[kernel-sec-discuss] r4887 - active retired

Salvatore Bonaccorso carnil at moszumanska.debian.org
Fri Jan 27 20:51:08 UTC 2017 

Author: carnil
Date: 2017-01-27 20:51:08 +0000 (Fri, 27 Jan 2017)
New Revision: 4887

Added:
   retired/CVE-2016-10153
   retired/CVE-2016-10154
   retired/CVE-2017-5546
   retired/CVE-2017-5547
   retired/CVE-2017-5548
Removed:
   active/CVE-2016-10153
   active/CVE-2016-10154
   active/CVE-2017-5546
   active/CVE-2017-5547
   active/CVE-2017-5548
Log:
Retire CVEs fixed everywhere

Deleted: active/CVE-2016-10153
===================================================================
--- active/CVE-2016-10153	2017-01-27 20:45:34 UTC (rev 4886)
+++ active/CVE-2016-10153	2017-01-27 20:51:08 UTC (rev 4887)
@@ -1,10 +0,0 @@
-Description: libceph: introduce ceph_crypt() for in-place en/decryption
-References:
-Notes:
-Bugs:
-upstream: released (4.10-rc1) [a45f795c65b479b4ba107b6ccde29b896d51ee98]
-3.16-upstream-stable: N/A "Vulnerability introduced with the introduction of VMAP_STACK in 4.9"
-3.2-upstream-stable: N/A "Vulnerability introduced with the introduction of VMAP_STACK in 4.9"
-sid: released (4.9.6-1)
-3.16-jessie-security: N/A "Vulnerability introduced with the introduction of VMAP_STACK in 4.9"
-3.2-wheezy-security: N/A "Vulnerability introduced with the introduction of VMAP_STACK in 4.9"

Deleted: active/CVE-2016-10154
===================================================================
--- active/CVE-2016-10154	2017-01-27 20:45:34 UTC (rev 4886)
+++ active/CVE-2016-10154	2017-01-27 20:51:08 UTC (rev 4887)
@@ -1,10 +0,0 @@
-Description: cifs: Fix smbencrypt() to stop pointing a scatterlist at the stack
-References:
-Notes:
-Bugs:
-upstream: released (4.10-rc1) [06deeec77a5a689cc94b21a8a91a76e42176685d]
-3.16-upstream-stable: N/A "Vulnerability introduced with the introduction of VMAP_STACK in 4.9"
-3.2-upstream-stable: N/A "Vulnerability introduced with the introduction of VMAP_STACK in 4.9"
-sid: released (4.9.2-1)
-3.16-jessie-security: N/A "Vulnerability introduced with the introduction of VMAP_STACK in 4.9"
-3.2-wheezy-security: N/A "Vulnerability introduced with the introduction of VMAP_STACK in 4.9"

Deleted: active/CVE-2017-5546
===================================================================
--- active/CVE-2017-5546	2017-01-27 20:45:34 UTC (rev 4886)
+++ active/CVE-2017-5546	2017-01-27 20:51:08 UTC (rev 4887)
@@ -1,10 +0,0 @@
-Description: mm/slab.c: fix SLAB freelist randomization duplicate entries
-References:
-Notes:
-Bugs:
-upstream: released (4.10-rc4) [c4e490cf148e85ead0d1b1c2caaba833f1d5b29f]
-3.16-upstream-stable: N/A "freelist randomisation introduced in 4.7-rc1 with c7ce4f60ac199fb3521c5fcd64da21cee801ec2b"
-3.2-upstream-stable: N/A "freelist randomisation introduced in 4.7-rc1 with c7ce4f60ac199fb3521c5fcd64da21cee801ec2b"
-sid: released (4.9.6-1)
-3.16-jessie-security: N/A "freelist randomisation introduced in 4.7"
-3.2-wheezy-security: N/A "freelist randomisation introduced in 4.7"

Deleted: active/CVE-2017-5547
===================================================================
--- active/CVE-2017-5547	2017-01-27 20:45:34 UTC (rev 4886)
+++ active/CVE-2017-5547	2017-01-27 20:51:08 UTC (rev 4887)
@@ -1,10 +0,0 @@
-Description: HID: corsair: fix DMA buffers on stack
-References:
-Notes:
-Bugs:
-upstream: released (4.10-rc5) [6d104af38b570d37aa32a5803b04c354f8ed513d]
-3.16-upstream-stable: N/A "Vulnerable code introduced in 4.4-rc1 with 6f78193ee9ea5575180d4462f0f7273a22dd5057"
-3.2-upstream-stable: N/A "Vulnerable code introduced in 4.4-rc1 with 6f78193ee9ea5575180d4462f0f7273a22dd5057"
-sid: released (4.9.6-1)
-3.16-jessie-security: N/A "Vulnerable code not present"
-3.2-wheezy-security: N/A "Vulnerable code not present"

Deleted: active/CVE-2017-5548
===================================================================
--- active/CVE-2017-5548	2017-01-27 20:45:34 UTC (rev 4886)
+++ active/CVE-2017-5548	2017-01-27 20:51:08 UTC (rev 4887)
@@ -1,10 +0,0 @@
-Description: ieee802154: atusb: do not use the stack for buffers to make them DMA able
-References:
-Notes:
-Bugs:
-upstream: released (4.10-rc5) [05a974efa4bdf6e2a150e3f27dc6fcf0a9ad5655]
-3.16-upstream-stable: N/A "Vulnerability introduced with the introduction of VMAP_STACK in 4.9"
-3.2-upstream-stable: N/A "Vulnerability introduced with the introduction of VMAP_STACK in 4.9"
-sid: released (4.9.6-1)
-3.16-jessie-security: N/A "Vulnerability introduced with the introduction of VMAP_STACK in 4.9"
-3.2-wheezy-security: N/A "Vulnerability introduced with the introduction of VMAP_STACK in 4.9"

Copied: retired/CVE-2016-10153 (from rev 4886, active/CVE-2016-10153)
===================================================================
--- retired/CVE-2016-10153	                        (rev 0)
+++ retired/CVE-2016-10153	2017-01-27 20:51:08 UTC (rev 4887)
@@ -0,0 +1,10 @@
+Description: libceph: introduce ceph_crypt() for in-place en/decryption
+References:
+Notes:
+Bugs:
+upstream: released (4.10-rc1) [a45f795c65b479b4ba107b6ccde29b896d51ee98]
+3.16-upstream-stable: N/A "Vulnerability introduced with the introduction of VMAP_STACK in 4.9"
+3.2-upstream-stable: N/A "Vulnerability introduced with the introduction of VMAP_STACK in 4.9"
+sid: released (4.9.6-1)
+3.16-jessie-security: N/A "Vulnerability introduced with the introduction of VMAP_STACK in 4.9"
+3.2-wheezy-security: N/A "Vulnerability introduced with the introduction of VMAP_STACK in 4.9"

Copied: retired/CVE-2016-10154 (from rev 4886, active/CVE-2016-10154)
===================================================================
--- retired/CVE-2016-10154	                        (rev 0)
+++ retired/CVE-2016-10154	2017-01-27 20:51:08 UTC (rev 4887)
@@ -0,0 +1,10 @@
+Description: cifs: Fix smbencrypt() to stop pointing a scatterlist at the stack
+References:
+Notes:
+Bugs:
+upstream: released (4.10-rc1) [06deeec77a5a689cc94b21a8a91a76e42176685d]
+3.16-upstream-stable: N/A "Vulnerability introduced with the introduction of VMAP_STACK in 4.9"
+3.2-upstream-stable: N/A "Vulnerability introduced with the introduction of VMAP_STACK in 4.9"
+sid: released (4.9.2-1)
+3.16-jessie-security: N/A "Vulnerability introduced with the introduction of VMAP_STACK in 4.9"
+3.2-wheezy-security: N/A "Vulnerability introduced with the introduction of VMAP_STACK in 4.9"

Copied: retired/CVE-2017-5546 (from rev 4886, active/CVE-2017-5546)
===================================================================
--- retired/CVE-2017-5546	                        (rev 0)
+++ retired/CVE-2017-5546	2017-01-27 20:51:08 UTC (rev 4887)
@@ -0,0 +1,10 @@
+Description: mm/slab.c: fix SLAB freelist randomization duplicate entries
+References:
+Notes:
+Bugs:
+upstream: released (4.10-rc4) [c4e490cf148e85ead0d1b1c2caaba833f1d5b29f]
+3.16-upstream-stable: N/A "freelist randomisation introduced in 4.7-rc1 with c7ce4f60ac199fb3521c5fcd64da21cee801ec2b"
+3.2-upstream-stable: N/A "freelist randomisation introduced in 4.7-rc1 with c7ce4f60ac199fb3521c5fcd64da21cee801ec2b"
+sid: released (4.9.6-1)
+3.16-jessie-security: N/A "freelist randomisation introduced in 4.7"
+3.2-wheezy-security: N/A "freelist randomisation introduced in 4.7"

Copied: retired/CVE-2017-5547 (from rev 4886, active/CVE-2017-5547)
===================================================================
--- retired/CVE-2017-5547	                        (rev 0)
+++ retired/CVE-2017-5547	2017-01-27 20:51:08 UTC (rev 4887)
@@ -0,0 +1,10 @@
+Description: HID: corsair: fix DMA buffers on stack
+References:
+Notes:
+Bugs:
+upstream: released (4.10-rc5) [6d104af38b570d37aa32a5803b04c354f8ed513d]
+3.16-upstream-stable: N/A "Vulnerable code introduced in 4.4-rc1 with 6f78193ee9ea5575180d4462f0f7273a22dd5057"
+3.2-upstream-stable: N/A "Vulnerable code introduced in 4.4-rc1 with 6f78193ee9ea5575180d4462f0f7273a22dd5057"
+sid: released (4.9.6-1)
+3.16-jessie-security: N/A "Vulnerable code not present"
+3.2-wheezy-security: N/A "Vulnerable code not present"

Copied: retired/CVE-2017-5548 (from rev 4886, active/CVE-2017-5548)
===================================================================
--- retired/CVE-2017-5548	                        (rev 0)
+++ retired/CVE-2017-5548	2017-01-27 20:51:08 UTC (rev 4887)
@@ -0,0 +1,10 @@
+Description: ieee802154: atusb: do not use the stack for buffers to make them DMA able
+References:
+Notes:
+Bugs:
+upstream: released (4.10-rc5) [05a974efa4bdf6e2a150e3f27dc6fcf0a9ad5655]
+3.16-upstream-stable: N/A "Vulnerability introduced with the introduction of VMAP_STACK in 4.9"
+3.2-upstream-stable: N/A "Vulnerability introduced with the introduction of VMAP_STACK in 4.9"
+sid: released (4.9.6-1)
+3.16-jessie-security: N/A "Vulnerability introduced with the introduction of VMAP_STACK in 4.9"
+3.2-wheezy-security: N/A "Vulnerability introduced with the introduction of VMAP_STACK in 4.9"

More information about the kernel-sec-discuss mailing list