[kernel-sec-discuss] r5066 - active
Ben Hutchings
benh at moszumanska.debian.org
Fri Mar 10 11:42:30 UTC 2017
Author: benh
Date: 2017-03-10 11:42:30 +0000 (Fri, 10 Mar 2017)
New Revision: 5066
Modified:
active/CVE-2016-2188
Log:
Add new proposed fix for CVE-2016-2188
Modified: active/CVE-2016-2188
===================================================================
--- active/CVE-2016-2188 2017-03-08 16:55:51 UTC (rev 5065)
+++ active/CVE-2016-2188 2017-03-10 11:42:30 UTC (rev 5066)
@@ -5,11 +5,14 @@
http://seclists.org/bugtraq/2016/Mar/87
http://marc.info/?l=linux-usb&m=145796659429788&w=2
https://git.kernel.org/linus/4ec0ef3a82125efc36173062a50624550a900ae0
+ https://marc.info/?l=linux-usb&m=148890022313747
Notes:
bwh> Upstream fix (commit listed above) handles the case where there
bwh> are zero endpoints, but not the case where there are some
bwh> endpoints but none of the expected type. So this is not really
bwh> fixed anywhere yet.
+ bwh> A second proposed fix was posted in March 2017 (second linux-usb
+ bwh> message linked above).
Bugs:
upstream: needed
4.9-upstream-stable: needed
More information about the kernel-sec-discuss
mailing list