[kernel-sec-discuss] r5403 - active

Ben Hutchings benh at moszumanska.debian.org
Mon Jul 3 16:38:39 UTC 2017 

Author: benh
Date: 2017-07-03 16:38:39 +0000 (Mon, 03 Jul 2017)
New Revision: 5403

Modified:
   active/CVE-2017-8797
   active/CVE-2017-9984
   active/CVE-2017-9985
   active/CVE-2017-9986
   active/CVE-2017-XSA-216
Log:
Fill in status and add notes for several issues

Modified: active/CVE-2017-8797
===================================================================
--- active/CVE-2017-8797	2017-07-03 16:38:00 UTC (rev 5402)
+++ active/CVE-2017-8797	2017-07-03 16:38:39 UTC (rev 5403)
@@ -1,12 +1,14 @@
 Description: nfsd: remote DoS
 References:
 Notes:
+ bwh> Introduced by commits 9cf514ccfacb "nfsd: implement pNFS operations"
+ bwh> and 8a4c3926889e "nfsd: allow nfsd to advertise multiple layout types".
 Bugs:
 upstream: released (4.12-rc1) [b550a32e60a4941994b437a8d662432a486235a5, f961e3f2acae94b727380c0b74e2d3954d0edf79]
 4.9-upstream-stable: released (4.9.30) [ea465551af30146efea215da58786ff732da70fb, 51d9c51523ec6927a068ee54280b5a4ff3bf401d]
-3.16-upstream-stable:
-3.2-upstream-stable:
+3.16-upstream-stable: N/A "Vulnerable code not present"
+3.2-upstream-stable: N/A "Vulnerable code not present"
 sid: released (4.9.30-1)
 4.9-stretch-security: N/A "Fixed before initial release of stretch"
-3.16-jessie-security:
-3.2-wheezy-security:
+3.16-jessie-security: N/A "Vulnerable code not present"
+3.2-wheezy-security: N/A "Vulnerable code not present"

Modified: active/CVE-2017-9984
===================================================================
--- active/CVE-2017-9984	2017-07-03 16:38:00 UTC (rev 5402)
+++ active/CVE-2017-9984	2017-07-03 16:38:39 UTC (rev 5403)
@@ -1,13 +1,14 @@
 Description: Double fetch problem in sound/isa/msnd/msnd_pinnacle.c
 References:
 Notes:
+ bwh> Malicious ISA cards aren't worth worrying about, unlike USB devices.
 Bugs:
  https://bugzilla.kernel.org/show_bug.cgi?id=196131
 upstream:
-4.9-upstream-stable:
-3.16-upstream-stable:
-3.2-upstream-stable:
-sid:
-4.9-stretch-security:
-3.16-jessie-security:
-3.2-wheezy-security:
+4.9-upstream-stable: ignored "Minor issue"
+3.16-upstream-stable: ignored "Minor issue"
+3.2-upstream-stable: ignored "Minor issue"
+sid: ignored "Minor issue"
+4.9-stretch-security: ignored "Minor issue"
+3.16-jessie-security: ignored "Minor issue"
+3.2-wheezy-security: ignored "Minor issue"

Modified: active/CVE-2017-9985
===================================================================
--- active/CVE-2017-9985	2017-07-03 16:38:00 UTC (rev 5402)
+++ active/CVE-2017-9985	2017-07-03 16:38:39 UTC (rev 5403)
@@ -1,13 +1,14 @@
 Description: Double fetch problem in sound/isa/msnd/msnd_midi.c
 References:
 Notes:
+ bwh> Malicious ISA cards aren't worth worrying about, unlike USB devices.
 Bugs:
  https://bugzilla.kernel.org/show_bug.cgi?id=196133
 upstream:
-4.9-upstream-stable:
-3.16-upstream-stable:
-3.2-upstream-stable:
-sid:
-4.9-stretch-security:
-3.16-jessie-security:
-3.2-wheezy-security:
+4.9-upstream-stable: ignored "Minor issue"
+3.16-upstream-stable: ignored "Minor issue"
+3.2-upstream-stable: ignored "Minor issue"
+sid: ignored "Minor issue"
+4.9-stretch-security: ignored "Minor issue"
+3.16-jessie-security: ignored "Minor issue"
+3.2-wheezy-security: ignored "Minor issue"

Modified: active/CVE-2017-9986
===================================================================
--- active/CVE-2017-9986	2017-07-03 16:38:00 UTC (rev 5402)
+++ active/CVE-2017-9986	2017-07-03 16:38:39 UTC (rev 5403)
@@ -1,13 +1,15 @@
 Description: Double fetch problem in sound/oss/msnd_pinnacle.c
 References:
 Notes:
+ bwh> Malicious ISA cards aren't worth worrying about, unlike USB devices.
+ bwh> Also, Debian doesn't build the OSS drivers.
 Bugs:
  https://bugzilla.kernel.org/show_bug.cgi?id=196135
 upstream:
-4.9-upstream-stable:
-3.16-upstream-stable:
-3.2-upstream-stable:
-sid:
-4.9-stretch-security:
-3.16-jessie-security:
-3.2-wheezy-security:
+4.9-upstream-stable: ignored "Minor issue"
+3.16-upstream-stable: ignored "Minor issue"
+3.2-upstream-stable: ignored "Minor issue"
+sid: ignored "Minor issue"
+4.9-stretch-security: ignored "Minor issue"
+3.16-jessie-security: ignored "Minor issue"
+3.2-wheezy-security: ignored "Minor issue"

Modified: active/CVE-2017-XSA-216
===================================================================
--- active/CVE-2017-XSA-216	2017-07-03 16:38:00 UTC (rev 5402)
+++ active/CVE-2017-XSA-216	2017-07-03 16:38:39 UTC (rev 5403)
@@ -5,9 +5,9 @@
 Bugs:
 upstream: released (4.12-rc7) [089bc0143f489bd3a4578bdff5f4ca68fb26f341]
 4.9-upstream-stable: released (4.9.35) [4ae2cb91a6365a6472fad7f04785cc0420ea5ada]
-3.16-upstream-stable:
-3.2-upstream-stable:
+3.16-upstream-stable: needed
+3.2-upstream-stable: needed
 sid: pending (4.11.8-1)
 4.9-stretch-security: needed
-3.16-jessie-security:
-3.2-wheezy-security:
+3.16-jessie-security: needed
+3.2-wheezy-security: needed

More information about the kernel-sec-discuss mailing list