[kernel-sec-discuss] r5837 - active

Ben Hutchings benh at moszumanska.debian.org
Sun Dec 24 15:04:55 UTC 2017 

Author: benh
Date: 2017-12-24 15:04:55 +0000 (Sun, 24 Dec 2017)
New Revision: 5837

Modified:
   active/CVE-2017-17863
   active/CVE-2017-17864
Log:
Fill in status of BPF verifier issues in more branches

Modified: active/CVE-2017-17863
===================================================================
--- active/CVE-2017-17863	2017-12-24 12:33:32 UTC (rev 5836)
+++ active/CVE-2017-17863	2017-12-24 15:04:55 UTC (rev 5837)
@@ -8,11 +8,11 @@
  carnil> for the v4.9 stable tree because the mainline code looks very
  carnil> different at this point."
 Bugs:
-upstream:
-4.9-upstream-stable: needed
+upstream: released (4.15-rc5) [bb7f0f989ca7de1153bd128a40a71709e339fa03]
+4.9-upstream-stable: pending (4.9.72) [bpf-reject-out-of-bounds-stack-pointer-calculation.patch]
 3.16-upstream-stable: N/A "Vulnerable code introduced later"
 3.2-upstream-stable: N/A "Vulnerable code introduced later"
-sid:
+sid: released (4.14.7-1) [bugfix/all/bpf-fix-integer-overflows.patch]
 4.9-stretch-security: released (4.9.65-3+deb9u1) [bugfix/all/bpf-reject-out-of-bounds-stack-pointer-calculation.patch]
 3.16-jessie-security: N/A "Vulnerable code introduced later"
 3.2-wheezy-security: N/A "Vulnerable code introduced later"

Modified: active/CVE-2017-17864
===================================================================
--- active/CVE-2017-17864	2017-12-24 12:33:32 UTC (rev 5836)
+++ active/CVE-2017-17864	2017-12-24 15:04:55 UTC (rev 5837)
@@ -9,12 +9,15 @@
  carnil> how was it fixed? Which upstream commit?
  carnil> So needs to be checked if 179d1c5602997fef5a940c6ddcf31212cbfebd14
  carnil> fixed that problem.
+ bwh> I know that the test case was fixed upstream and in sid by the recent
+ bwh> series of fixes, so have marked this as released even though I'm not
+ bwh> absolutely certain that this is the specific commit that fixed it.
 Bugs:
-upstream:
+upstream: released (4.15-rc5) [179d1c5602997fef5a940c6ddcf31212cbfebd14]
 4.9-upstream-stable: needed
 3.16-upstream-stable: N/A "Vulnerable code introduced later"
 3.2-upstream-stable: N/A "Vulnerable code introduced later"
-sid:
+sid: released (4.14.7-1) [bugfix/all/bpf-don-t-prune-branches-when-a-scalar-is-replaced-w.patch]
 4.9-stretch-security: released (4.9.65-3+deb9u1) [bugfix/all/bpf-verifier-fix-states_equal-comparison-of-pointer-and-unknown.patch]
 3.16-jessie-security: N/A "Vulnerable code introduced later"
 3.2-wheezy-security: N/A "Vulnerable code introduced later"

More information about the kernel-sec-discuss mailing list