[kernel-sec-discuss] r5010 - active

Ben Hutchings benh at moszumanska.debian.org
Fri Feb 24 03:28:18 UTC 2017 

Author: benh
Date: 2017-02-24 03:28:18 +0000 (Fri, 24 Feb 2017)
New Revision: 5010

Modified:
   active/CVE-2016-10208
   active/CVE-2016-6213
   active/CVE-2016-9588
   active/CVE-2017-2583
   active/CVE-2017-2584
   active/CVE-2017-2618
   active/CVE-2017-5549
   active/CVE-2017-5551
   active/CVE-2017-5897
   active/CVE-2017-5970
   active/CVE-2017-6074
   active/CVE-2017-6214
Log:
Mark issues pending for 3.{2,16}-upstream-stable

Modified: active/CVE-2016-10208
===================================================================
--- active/CVE-2016-10208	2017-02-24 02:48:38 UTC (rev 5009)
+++ active/CVE-2016-10208	2017-02-24 03:28:18 UTC (rev 5010)
@@ -7,7 +7,7 @@
 Bugs:
 upstream: released (4.10-rc1) [3a4b77cd47bb837b8557595ec7425f281f2ca1fe]
 4.9-upstream-stable: released (4.9.9) [13e6ef99d23b05807e7f8a72f45e3d8260b61570]
-3.16-upstream-stable: needed
+3.16-upstream-stable: pending (3.16.41) [ext4-validate-s_first_meta_bg-at-mount-time.patch]
 3.2-upstream-stable: N/A "Introduced in 3.6-rc1 with 952fc18ef9ec707ebdc16c0786ec360295e5ff15"
 sid: released (4.9.10-1)
 3.16-jessie-security: needed

Modified: active/CVE-2016-6213
===================================================================
--- active/CVE-2016-6213	2017-02-24 02:48:38 UTC (rev 5009)
+++ active/CVE-2016-6213	2017-02-24 03:28:18 UTC (rev 5010)
@@ -8,7 +8,7 @@
 Bugs:
 upstream: released (4.9-rc1) [d29216842a85c7970c536108e093963f02714498]
 4.9-upstream-stable: N/A "Fixed before branch point"
-3.16-upstream-stable: needed
+3.16-upstream-stable: pending (3.16.41) [mnt-add-a-per-mount-namespace-limit-on-the-number-of-mounts.patch]
 3.2-upstream-stable: N/A "Unprivileged users cannot manipulate mounts"
 sid: released (4.8.11-1) [bugfix/all/mnt-Add-a-per-mount-namespace-limit-on-the-number-of.patch]
 3.16-jessie-security: needed

Modified: active/CVE-2016-9588
===================================================================
--- active/CVE-2016-9588	2017-02-24 02:48:38 UTC (rev 5009)
+++ active/CVE-2016-9588	2017-02-24 03:28:18 UTC (rev 5010)
@@ -5,8 +5,8 @@
 Bugs:
 upstream: released (4.10-rc1) [ef85b67385436ddc1998f45f1d6a210f935b3388]
 4.9-upstream-stable: released (4.9.2) [3f618a0b872fea38c7d1d1f79eda40f88c6466c2]
-3.16-upstream-stable: needed
-3.2-upstream-stable: needed
+3.16-upstream-stable: pending (3.16.41) [kvm-nvmx-allow-l1-to-intercept-software-exceptions-bp-and-of.patch]
+3.2-upstream-stable: pending (3.2.86) [kvm-nvmx-allow-l1-to-intercept-software-exceptions-bp-and-of.patch]
 sid: released (4.8.15-2) [bugfix/all/kvm-nVMX-Allow-L1-to-intercept-software-exceptions-B.patch]
 3.16-jessie-security: needed
 3.2-wheezy-security: needed

Modified: active/CVE-2017-2583
===================================================================
--- active/CVE-2017-2583	2017-02-24 02:48:38 UTC (rev 5009)
+++ active/CVE-2017-2583	2017-02-24 03:28:18 UTC (rev 5010)
@@ -5,7 +5,7 @@
 Bugs:
 upstream: released (4.10-rc4) [33ab91103b3415e12457e3104f0e4517ce12d0f3]
 4.9-upstream-stable: released (4.9.5) [7718ffcf9a64830bbae148432f625346cde2f2d6]
-3.16-upstream-stable: needed
+3.16-upstream-stable: pending (3.16.41) [kvm-x86-fix-emulation-of-mov-ss-null-selector.patch]
 3.2-upstream-stable: N/A "Vulnerable code introduced in 3.6-rc1 with 79d5b4c3cd809c770d4bf9812635647016c56011"
 sid: released (4.9.6-1)
 3.16-jessie-security: released (3.16.39-1+deb8u1) [bugfix/x86/kvm-x86-fix-emulation-of-mov-ss-null-selector.patch]

Modified: active/CVE-2017-2584
===================================================================
--- active/CVE-2017-2584	2017-02-24 02:48:38 UTC (rev 5009)
+++ active/CVE-2017-2584	2017-02-24 03:28:18 UTC (rev 5010)
@@ -9,7 +9,7 @@
  https://bugzilla.redhat.com/show_bug.cgi?id=1413001
 upstream: released (4.10-rc4) [129a72a0d3c8e139a04512325384fe5ac119e74d]
 4.9-upstream-stable: released (4.9.5) [736e77c07fba8b49cead504b885a82ce52c0ff10]
-3.16-upstream-stable: needed
+3.16-upstream-stable: pending (3.16.41) [kvm-x86-introduce-segmented_write_std.patch]
 3.2-upstream-stable: N/A "Vulnerable code introduced in 3.6-rc1 with 96051572c819194c37a8367624b285be10297eca"
 sid: released (4.9.6-1)
 3.16-jessie-security: released (3.16.39-1+deb8u1) [bugfix/x86/kvm-x86-introduce-segmented_write_std.patch]

Modified: active/CVE-2017-2618
===================================================================
--- active/CVE-2017-2618	2017-02-24 02:48:38 UTC (rev 5009)
+++ active/CVE-2017-2618	2017-02-24 03:28:18 UTC (rev 5010)
@@ -13,7 +13,7 @@
 Bugs:
 upstream: released (4.10-rc8) [0c461cb727d146c9ef2d3e86214f498b78b7d125]
 4.9-upstream-stable: released (4.9.10) [6cbaf7b94373743deb42fd410173aab81f8945fe]
-3.16-upstream-stable: needed
+3.16-upstream-stable: pending (3.16.41) [selinux-fix-off-by-one-in-setprocattr.patch]
 3.2-upstream-stable: N/A "Vulnerable code not present"
 sid: released (4.9.10-1)
 3.16-jessie-security: released (3.16.39-1+deb8u1) [bugfix/all/selinux-fix-off-by-one-in-setprocattr.patch]

Modified: active/CVE-2017-5549
===================================================================
--- active/CVE-2017-5549	2017-02-24 02:48:38 UTC (rev 5009)
+++ active/CVE-2017-5549	2017-02-24 03:28:18 UTC (rev 5010)
@@ -4,8 +4,8 @@
 Bugs:
 upstream: released (4.10-rc4) [146cc8a17a3b4996f6805ee5c080e7101277c410]
 4.9-upstream-stable: released (4.9.5) [58ede4beda662c4e1681fee4fae2174028a1a841]
-3.16-upstream-stable: needed
-3.2-upstream-stable: needed
+3.16-upstream-stable: pending (3.16.41) [usb-serial-kl5kusb105-fix-line-state-error-handling.patch]
+3.2-upstream-stable: pending (3.2.86) [usb-serial-kl5kusb105-fix-line-state-error-handling.patch]
 sid: released (4.9.6-1)
 3.16-jessie-security: released (3.16.39-1+deb8u1) [bugfix/all/usb-serial-kl5kusb105-fix-line-state-error-handling.patch]
 3.2-wheezy-security: released (3.2.84-2) [bugfix/all/usb-serial-kl5kusb105-fix-line-state-error-handling.patch]

Modified: active/CVE-2017-5551
===================================================================
--- active/CVE-2017-5551	2017-02-24 02:48:38 UTC (rev 5009)
+++ active/CVE-2017-5551	2017-02-24 03:28:18 UTC (rev 5010)
@@ -4,7 +4,7 @@
 Bugs:
 upstream: released (4.10-rc4) [497de07d89c1410d76a15bec2bb41f24a2a89f31]
 4.9-upstream-stable: released (4.9.6) [782b361c93062f083bbc9a78928498218f950399]
-3.16-upstream-stable: needed
+3.16-upstream-stable: pending (3.16.41) [tmpfs-clear-s_isgid-when-setting-posix-acls.patch]
 3.2-upstream-stable: N/A "Backported fix for CVE-2016-7097 already covered this"
 sid: released (4.9.6-1)
 3.16-jessie-security: released (3.16.39-1+deb8u1) [bugfix/all/tmpfs-clear-s_isgid-when-setting-posix-acls.patch]

Modified: active/CVE-2017-5897
===================================================================
--- active/CVE-2017-5897	2017-02-24 02:48:38 UTC (rev 5009)
+++ active/CVE-2017-5897	2017-02-24 03:28:18 UTC (rev 5010)
@@ -4,7 +4,7 @@
 Bugs:
 upstream: released (4.10-rc8) [7892032cfe67f4bde6fc2ee967e45a8fbaf33756]
 4.9-upstream-stable: released (4.9.11) [ae1768bbbc469b75662c6714957fe5886cc960c4]
-3.16-upstream-stable: needed
+3.16-upstream-stable: pending (3.16.41) [ip6_gre-fix-ip6gre_err-invalid-reads.patch]
 3.2-upstream-stable: N/A "Vulnerable code introduced in 3.7-rc1 with c12b395a46646bab69089ce7016ac78177f6001f"
 sid: pending (4.9.11-1)
 3.16-jessie-security: released (3.16.39-1+deb8u1) [bugfix/all/ip6_gre-fix-ip6gre_err-invalid-reads.patch]

Modified: active/CVE-2017-5970
===================================================================
--- active/CVE-2017-5970	2017-02-24 02:48:38 UTC (rev 5009)
+++ active/CVE-2017-5970	2017-02-24 03:28:18 UTC (rev 5010)
@@ -6,7 +6,7 @@
 Bugs:
 upstream: released (4.10-rc8) [34b2cef20f19c87999fff3da4071e66937db9644]
 4.9-upstream-stable: released (4.9.11) [f5b54446630a973e1f27b68599366bbd0ac53066]
-3.16-upstream-stable: needed
+3.16-upstream-stable: pending (3.16.41) [ipv4-keep-skb-dst-around-in-presence-of-ip-options.patch]
 3.2-upstream-stable: N/A "Vulnerable code introduced in 3.3-rc1 with d826eb14ecef3574b6b3be55e5f4329f4a76fbf3"
 sid: released (4.9.10-1) [bugfix/all/ipv4-keep-skb-dst-around-in-presence-of-IP-options.patch]
 3.16-jessie-security: released (3.16.39-1+deb8u1) [bugfix/all/ipv4-keep-skb-dst-around-in-presence-of-ip-options.patch]

Modified: active/CVE-2017-6074
===================================================================
--- active/CVE-2017-6074	2017-02-24 02:48:38 UTC (rev 5009)
+++ active/CVE-2017-6074	2017-02-24 03:28:18 UTC (rev 5010)
@@ -5,8 +5,8 @@
 Bugs:
 upstream: released (4.10) [5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4]
 4.9-upstream-stable: needed
-3.16-upstream-stable: needed
-3.2-upstream-stable: needed
+3.16-upstream-stable: pending (3.16.41) [dccp-fix-freeing-skb-too-early-for-ipv6_recvpktinfo.patch]
+3.2-upstream-stable: pending (3.2.86) [dccp-fix-freeing-skb-too-early-for-ipv6_recvpktinfo.patch]
 sid: pending (4.9.11-1) [bugfix/all/dccp-fix-freeing-skb-too-early-for-IPV6_RECVPKTINFO.patch]
 3.16-jessie-security: released (3.16.39-1+deb8u1) [bugfix/all/dccp-fix-freeing-skb-too-early-for-IPV6_RECVPKTINFO.patch]
 3.2-wheezy-security: released (3.2.84-2) [bugfix/all/dccp-fix-freeing-skb-too-early-for-IPV6_RECVPKTINFO.patch]

Modified: active/CVE-2017-6214
===================================================================
--- active/CVE-2017-6214	2017-02-24 02:48:38 UTC (rev 5009)
+++ active/CVE-2017-6214	2017-02-24 03:28:18 UTC (rev 5010)
@@ -4,8 +4,8 @@
 Bugs:
 upstream: released (4.10-rc8) [ccf7abb93af09ad0868ae9033d1ca8108bdaec82]
 4.9-upstream-stable: released (4.9.11) [0f895f51a831d73ce24158534784aba5b2a72a9e]
-3.16-upstream-stable: needed
-3.2-upstream-stable: needed
+3.16-upstream-stable: pending (3.16.41) [tcp-avoid-infinite-loop-in-tcp_splice_read.patch]
+3.2-upstream-stable: pending (3.2.86) [tcp-avoid-infinite-loop-in-tcp_splice_read.patch]
 sid: pending (4.9.11-1)
 3.16-jessie-security: needed
 3.2-wheezy-security: needed

More information about the kernel-sec-discuss mailing list