[kernel-sec-discuss] r5488 - active

Ben Hutchings benh at moszumanska.debian.org
Fri Aug 18 01:36:08 UTC 2017 

Author: benh
Date: 2017-08-18 01:36:08 +0000 (Fri, 18 Aug 2017)
New Revision: 5488

Modified:
   active/CVE-2017-1000111
   active/CVE-2017-1000112
   active/CVE-2017-10661
   active/CVE-2017-11176
   active/CVE-2017-7533
   active/CVE-2017-7542
Log:
Mark issues pending for 3.2-stable and 3.16-stable

Modified: active/CVE-2017-1000111
===================================================================
--- active/CVE-2017-1000111	2017-08-18 00:00:57 UTC (rev 5487)
+++ active/CVE-2017-1000111	2017-08-18 01:36:08 UTC (rev 5488)
@@ -5,8 +5,8 @@
 Bugs:
 upstream: released (4.13-rc5) [c27927e372f0785f3303e8fad94b85945e2c97b7]
 4.9-upstream-stable: released (4.9.43) [e5841355061332f8b326e098949490345dba776b]
-3.16-upstream-stable: needed
-3.2-upstream-stable: needed
+3.16-upstream-stable: pending (3.16.47) [packet-fix-tp_reserve-race-in-packet_set_ring.patch]
+3.2-upstream-stable: pending (3.2.92) [packet-fix-tp_reserve-race-in-packet_set_ring.patch]
 sid: released (4.12.6-1) [bugfix/all/packet-fix-tp_reserve-race-in-packet_set_ring.patch]
 4.9-stretch-security: pending (4.9.30-2+deb9u4) [bugfix/all/packet-fix-tp_reserve-race-in-packet_set_ring.patch]
 3.16-jessie-security: pending (3.16.43-2+deb8u4) [bugfix/all/packet-fix-tp_reserve-race-in-packet_set_ring.patch]

Modified: active/CVE-2017-1000112
===================================================================
--- active/CVE-2017-1000112	2017-08-18 00:00:57 UTC (rev 5487)
+++ active/CVE-2017-1000112	2017-08-18 01:36:08 UTC (rev 5488)
@@ -10,7 +10,7 @@
 Bugs:
 upstream: released (4.13-rc5) [85f1bd9a7b5a79d5baa8bf44af19658f7bf77bfa]
 4.9-upstream-stable: released (4.9.43) [33dc6a6a85f1d6ce71e7056d009b8a5fcbf10f70]
-3.16-upstream-stable: needed
+3.16-upstream-stable: pending (3.16.47) [udp-consistently-apply-ufo-or-fragmentation.patch]
 3.2-upstream-stable: needed
 sid: released (4.12.6-1) [bugfix/all/udp-consistently-apply-ufo-or-fragmentation.patch]
 4.9-stretch-security: pending (4.9.30-2+deb9u4) [bugfix/all/udp-consistently-apply-ufo-or-fragmentation.patch]

Modified: active/CVE-2017-10661
===================================================================
--- active/CVE-2017-10661	2017-08-18 00:00:57 UTC (rev 5487)
+++ active/CVE-2017-10661	2017-08-18 01:36:08 UTC (rev 5488)
@@ -7,8 +7,8 @@
 Bugs:
 upstream: released (4.11-rc1) [1e38da300e1e395a15048b0af1e5305bd91402f6]
 4.9-upstream-stable: released (4.9.27) [00cca9768ebe1ac4ac16366662dd9087b6e5f4e7]
-3.16-upstream-stable: needed
-3.2-upstream-stable: needed
+3.16-upstream-stable: pending (3.16.47) [timerfd-protect-the-might-cancel-mechanism-proper.patch]
+3.2-upstream-stable: pending (3.2.92) [timerfd-protect-the-might-cancel-mechanism-proper.patch]
 sid: released (4.9.30-1)
 4.9-stretch-security: N/A "Fixed before initial release of stretch"
 3.16-jessie-security: pending (3.16.43-2+deb8u4) [bugfix/all/timerfd-protect-the-might-cancel-mechanism-proper.patch]

Modified: active/CVE-2017-11176
===================================================================
--- active/CVE-2017-11176	2017-08-18 00:00:57 UTC (rev 5487)
+++ active/CVE-2017-11176	2017-08-18 01:36:08 UTC (rev 5488)
@@ -6,8 +6,8 @@
 Bugs:
 upstream: released (4.13-rc1) [f991af3daabaecff34684fd51fac80319d1baad1]
 4.9-upstream-stable: released (4.9.38) [e6952841ade0f937750c7748a812cb403bd744b0]
-3.16-upstream-stable: needed
-3.2-upstream-stable: needed
+3.16-upstream-stable: pending (3.16.47) [mqueue-fix-a-use-after-free-in-sys_mq_notify.patch]
+3.2-upstream-stable: pending (3.2.92) [mqueue-fix-a-use-after-free-in-sys_mq_notify.patch]
 sid: released (4.11.11-1)
 4.9-stretch-security: released (4.9.30-2+deb9u3) [bugfix/all/mqueue-fix-a-use-after-free-in-sys_mq_notify.patch]
 3.16-jessie-security: released (3.16.43-2+deb8u3) [bugfix/all/mqueue-fix-a-use-after-free-in-sys_mq_notify.patch]

Modified: active/CVE-2017-7533
===================================================================
--- active/CVE-2017-7533	2017-08-18 00:00:57 UTC (rev 5487)
+++ active/CVE-2017-7533	2017-08-18 01:36:08 UTC (rev 5488)
@@ -10,7 +10,7 @@
  https://bugzilla.kernel.org/show_bug.cgi?id=196279
 upstream: released (4.13-rc1) [49d31c2f389acfe83417083e1208422b4091cd9e]
 4.9-upstream-stable: released (4.9.41) [ad25f11ed216d5ce3b5566b2f187b59fa3061b40]
-3.16-upstream-stable: needed
+3.16-upstream-stable: pending (3.16.47) [dentry-name-snapshots.patch]
 3.2-upstream-stable: N/A "Vulnerable code introduced in (3.14-rc1) [7053aee26a3548ebaba046ae2e52396ccf56ac6c]"
 sid: released (4.12.6-1)
 4.9-stretch-security: released (4.9.30-2+deb9u3) [bugfix/all/dentry-name-snapshots.patch]

Modified: active/CVE-2017-7542
===================================================================
--- active/CVE-2017-7542	2017-08-18 00:00:57 UTC (rev 5487)
+++ active/CVE-2017-7542	2017-08-18 01:36:08 UTC (rev 5488)
@@ -4,8 +4,8 @@
 Bugs:
 upstream: released (4.13-rc2) [6399f1fae4ec29fab5ec76070435555e256ca3a6]
 4.9-upstream-stable: released (4.9.42) [4a2ffe1707e3787f93a7d0ff2dec682a57ba25ad]
-3.16-upstream-stable: needed
-3.2-upstream-stable: needed
+3.16-upstream-stable: pending (3.16.47) [ipv6-avoid-overflow-of-offset-in-ip6_find_1stfragopt.patch]
+3.2-upstream-stable: pending (3.2.92) [ipv6-avoid-overflow-of-offset-in-ip6_find_1stfragopt.patch]
 sid: released (4.12.6-1)
 4.9-stretch-security: released (4.9.30-2+deb9u3) [bugfix/all/ipv6-avoid-overflow-of-offset-in-ip6_find_1stfragopt.patch]
 3.16-jessie-security: released (3.16.43-2+deb8u3) [bugfix/all/ipv6-avoid-overflow-of-offset-in-ip6_find_1stfragopt.patch]

More information about the kernel-sec-discuss mailing list