[kernel-sec-discuss] r5288 - active retired
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sun May 14 14:53:18 UTC 2017
Author: carnil
Date: 2017-05-14 14:53:18 +0000 (Sun, 14 May 2017)
New Revision: 5288
Added:
retired/CVE-2017-7477
Removed:
active/CVE-2017-7477
Log:
Retire CVE-2017-7477
Deleted: active/CVE-2017-7477
===================================================================
--- active/CVE-2017-7477 2017-05-14 14:52:32 UTC (rev 5287)
+++ active/CVE-2017-7477 2017-05-14 14:53:18 UTC (rev 5288)
@@ -1,16 +0,0 @@
-Description: net: Heap overflow in skb_to_sgvec in macsec.c
-References:
- http://www.openwall.com/lists/oss-security/2017/04/24/5
-Notes:
- nsl> 4.9.26 contains the first commit with 07389a140f
- nsl> didn't see the second commit. I assume its needed?
- carnil> both commits are needed to fix CVE-2017-7477
-Bugs:
- https://bugzilla.redhat.com/show_bug.cgi?id=1445207
-upstream: released (4.11) [4d6fa57b4dab0d77f4d8e9d9c73d1e63f6fe8fee, 5294b83086cc1c35b4efeca03644cf9d12282e5b]
-4.9-upstream-stable: released (4.9.28) [07389a140f48a3d5d223881bb01cef9f389e2844, 3b0129d4111e53927c2bc3c6b78a2b12ad71268b]
-3.16-upstream-stable: N/A "Introduced in 4.6-rc1"
-3.2-upstream-stable: N/A "Introduced in 4.6-rc1"
-sid: released (4.9.25-1) [bugfix/all/macsec-avoid-heap-overflow-in-skb_to_sgvec.patch]
-3.16-jessie-security: N/A "Introduced in 4.6-rc1"
-3.2-wheezy-security: N/A "Introduced in 4.6-rc1"
Copied: retired/CVE-2017-7477 (from rev 5287, active/CVE-2017-7477)
===================================================================
--- retired/CVE-2017-7477 (rev 0)
+++ retired/CVE-2017-7477 2017-05-14 14:53:18 UTC (rev 5288)
@@ -0,0 +1,16 @@
+Description: net: Heap overflow in skb_to_sgvec in macsec.c
+References:
+ http://www.openwall.com/lists/oss-security/2017/04/24/5
+Notes:
+ nsl> 4.9.26 contains the first commit with 07389a140f
+ nsl> didn't see the second commit. I assume its needed?
+ carnil> both commits are needed to fix CVE-2017-7477
+Bugs:
+ https://bugzilla.redhat.com/show_bug.cgi?id=1445207
+upstream: released (4.11) [4d6fa57b4dab0d77f4d8e9d9c73d1e63f6fe8fee, 5294b83086cc1c35b4efeca03644cf9d12282e5b]
+4.9-upstream-stable: released (4.9.28) [07389a140f48a3d5d223881bb01cef9f389e2844, 3b0129d4111e53927c2bc3c6b78a2b12ad71268b]
+3.16-upstream-stable: N/A "Introduced in 4.6-rc1"
+3.2-upstream-stable: N/A "Introduced in 4.6-rc1"
+sid: released (4.9.25-1) [bugfix/all/macsec-avoid-heap-overflow-in-skb_to_sgvec.patch]
+3.16-jessie-security: N/A "Introduced in 4.6-rc1"
+3.2-wheezy-security: N/A "Introduced in 4.6-rc1"
More information about the kernel-sec-discuss
mailing list