[kernel-sec-discuss] r5257 - active

Salvatore Bonaccorso carnil at moszumanska.debian.org
Tue May 2 18:29:58 UTC 2017


Author: carnil
Date: 2017-05-02 18:29:58 +0000 (Tue, 02 May 2017)
New Revision: 5257

Modified:
   active/CVE-2015-9004
Log:
Update notes for CVE-2015-9004, add more information

Modified: active/CVE-2015-9004
===================================================================
--- active/CVE-2015-9004	2017-05-02 17:59:40 UTC (rev 5256)
+++ active/CVE-2015-9004	2017-05-02 18:29:58 UTC (rev 5257)
@@ -10,11 +10,20 @@
  nsl> 9fc81d87420d was backported to 3.16 in 3.16.35
  nsl> along with the fix. 3.16 was likely never 
  nsl> vulnerable, but nonetheless has the fix.
+ carnil> 9fc81d87420d backported to 3.16.7-ckt4
+ carnil> c3c87e770458 backported to 3.16.7-ckt6
+ carnil> the fix for 3.16 is as well in 3.16.35 thus
+ canril> no release in 3.16-upstream-stable contained
+ carnil> the vulnerability.
+ carnil> So the issue was introduced and fixed in two
+ carnil> different releases still while beeing maintained
+ carnil> by the Ubuntu Kernel team and before "upstreamed"
+ carnil> back.
 Bugs:
 upstream: released (3.19-rc7) [c3c87e770458aa004bd7ed3f29945ff436fd6511]
 4.9-upstream-stable: N/A "Fixed before branching point"
-3.16-upstream-stable: released (3.16.35) [08446eea4a583919b979915f4dec2fa94ac6186c]
-3.2-upstream-stable:
-sid: 
-3.16-jessie-security: 
-3.2-wheezy-security:
+3.16-upstream-stable: released (3.16.7-ckt6) [08446eea4a583919b979915f4dec2fa94ac6186c]
+3.2-upstream-stable: N/A "Vulnerable code not present"
+sid: released (3.16.7-ckt7-1)
+3.16-jessie-security: N/A "Fixed before branching point for jessie"
+3.2-wheezy-security: N/A "Vulnerable code not present"




More information about the kernel-sec-discuss mailing list