[kernel-sec-discuss] r5385 - active
Ben Hutchings
benh at moszumanska.debian.org
Mon Jun 26 16:19:51 UTC 2017
Author: benh
Date: 2017-06-26 16:19:51 +0000 (Mon, 26 Jun 2017)
New Revision: 5385
Modified:
active/CVE-2017-7482
active/CVE-2017-7518
Log:
Fill in status for two issues
Modified: active/CVE-2017-7482
===================================================================
--- active/CVE-2017-7482 2017-06-26 04:10:36 UTC (rev 5384)
+++ active/CVE-2017-7482 2017-06-26 16:19:51 UTC (rev 5385)
@@ -1,12 +1,15 @@
Description: rxrpc: Fix several cases where a padded len isn't checked in ticket decode
References:
Notes:
+ bwh> Introduced by commits 339412841d76 "RxRPC: Allow key payloads to be
+ bwh> passed in XDR form" and 99455153d067 "RxRPC: Parse security index 5 keys
+ bwh> (Kerberos 5)".
Bugs:
upstream: released (4.12-rc7) [5f2f97656ada8d811d3c1bef503ced266fcd53a0]
-4.9-upstream-stable:
-3.16-upstream-stable:
-3.2-upstream-stable:
-sid:
-4.9-stretch-security:
-3.16-jessie-security:
-3.2-wheezy-security:
+4.9-upstream-stable: needed
+3.16-upstream-stable: needed
+3.2-upstream-stable: needed
+sid: needed
+4.9-stretch-security: needed
+3.16-jessie-security: needed
+3.2-wheezy-security: needed
Modified: active/CVE-2017-7518
===================================================================
--- active/CVE-2017-7518 2017-06-26 04:10:36 UTC (rev 5384)
+++ active/CVE-2017-7518 2017-06-26 16:19:51 UTC (rev 5385)
@@ -3,13 +3,15 @@
http://www.openwall.com/lists/oss-security/2017/06/23/5
https://www.spinics.net/lists/kvm/msg151817.html (upstream patch)
Notes:
+ bwh> Introduced by commit 663f4c61b803 "KVM: x86: handle singlestep during
+ bwh> emulation".
Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1464473
upstream: released (4.12-rc7) [c8401dda2f0a00cd25c0af6a95ed50e478d25de4]
-4.9-upstream-stable:
-3.16-upstream-stable:
-3.2-upstream-stable:
-sid:
-4.9-stretch-security:
-3.16-jessie-security:
-3.2-wheezy-security:
+4.9-upstream-stable: needed
+3.16-upstream-stable: needed
+3.2-upstream-stable: N/A "Vulnerable code not present"
+sid: needed
+4.9-stretch-security: needed
+3.16-jessie-security: needed
+3.2-wheezy-security: N/A "Vulnerable code not present"
More information about the kernel-sec-discuss
mailing list