[kernel-sec-discuss] r5004 - active
Ben Hutchings
benh at moszumanska.debian.org
Thu Feb 23 23:12:33 UTC 2017
Author: benh
Date: 2017-02-23 23:12:33 +0000 (Thu, 23 Feb 2017)
New Revision: 5004
Modified:
active/CVE-2017-5967
Log:
Triage CVE-2017-5967
Modified: active/CVE-2017-5967
===================================================================
--- active/CVE-2017-5967 2017-02-23 22:54:23 UTC (rev 5003)
+++ active/CVE-2017-5967 2017-02-23 23:12:33 UTC (rev 5004)
@@ -2,11 +2,16 @@
References:
https://bugzilla.kernel.org/show_bug.cgi?id=193921
Notes:
+ bwh> The upstream "fix" for this is to remove the feature, as it is
+ bwh> redundant with tracing. I don't think that change is
+ bwh> acceptable for stable branches, other than possibly 4.9. We
+ bwh> could instead prevent processes outside the initial pid
+ bwh> namespace from opening the file.
Bugs:
upstream: pending [dfb4357da6ddbdf57d583ba64361c9d792b0e0b1]
-4.9-upstream-stable:
-3.16-upstream-stable:
-3.2-upstream-stable:
-sid:
-3.16-jessie-security:
-3.2-wheezy-security:
+4.9-upstream-stable: needed
+3.16-upstream-stable: ignored "Upstream fix is not suitable for backporting"
+3.2-upstream-stable: ignored "Upstream fix is not suitable for backporting"
+sid: needed
+3.16-jessie-security: needed
+3.2-wheezy-security: needed
More information about the kernel-sec-discuss
mailing list