[kernel-sec-discuss] r5077 - active retired
Ben Hutchings
benh at moszumanska.debian.org
Tue Mar 14 14:41:30 UTC 2017
Author: benh
Date: 2017-03-14 14:41:30 +0000 (Tue, 14 Mar 2017)
New Revision: 5077
Added:
retired/CVE-2015-2877
Removed:
active/CVE-2015-2877
Modified:
active/CVE-2016-10200
active/CVE-2017-5967
Log:
Ignore CVE-2015-2877 for all branches, and retire it
Deleted: active/CVE-2015-2877
===================================================================
--- active/CVE-2015-2877 2017-03-14 14:29:39 UTC (rev 5076)
+++ active/CVE-2015-2877 2017-03-14 14:41:30 UTC (rev 5077)
@@ -1,13 +0,0 @@
-Description: Cross-VM ASL INtrospection (CAIN)
-References:
- https://www.usenix.org/conference/woot15/workshop-program/presentation/barresi
-Notes:
- bwh> Depends on KSM, which needs to be explicitly enabled at run-time
-Bugs:
-upstream: needed
-4.9-upstream-stable: needed
-3.16-upstream-stable: needed
-3.2-upstream-stable: needed
-sid: needed
-3.16-jessie-security: needed
-3.2-wheezy-security: needed
Modified: active/CVE-2016-10200
===================================================================
--- active/CVE-2016-10200 2017-03-14 14:29:39 UTC (rev 5076)
+++ active/CVE-2016-10200 2017-03-14 14:41:30 UTC (rev 5077)
@@ -8,4 +8,4 @@
3.2-upstream-stable: needed
sid: released (4.8.15-1)
3.16-jessie-security: pending (3.16.39-1+deb8u3) [bugfix/all/l2tp-fix-racy-sock_zapped-flag-check-in-l2tp_ip-6-_b.patch]
-3.2-wheezy-security: needed
+3.2-wheezy-security: pending (3.2.86-2) [bugfix/all/l2tp-fix-racy-sock_zapped-flag-check-in-l2tp_ip-6-_b.patch]
Modified: active/CVE-2017-5967
===================================================================
--- active/CVE-2017-5967 2017-03-14 14:29:39 UTC (rev 5076)
+++ active/CVE-2017-5967 2017-03-14 14:41:30 UTC (rev 5077)
@@ -14,4 +14,4 @@
3.2-upstream-stable: ignored "Upstream fix is not suitable for backporting"
sid: released (4.9.13-1) [debian/time-mark-timer_stats-as-broken.patch]
3.16-jessie-security: pending (3.16.39-1+deb8u3) [bugfix/all/timer-restrict-timer_stats-to-initial-pid-namespace.patch]
-3.2-wheezy-security: needed
+3.2-wheezy-security: pending (3.2.86-2) [bugfix/all/timer-restrict-timer_stats-to-initial-pid-namespace.patch]
Copied: retired/CVE-2015-2877 (from rev 5076, active/CVE-2015-2877)
===================================================================
--- retired/CVE-2015-2877 (rev 0)
+++ retired/CVE-2015-2877 2017-03-14 14:41:30 UTC (rev 5077)
@@ -0,0 +1,15 @@
+Description: Cross-VM ASL INtrospection (CAIN)
+References:
+ https://www.usenix.org/conference/woot15/workshop-program/presentation/barresi
+ http://www.antoniobarresi.com/files/cain_advisory.txt
+Notes:
+ bwh> Depends on KSM, which needs to be explicitly enabled at run-time.
+ bwh> It appears to be impractical to fix or mitigate this in KSM.
+Bugs:
+upstream: ignored "Intrinsic risk of KSM feature"
+4.9-upstream-stable: ignored "Intrinsic risk of KSM feature"
+3.16-upstream-stable: ignored "Intrinsic risk of KSM feature"
+3.2-upstream-stable: ignored "Intrinsic risk of KSM feature"
+sid: ignored "Intrinsic risk of KSM feature"
+3.16-jessie-security: ignored "Intrinsic risk of KSM feature"
+3.2-wheezy-security: ignored "Intrinsic risk of KSM feature"
More information about the kernel-sec-discuss
mailing list