[kernel-sec-discuss] r5443 - active
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Fri Jul 28 08:16:20 UTC 2017
Author: carnil
Date: 2017-07-28 08:16:19 +0000 (Fri, 28 Jul 2017)
New Revision: 5443
Modified:
active/CVE-2017-1000363
active/CVE-2017-1000365
active/CVE-2017-10911
active/CVE-2017-11176
active/CVE-2017-7542
active/CVE-2017-7889
active/CVE-2017-9605
Log:
Mark some CVEs as pending for 3.16.43-2+deb8u3
Modified: active/CVE-2017-1000363
===================================================================
--- active/CVE-2017-1000363 2017-07-28 04:20:49 UTC (rev 5442)
+++ active/CVE-2017-1000363 2017-07-28 08:16:19 UTC (rev 5443)
@@ -8,5 +8,5 @@
3.2-upstream-stable: released (3.2.91) [550845d02afb926d50d1487f9e2b954270c83963]
sid: released (4.9.30-1)
4.9-stretch-security: N/A "Fixed before branching point"
-3.16-jessie-security: needed
+3.16-jessie-security: pending (3.16.43-2+deb8u3) [bugfix/all/char-lp-fix-possible-integer-overflow-in-lp_setup.patch]
3.2-wheezy-security: needed
Modified: active/CVE-2017-1000365
===================================================================
--- active/CVE-2017-1000365 2017-07-28 04:20:49 UTC (rev 5442)
+++ active/CVE-2017-1000365 2017-07-28 08:16:19 UTC (rev 5443)
@@ -10,5 +10,5 @@
3.2-upstream-stable: released (3.2.91) [cea299eb189fca09c413432b807abd607385b3bc]
sid: released (4.11.11-1)
4.9-stretch-security: pending (4.9.30-2+deb9u3) [bugfix/all/fs-exec.c-account-for-argv-envp-pointers.patch]
-3.16-jessie-security: needed
+3.16-jessie-security: pending (3.16.43-2+deb8u3) [bugfix/all/fs-exec.c-account-for-argv-envp-pointers.patch]
3.2-wheezy-security: needed
Modified: active/CVE-2017-10911
===================================================================
--- active/CVE-2017-10911 2017-07-28 04:20:49 UTC (rev 5442)
+++ active/CVE-2017-10911 2017-07-28 08:16:19 UTC (rev 5443)
@@ -9,5 +9,5 @@
3.2-upstream-stable: released (3.2.91) [cc21fe1ff77acfab555df5577ea46fc89932f3b2]
sid: released (4.11.11-1)
4.9-stretch-security: pending (4.9.30-2+deb9u3) [bugfix/all/xen-blkback-don-t-leak-stack-data-via-response-ring.patch]
-3.16-jessie-security: needed
+3.16-jessie-security: pending (3.16.43-2+deb8u3) [bugfix/all/xen-blkback-don-t-leak-stack-data-via-response-ring.patch]
3.2-wheezy-security: needed
Modified: active/CVE-2017-11176
===================================================================
--- active/CVE-2017-11176 2017-07-28 04:20:49 UTC (rev 5442)
+++ active/CVE-2017-11176 2017-07-28 08:16:19 UTC (rev 5443)
@@ -10,5 +10,5 @@
3.2-upstream-stable: needed
sid: released (4.11.11-1)
4.9-stretch-security: pending (4.9.30-2+deb9u3) [bugfix/all/mqueue-fix-a-use-after-free-in-sys_mq_notify.patch]
-3.16-jessie-security: needed
+3.16-jessie-security: pending (3.16.43-2+deb8u3) [bugfix/all/mqueue-fix-a-use-after-free-in-sys_mq_notify.patch]
3.2-wheezy-security: needed
Modified: active/CVE-2017-7542
===================================================================
--- active/CVE-2017-7542 2017-07-28 04:20:49 UTC (rev 5442)
+++ active/CVE-2017-7542 2017-07-28 08:16:19 UTC (rev 5443)
@@ -8,5 +8,5 @@
3.2-upstream-stable:
sid:
4.9-stretch-security: pending (4.9.30-2+deb9u3) [bugfix/all/ipv6-avoid-overflow-of-offset-in-ip6_find_1stfragopt.patch]
-3.16-jessie-security:
+3.16-jessie-security: pending (3.16.43-2+deb8u3) [bugfix/all/ipv6-avoid-overflow-of-offset-in-ip6_find_1stfragopt.patch]
3.2-wheezy-security:
Modified: active/CVE-2017-7889
===================================================================
--- active/CVE-2017-7889 2017-07-28 04:20:49 UTC (rev 5442)
+++ active/CVE-2017-7889 2017-07-28 08:16:19 UTC (rev 5443)
@@ -13,5 +13,5 @@
3.2-upstream-stable: released (3.2.91) [b8f254aa17f720053054c4ecff3920973a83b9d6]
sid: released (4.9.25-1)
4.9-stretch-security: N/A "Fixed before branching point"
-3.16-jessie-security: needed
+3.16-jessie-security: pending (3.16.43-2+deb8u3) [bugfix/x86/mm-Tighten-x86-dev-mem-with-zeroing-reads.patch b/debian/patches/bugfix/x86/mm-Tighten-x86-dev-mem-with-zeroing-reads.patch]
3.2-wheezy-security: needed
Modified: active/CVE-2017-9605
===================================================================
--- active/CVE-2017-9605 2017-07-28 04:20:49 UTC (rev 5442)
+++ active/CVE-2017-9605 2017-07-28 08:16:19 UTC (rev 5443)
@@ -10,5 +10,5 @@
3.2-upstream-stable: N/A "Vulnerable code not present"
sid: released (4.11.6-1)
4.9-stretch-security: pending (4.9.30-2+deb9u3) [bugfix/x86/drm-vmwgfx-Make-sure-backup_handle-is-always-valid.patch]
-3.16-jessie-security: needed
+3.16-jessie-security: pending (3.16.43-2+deb8u3) [bugfix/x86/drm-vmwgfx-Make-sure-backup_handle-is-always-valid.patch]
3.2-wheezy-security: N/A "Vulnerable code not present"
More information about the kernel-sec-discuss
mailing list