[kernel-sec-discuss] r5839 - active retired

Salvatore Bonaccorso carnil at moszumanska.debian.org
Mon Dec 25 18:37:09 UTC 2017


Author: carnil
Date: 2017-12-25 18:37:09 +0000 (Mon, 25 Dec 2017)
New Revision: 5839

Added:
   retired/CVE-2017-17863
Removed:
   active/CVE-2017-17863
Log:
Retire CVE-2017-17863

Deleted: active/CVE-2017-17863
===================================================================
--- active/CVE-2017-17863	2017-12-25 18:35:49 UTC (rev 5838)
+++ active/CVE-2017-17863	2017-12-25 18:37:09 UTC (rev 5839)
@@ -1,19 +0,0 @@
-Description: bpf: reject out-of-bounds stack pointer calculation
-References:
- https://www.spinics.net/lists/stable/msg206985.html
-Notes:
- carnil> Introduced by 7bca0a9702edfc8d0e7e46f984ca422ffdbe0498 (4.9.28)
- carnil> which is 332270fdc8b6fba07d059a9ad44df9e1a2ad4529 (4.12-rc1) in
- carnil> mainline. Quoting commit message: "This is a fix specifically
- carnil> for the v4.9 stable tree because the mainline code looks very
- carnil> different at this point."
- carnil> The 4.9 specific fix is done via d75d3ee237cee9068022117e059b64bbab617f3d
-Bugs:
-upstream: released (4.15-rc5) [bb7f0f989ca7de1153bd128a40a71709e339fa03]
-4.9-upstream-stable: released (4.9.72) [d75d3ee237cee9068022117e059b64bbab617f3d]
-3.16-upstream-stable: N/A "Vulnerable code introduced later"
-3.2-upstream-stable: N/A "Vulnerable code introduced later"
-sid: released (4.14.7-1) [bugfix/all/bpf-fix-integer-overflows.patch]
-4.9-stretch-security: released (4.9.65-3+deb9u1) [bugfix/all/bpf-reject-out-of-bounds-stack-pointer-calculation.patch]
-3.16-jessie-security: N/A "Vulnerable code introduced later"
-3.2-wheezy-security: N/A "Vulnerable code introduced later"

Copied: retired/CVE-2017-17863 (from rev 5838, active/CVE-2017-17863)
===================================================================
--- retired/CVE-2017-17863	                        (rev 0)
+++ retired/CVE-2017-17863	2017-12-25 18:37:09 UTC (rev 5839)
@@ -0,0 +1,19 @@
+Description: bpf: reject out-of-bounds stack pointer calculation
+References:
+ https://www.spinics.net/lists/stable/msg206985.html
+Notes:
+ carnil> Introduced by 7bca0a9702edfc8d0e7e46f984ca422ffdbe0498 (4.9.28)
+ carnil> which is 332270fdc8b6fba07d059a9ad44df9e1a2ad4529 (4.12-rc1) in
+ carnil> mainline. Quoting commit message: "This is a fix specifically
+ carnil> for the v4.9 stable tree because the mainline code looks very
+ carnil> different at this point."
+ carnil> The 4.9 specific fix is done via d75d3ee237cee9068022117e059b64bbab617f3d
+Bugs:
+upstream: released (4.15-rc5) [bb7f0f989ca7de1153bd128a40a71709e339fa03]
+4.9-upstream-stable: released (4.9.72) [d75d3ee237cee9068022117e059b64bbab617f3d]
+3.16-upstream-stable: N/A "Vulnerable code introduced later"
+3.2-upstream-stable: N/A "Vulnerable code introduced later"
+sid: released (4.14.7-1) [bugfix/all/bpf-fix-integer-overflows.patch]
+4.9-stretch-security: released (4.9.65-3+deb9u1) [bugfix/all/bpf-reject-out-of-bounds-stack-pointer-calculation.patch]
+3.16-jessie-security: N/A "Vulnerable code introduced later"
+3.2-wheezy-security: N/A "Vulnerable code introduced later"




More information about the kernel-sec-discuss mailing list