[kernel-sec-discuss] r4893 - active retired

Salvatore Bonaccorso carnil at moszumanska.debian.org
Mon Jan 30 05:19:43 UTC 2017


Author: carnil
Date: 2017-01-30 05:19:43 +0000 (Mon, 30 Jan 2017)
New Revision: 4893

Added:
   retired/CVE-2017-5576
   retired/CVE-2017-5577
Removed:
   active/CVE-2017-5576
   active/CVE-2017-5577
Log:
REtire CVE-2017-557{6,7}, fixed both upstream and in every Debian version affected

Deleted: active/CVE-2017-5576
===================================================================
--- active/CVE-2017-5576	2017-01-30 05:19:42 UTC (rev 4892)
+++ active/CVE-2017-5576	2017-01-30 05:19:43 UTC (rev 4893)
@@ -1,11 +0,0 @@
-Description: drm/vc4: Fix an integer overflow in temporary allocation layout
-References:
- https://lkml.org/lkml/2017/1/17/761
-Notes:
-Bugs:
-upstream: released (4.10-rc6) [0f2ff82e11c86c05d051cae32b58226392d33bbf]
-3.16-upstream-stable: N/A "Introduced in 4.5-rc1 with d5b1a78a772f1e31a94f8babfa964152ec5e9aa5"
-3.2-upstream-stable: N/A "Introduced in 4.5-rc1 with d5b1a78a772f1e31a94f8babfa964152ec5e9aa5"
-sid: released (4.9.6-1) [bugfix/arm/drm-vc4-fix-an-integer-overflow-in-temporary-allocation-layout.patch]
-3.16-jessie-security: N/A "Vulnerable code not present"
-3.2-wheezy-security: N/A "Vulnerable code not present"

Deleted: active/CVE-2017-5577
===================================================================
--- active/CVE-2017-5577	2017-01-30 05:19:42 UTC (rev 4892)
+++ active/CVE-2017-5577	2017-01-30 05:19:43 UTC (rev 4893)
@@ -1,11 +0,0 @@
-Description: drm/vc4: Return -EINVAL on the overflow checks failing
-References:
- https://lkml.org/lkml/2017/1/17/759
-Notes:
-Bugs:
-upstream: released (4.10-rc6) [6b8ac63847bc2f958dd93c09edc941a0118992d9]
-3.16-upstream-stable: N/A "Introduced in 4.5-rc1 with d5b1a78a772f1e31a94f8babfa964152ec5e9aa5"
-3.2-upstream-stable: N/A "Introduced in 4.5-rc1 with d5b1a78a772f1e31a94f8babfa964152ec5e9aa5"
-sid: released (4.9.6-1) [bugfix/arm/drm/vc4-return-einval-on-the-overflow-checks-failing.patch]
-3.16-jessie-security: N/A "Vulnerable code not present"
-3.2-wheezy-security: N/A "Vulnerable code not present"

Copied: retired/CVE-2017-5576 (from rev 4892, active/CVE-2017-5576)
===================================================================
--- retired/CVE-2017-5576	                        (rev 0)
+++ retired/CVE-2017-5576	2017-01-30 05:19:43 UTC (rev 4893)
@@ -0,0 +1,11 @@
+Description: drm/vc4: Fix an integer overflow in temporary allocation layout
+References:
+ https://lkml.org/lkml/2017/1/17/761
+Notes:
+Bugs:
+upstream: released (4.10-rc6) [0f2ff82e11c86c05d051cae32b58226392d33bbf]
+3.16-upstream-stable: N/A "Introduced in 4.5-rc1 with d5b1a78a772f1e31a94f8babfa964152ec5e9aa5"
+3.2-upstream-stable: N/A "Introduced in 4.5-rc1 with d5b1a78a772f1e31a94f8babfa964152ec5e9aa5"
+sid: released (4.9.6-1) [bugfix/arm/drm-vc4-fix-an-integer-overflow-in-temporary-allocation-layout.patch]
+3.16-jessie-security: N/A "Vulnerable code not present"
+3.2-wheezy-security: N/A "Vulnerable code not present"

Copied: retired/CVE-2017-5577 (from rev 4892, active/CVE-2017-5577)
===================================================================
--- retired/CVE-2017-5577	                        (rev 0)
+++ retired/CVE-2017-5577	2017-01-30 05:19:43 UTC (rev 4893)
@@ -0,0 +1,11 @@
+Description: drm/vc4: Return -EINVAL on the overflow checks failing
+References:
+ https://lkml.org/lkml/2017/1/17/759
+Notes:
+Bugs:
+upstream: released (4.10-rc6) [6b8ac63847bc2f958dd93c09edc941a0118992d9]
+3.16-upstream-stable: N/A "Introduced in 4.5-rc1 with d5b1a78a772f1e31a94f8babfa964152ec5e9aa5"
+3.2-upstream-stable: N/A "Introduced in 4.5-rc1 with d5b1a78a772f1e31a94f8babfa964152ec5e9aa5"
+sid: released (4.9.6-1) [bugfix/arm/drm/vc4-return-einval-on-the-overflow-checks-failing.patch]
+3.16-jessie-security: N/A "Vulnerable code not present"
+3.2-wheezy-security: N/A "Vulnerable code not present"




More information about the kernel-sec-discuss mailing list