================================
--- active/CVE-2017-11176	2017-08-15 12:19:52 UTC (rev 5477)
+++ active/CVE-2017-11176	2017-08-16 04:35:35 UTC (rev 5478)
@@ -10,5 +10,5 @@
 3.2-upstream-stable: needed
 sid: released (4.11.11-1)
 4.9-stretch-security: released (4.9.30-2+deb9u3) [bugfix/all/mqueue-fix-a-use-after-free-in-sys_mq_notify.patch]
-3.16-jessie-security: pending (3.16.43-2+deb8u3) [bugfix/all/mqueue-fix-a-use-after-free-in-sys_mq_notify.patch]
+3.16-jessie-security: released (3.16.43-2+deb8u3) [bugfix/all/mqueue-fix-a-use-after-free-in-sys_mq_notify.patch]
 3.2-wheezy-security: needed

Modified: active/CVE-2017-7346
===================================================================
--- active/CVE-2017-7346	2017-08-15 12:19:52 UTC (rev 5477)
+++ active/CVE-2017-7346	2017-08-16 04:35:35 UTC (rev 5478)
@@ -14,5 +14,5 @@
 3.2-upstream-stable: N/A "Vulnerable code not present"
 sid: released (4.11.6-1)
 4.9-stretch-security: released (4.9.30-2+deb9u3) [bugfix/x86/drm-vmwgfx-limit-the-number-of-mip-levels-in-vmw_gb_.patch]
-3.16-jessie-security: pending (3.16.43-2+deb8u3) [bugfix/x86/drm-vmwgfx-limit-the-number-of-mip-levels-in-vmw_gb_.patch]
+3.16-jessie-security: released (3.16.43-2+deb8u3) [bugfix/x86/drm-vmwgfx-limit-the-number-of-mip-levels-in-vmw_gb_.patch]
 3.2-wheezy-security: N/A "Vulnerable code not present"

Modified: active/CVE-2017-7482
===================================================================
--- active/CVE-2017-7482	2017-08-15 12:19:52 UTC (rev 5477)
+++ active/CVE-2017-7482	2017-08-16 04:35:35 UTC (rev 5478)
@@ -11,5 +11,5 @@
 3.2-upstream-stable: released (3.2.90) [09c9faacebb3c1e279ec962cff3072995328ca29]
 sid: released (4.11.11-1)
 4.9-stretch-security: released (4.9.30-2+deb9u3) [bugfix/all/rxrpc-Fix-several-cases-where-a-padded-len-isn-t-che.patch]
-3.16-jessie-security: pending (3.16.43-2+deb8u3) [bugfix/all/rxrpc-Fix-several-cases-where-a-padded-len-isn-t-che.patch]
+3.16-jessie-security: released (3.16.43-2+deb8u3) [bugfix/all/rxrpc-Fix-several-cases-where-a-padded-len-isn-t-che.patch]
 3.2-wheezy-security: pending (3.2.90-1)

Modified: active/CVE-2017-7533
===================================================================
--- active/CVE-2017-7533	2017-08-15 12:19:52 UTC (rev 5477)
+++ active/CVE-2017-7533	2017-08-16 04:35:35 UTC (rev 5478)
@@ -14,5 +14,5 @@
 3.2-upstream-stable: N/A "Vulnerable code introduced in (3.14-rc1) [7053aee26a3548ebaba046ae2e52396ccf56ac6c]"
 sid: released (4.12.6-1)
 4.9-stretch-security: released (4.9.30-2+deb9u3) [bugfix/all/dentry-name-snapshots.patch]
-3.16-jessie-security: pending (3.16.43-2+deb8u3) [bugfix/all/dentry-name-snapshots.patch]
+3.16-jessie-security: released (3.16.43-2+deb8u3) [bugfix/all/dentry-name-snapshots.patch]
 3.2-wheezy-security: N/A "Vulnerable code not present"

Modified: active/CVE-2017-7541
===================================================================
--- active/CVE-2017-7541	2017-08-15 12:19:52 UTC (rev 5477)
+++ active/CVE-2017-7541	2017-08-16 04:35:35 UTC (rev 5478)
@@ -10,5 +10,5 @@
 3.2-upstream-stable: N/A "Vulnerable code not present"
 sid: released (4.12.6-1)
 4.9-stretch-security: released (4.9.30-2+deb9u3) [bugfix/all/brcmfmac-fix-possible-buffer-overflow-in-brcmf_cfg80.patch]
-3.16-jessie-security: pending (3.16.43-2+deb8u3) [bugfix/all/brcmfmac-fix-possible-buffer-overflow-in-brcmf_cfg80.patch]
+3.16-jessie-security: released (3.16.43-2+deb8u3) [bugfix/all/brcmfmac-fix-possible-buffer-overflow-in-brcmf_cfg80.patch]
 3.2-wheezy-security: N/A "Vulnerable code not present"

Modified: active/CVE-2017-7542
===================================================================
--- active/CVE-2017-7542	2017-08-15 12:19:52 UTC (rev 5477)
+++ active/CVE-2017-7542	2017-08-16 04:35:35 UTC (rev 5478)
@@ -8,5 +8,5 @@
 3.2-upstream-stable: needed
 sid: released (4.12.6-1)
 4.9-stretch-security: released (4.9.30-2+deb9u3) [bugfix/all/ipv6-avoid-overflow-of-offset-in-ip6_find_1stfragopt.patch]
-3.16-jessie-security: pending (3.16.43-2+deb8u3) [bugfix/all/ipv6-avoid-overflow-of-offset-in-ip6_find_1stfragopt.patch]
+3.16-jessie-security: released (3.16.43-2+deb8u3) [bugfix/all/ipv6-avoid-overflow-of-offset-in-ip6_find_1stfragopt.patch]
 3.2-wheezy-security: needed

Modified: active/CVE-2017-7889
===================================================================
--- active/CVE-2017-7889	2017-08-15 12:19:52 UTC (rev 5477)
+++ active/CVE-2017-7889	2017-08-16 04:35:35 UTC (rev 5478)
@@ -13,5 +13,5 @@
 3.2-upstream-stable: released (3.2.91) [b8f254aa17f720053054c4ecff3920973a83b9d6]
 sid: released (4.9.25-1)
 4.9-stretch-security: N/A "Fixed before branching point"
-3.16-jessie-security: pending (3.16.43-2+deb8u3) [bugfix/x86/mm-Tighten-x86-dev-mem-with-zeroing-reads.patch b/debian/patches/bugfix/x86/mm-Tighten-x86-dev-mem-with-zeroing-reads.patch]
+3.16-jessie-security: released (3.16.43-2+deb8u3) [bugfix/x86/mm-Tighten-x86-dev-mem-with-zeroing-reads.patch b/debian/patches/bugfix/x86/mm-Tighten-x86-dev-mem-with-zeroing-reads.patch]
 3.2-wheezy-security: needed

Modified: active/CVE-2017-9605
===================================================================
--- active/CVE-2017-9605	2017-08-15 12:19:52 UTC (rev 5477)
+++ active/CVE-2017-9605	2017-08-16 04:35:35 UTC (rev 5478)
@@ -10,5 +10,5 @@
 3.2-upstream-stable: N/A "Vulnerable code not present"
 sid: released (4.11.6-1)
 4.9-stretch-security: released (4.9.30-2+deb9u3) [bugfix/x86/drm-vmwgfx-Make-sure-backup_handle-is-always-valid.patch]
-3.16-jessie-security: pending (3.16.43-2+deb8u3) [bugfix/x86/drm-vmwgfx-Make-sure-backup_handle-is-always-valid.patch]
+3.16-jessie-security: released (3.16.43-2+deb8u3) [bugfix/x86/drm-vmwgfx-Make-sure-backup_handle-is-always-valid.patch]
 3.2-wheezy-security: N/A "Vulnerable code not present"




More information about the kernel-sec-discuss mailing list