[kernel-sec-discuss] r5798 - active

Ben Hutchings benh at moszumanska.debian.org
Wed Dec 20 19:28:27 UTC 2017 

Author: benh
Date: 2017-12-20 19:28:27 +0000 (Wed, 20 Dec 2017)
New Revision: 5798

Modified:
   active/CVE-2017-1000410
   active/CVE-2017-16538
   active/CVE-2017-16644
   active/CVE-2017-17448
   active/CVE-2017-17449
   active/CVE-2017-17450
   active/CVE-2017-17558
   active/CVE-2017-17712
   active/CVE-2017-17741
   active/CVE-2017-8824
Log:
Mark issues pending for sid

Modified: active/CVE-2017-1000410
===================================================================
--- active/CVE-2017-1000410	2017-12-20 19:25:53 UTC (rev 5797)
+++ active/CVE-2017-1000410	2017-12-20 19:28:27 UTC (rev 5798)
@@ -9,7 +9,7 @@
 4.9-upstream-stable: needed
 3.16-upstream-stable: needed
 3.2-upstream-stable: N/A "Vulnerable code not present"
-sid: needed
+sid: pending (4.14.7-1) [bugfix/all/bluetooth-prevent-stack-info-leak-from-the-efs-element.patch]
 4.9-stretch-security: needed
 3.16-jessie-security: needed
 3.2-wheezy-security: N/A "Vulnerable code not present"

Modified: active/CVE-2017-16538
===================================================================
--- active/CVE-2017-16538	2017-12-20 19:25:53 UTC (rev 5797)
+++ active/CVE-2017-16538	2017-12-20 19:28:27 UTC (rev 5798)
@@ -10,7 +10,7 @@
 4.9-upstream-stable: needed
 3.16-upstream-stable: needed
 3.2-upstream-stable: N/A "Vulnerable code not present"
-sid: needed
+sid: pending (4.14.7-1) [bugfix/all/media-dvb-usb-v2-lmedm04-Improve-logic-checking-of-w.patch, bugfix/all/media-dvb-usb-v2-lmedm04-move-ts2020-attach-to-dm04_.patch]
 4.9-stretch-security: needed
 3.16-jessie-security: needed
 3.2-wheezy-security: N/A "Vulnerable code not present"

Modified: active/CVE-2017-16644
===================================================================
--- active/CVE-2017-16644	2017-12-20 19:25:53 UTC (rev 5797)
+++ active/CVE-2017-16644	2017-12-20 19:28:27 UTC (rev 5798)
@@ -13,7 +13,7 @@
 4.9-upstream-stable: needed
 3.16-upstream-stable: N/A "Vulnerable code not present"
 3.2-upstream-stable: N/A "Vulnerable code not present"
-sid: needed
+sid: pending (4.14.7-1) [bugfix/all/media-hdpvr-fix-an-error-handling-path-in-hdpvr_prob.patch]
 4.9-stretch-security: needed
 3.16-jessie-security: N/A "Vulnerable code not present"
 3.2-wheezy-security: N/A "Vulnerable code not present"

Modified: active/CVE-2017-17448
===================================================================
--- active/CVE-2017-17448	2017-12-20 19:25:53 UTC (rev 5797)
+++ active/CVE-2017-17448	2017-12-20 19:28:27 UTC (rev 5798)
@@ -9,7 +9,7 @@
 4.9-upstream-stable: needed
 3.16-upstream-stable: pending (3.16.52) [netfilter-nfnetlink_cthelper-add-missing-permission-checks.patch]
 3.2-upstream-stable: N/A "User namespaces not supported"
-sid: needed
+sid: pending (4.14.7-1) [bugfix/all/netfilter-nfnetlink_cthelper-add-missing-permission-.patch]
 4.9-stretch-security: needed
 3.16-jessie-security: needed
 3.2-wheezy-security: N/A "User namespaces not supported"

Modified: active/CVE-2017-17449
===================================================================
--- active/CVE-2017-17449	2017-12-20 19:25:53 UTC (rev 5797)
+++ active/CVE-2017-17449	2017-12-20 19:28:27 UTC (rev 5798)
@@ -12,7 +12,7 @@
 4.9-upstream-stable: needed
 3.16-upstream-stable: pending (3.16.52) [netlink-add-netns-check-on-taps.patch]
 3.2-upstream-stable: N/A "Vulnerable code not present"
-sid: needed
+sid: pending (4.14.7-1) [bugfix/all/netlink-add-netns-check-on-taps.patch]
 4.9-stretch-security: needed
 3.16-jessie-security: needed
 3.2-wheezy-security: N/A "Vulnerable code not present"

Modified: active/CVE-2017-17450
===================================================================
--- active/CVE-2017-17450	2017-12-20 19:25:53 UTC (rev 5797)
+++ active/CVE-2017-17450	2017-12-20 19:28:27 UTC (rev 5798)
@@ -7,7 +7,7 @@
 4.9-upstream-stable: needed
 3.16-upstream-stable: pending (3.16.52) [netfilter-xt_osf-add-missing-permission-checks.patch]
 3.2-upstream-stable: N/A "User namespaces not supported"
-sid: needed
+sid: pending (4.14.7-1) [bugfix/all/netfilter-xt_osf-add-missing-permission-checks.patch]
 4.9-stretch-security: needed
 3.16-jessie-security: needed
 3.2-wheezy-security: N/A "User namespaces not supported"

Modified: active/CVE-2017-17558
===================================================================
--- active/CVE-2017-17558	2017-12-20 19:25:53 UTC (rev 5797)
+++ active/CVE-2017-17558	2017-12-20 19:28:27 UTC (rev 5798)
@@ -9,7 +9,7 @@
 4.9-upstream-stable: released (4.9.71) [99542e468b76ae180675566692e0528c4c712661]
 3.16-upstream-stable: pending (3.16.52) [usb-core-prevent-malicious-bnuminterfaces-overflow.patch]
 3.2-upstream-stable: pending (3.2.97) [usb-core-prevent-malicious-bnuminterfaces-overflow.patch]
-sid: needed
+sid: pending (4.14.7-1) [bugfix/all/usb-core-prevent-malicious-bnuminterfaces-overflow.patch]
 4.9-stretch-security: needed
 3.16-jessie-security: needed
 3.2-wheezy-security: needed

Modified: active/CVE-2017-17712
===================================================================
--- active/CVE-2017-17712	2017-12-20 19:25:53 UTC (rev 5797)
+++ active/CVE-2017-17712	2017-12-20 19:28:27 UTC (rev 5798)
@@ -6,7 +6,7 @@
 4.9-upstream-stable: needed
 3.16-upstream-stable: N/A "Vulnerable code introduced in 3.19-rc1 with c008ba5bdc9fa830e1a349b20b0be5a137bdef7a"
 3.2-upstream-stable: N/A "Vulnerable code introduced in 3.19-rc1 with c008ba5bdc9fa830e1a349b20b0be5a137bdef7a"
-sid: needed
+sid: pending (4.14.7-1) [bugfix/all/net-ipv4-fix-for-a-race-condition-in-raw_sendmsg.patch]
 4.9-stretch-security: needed
 3.16-jessie-security: N/A "Vulnerable code not present"
 3.2-wheezy-security: N/A "Vulnerable code not present"

Modified: active/CVE-2017-17741
===================================================================
--- active/CVE-2017-17741	2017-12-20 19:25:53 UTC (rev 5797)
+++ active/CVE-2017-17741	2017-12-20 19:28:27 UTC (rev 5798)
@@ -11,7 +11,7 @@
 4.9-upstream-stable: needed
 3.16-upstream-stable: needed
 3.2-upstream-stable: needed
-sid: needed
+sid: pending (4.14.7-1) [bugfix/all/kvm-fix-stack-out-of-bounds-read-in-write_mmio.patch]
 4.9-stretch-security: needed
 3.16-jessie-security: needed
 3.2-wheezy-security: needed

Modified: active/CVE-2017-8824
===================================================================
--- active/CVE-2017-8824	2017-12-20 19:25:53 UTC (rev 5797)
+++ active/CVE-2017-8824	2017-12-20 19:28:27 UTC (rev 5798)
@@ -8,7 +8,7 @@
 4.9-upstream-stable: needed
 3.16-upstream-stable: pending (3.16.52) [dccp-cve-2017-8824-use-after-free-in-dccp-code.patch]
 3.2-upstream-stable: pending (3.2.97) [dccp-cve-2017-8824-use-after-free-in-dccp-code.patch]
-sid: needed
+sid: pending (4.14.7-1) [bugfix/all/dccp-cve-2017-8824-use-after-free-in-dccp-code.patch]
 4.9-stretch-security: needed
 3.16-jessie-security: needed
 3.2-wheezy-security: released (3.2.96-1) [bugfix/all/dccp-cve-2017-8824-use-after-free-in-dccp-code.patch]

More information about the kernel-sec-discuss mailing list