[kernel-sec-discuss] r5838 - active

Salvatore Bonaccorso carnil at moszumanska.debian.org
Mon Dec 25 18:35:50 UTC 2017 

Author: carnil
Date: 2017-12-25 18:35:49 +0000 (Mon, 25 Dec 2017)
New Revision: 5838

Modified:
   active/CVE-2017-16995
   active/CVE-2017-17862
   active/CVE-2017-17863
Log:
Update CVEs fixed in 4.9.72 for 4.9-upstream-stable

Modified: active/CVE-2017-16995
===================================================================
--- active/CVE-2017-16995	2017-12-24 15:04:55 UTC (rev 5837)
+++ active/CVE-2017-16995	2017-12-25 18:35:49 UTC (rev 5838)
@@ -7,7 +7,7 @@
  carnil> Intorduced in 4.9-rc1 with 484611357c19f9e19ef742ebef4505a07d243cc9
 Bugs:
 upstream: released (4.15-rc5) [95a762e2c8c942780948091f8f2a4f32fce1ac6f]
-4.9-upstream-stable: needed
+4.9-upstream-stable: released (4.9.72) [3695b3b18519099224efbc5875569d2cb6da256d]
 3.16-upstream-stable: N/A "Vulnerable code introduced in 4.9-rc1"
 3.2-upstream-stable: N/A "Vulnerable code introduced in 4.9-rc1"
 sid: released (4.14.7-1) [bugfix/all/bpf-fix-incorrect-sign-extension-in-check_alu_op.patch]

Modified: active/CVE-2017-17862
===================================================================
--- active/CVE-2017-17862	2017-12-24 15:04:55 UTC (rev 5837)
+++ active/CVE-2017-17862	2017-12-25 18:35:49 UTC (rev 5838)
@@ -5,7 +5,7 @@
  carnil> Introduced by 17a5267067f3c372fec9ffb798d6eaba6b5e6a4c in 3.18-rc1
 Bugs:
 upstream: released (4.15-rc1) [c131187db2d3fa2f8bf32fdf4e9a4ef805168467]
-4.9-upstream-stable: needed
+4.9-upstream-stable: released (4.9.72) [7b5b73ea87a06236fa124bdebed1390d362d3439]
 3.16-upstream-stable: N/A "Vulnerable code introduced in 3.18-rc1"
 3.2-upstream-stable: N/A "Vulnerable code introduced in 3.18-rc1"
 sid: needed

Modified: active/CVE-2017-17863
===================================================================
--- active/CVE-2017-17863	2017-12-24 15:04:55 UTC (rev 5837)
+++ active/CVE-2017-17863	2017-12-25 18:35:49 UTC (rev 5838)
@@ -7,9 +7,10 @@
  carnil> mainline. Quoting commit message: "This is a fix specifically
  carnil> for the v4.9 stable tree because the mainline code looks very
  carnil> different at this point."
+ carnil> The 4.9 specific fix is done via d75d3ee237cee9068022117e059b64bbab617f3d
 Bugs:
 upstream: released (4.15-rc5) [bb7f0f989ca7de1153bd128a40a71709e339fa03]
-4.9-upstream-stable: pending (4.9.72) [bpf-reject-out-of-bounds-stack-pointer-calculation.patch]
+4.9-upstream-stable: released (4.9.72) [d75d3ee237cee9068022117e059b64bbab617f3d]
 3.16-upstream-stable: N/A "Vulnerable code introduced later"
 3.2-upstream-stable: N/A "Vulnerable code introduced later"
 sid: released (4.14.7-1) [bugfix/all/bpf-fix-integer-overflows.patch]

More information about the kernel-sec-discuss mailing list