[kernel-sec-discuss] r5807 - active

[Salvatore Bonaccorso]

Author: carnil
Date: 2017-12-22 06:35:33 +0000 (Fri, 22 Dec 2017)
New Revision: 5807

Modified:
   active/CVE-2017-16995
   active/CVE-2017-16996
Log:
Commits for CVE-2017-1699{5,6} pending upstream

Modified: active/CVE-2017-16995
===================================================================
--- active/CVE-2017-16995	2017-12-21 21:14:31 UTC (rev 5806)
+++ active/CVE-2017-16995	2017-12-22 06:35:33 UTC (rev 5807)
@@ -1,12 +1,11 @@
 Description: bpf: fix incorrect sign extension in check_alu_op()
 References:
- https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=95a762e2c8c942780948091f8f2a4f32fce1ac6f
  http://www.openwall.com/lists/oss-security/2017/12/21/2
  https://github.com/brl/grlh/blob/master/get-rekt-linux-hardened.c
 Notes:
  carnil> Intorduced in 4.9-rc1 with 484611357c19f9e19ef742ebef4505a07d243cc9
 Bugs:
-upstream: needed
+upstream: pending [95a762e2c8c942780948091f8f2a4f32fce1ac6f]
 4.9-upstream-stable: needed
 3.16-upstream-stable: N/A "Vulnerable code introduced in 4.9-rc1"
 3.2-upstream-stable: N/A "Vulnerable code introduced in 4.9-rc1"

Modified: active/CVE-2017-16996
===================================================================
--- active/CVE-2017-16996	2017-12-21 21:14:31 UTC (rev 5806)
+++ active/CVE-2017-16996	2017-12-22 06:35:33 UTC (rev 5807)
@@ -1,11 +1,10 @@
 Description: bpf: fix incorrect tracking of register size truncation
 References:
- https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=0c17d1d2c61936401f4702e1846e2c19b200f958
  http://www.openwall.com/lists/oss-security/2017/12/21/2
 Notes:
  carnil> Introduced in 4.14-rc1 with b03c9f9fdc37dab81ea04d5dacdc5995d4c224c2
 Bugs:
-upstream: needed
+upstream: pending [0c17d1d2c61936401f4702e1846e2c19b200f958]
 4.9-upstream-stable: N/A "Vulnerable code introduced in 4.14-rc1"
 3.16-upstream-stable: N/A "Vulnerable code introduced in 4.14-rc1"
 3.2-upstream-stable: N/A "Vulnerable code introduced in 4.14-rc1"