[kernel-sec-discuss] r5327 - active retired
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Wed May 31 19:20:32 UTC 2017
Author: carnil
Date: 2017-05-31 19:20:32 +0000 (Wed, 31 May 2017)
New Revision: 5327
Added:
retired/CVE-2015-9004
Removed:
active/CVE-2015-9004
Log:
Retire CVE-2015-9004
Note for reviewers: double-check all version tracking was done
correctly.
Deleted: active/CVE-2015-9004
===================================================================
--- active/CVE-2015-9004 2017-05-31 18:42:37 UTC (rev 5326)
+++ active/CVE-2015-9004 2017-05-31 19:20:32 UTC (rev 5327)
@@ -1,29 +0,0 @@
-Description: perf: Tighten (and fix) the grouping condition
-References:
- https://source.android.com/security/bulletin/2017-05-01
-Notes:
- carnil> According to upstream commit it should fix
- carnil> 9fc81d87420d ("perf: Fix events installation
- carnil> during moving group"), which is in 3.19-rc1.
- carnil> so might actually be not affecting any other
- carnil> release, but needs check
- nsl> 9fc81d87420d was backported to 3.16 in 3.16.35
- nsl> along with the fix. 3.16 was likely never
- nsl> vulnerable, but nonetheless has the fix.
- carnil> 9fc81d87420d backported to 3.16.7-ckt4
- carnil> c3c87e770458 backported to 3.16.7-ckt6
- carnil> the fix for 3.16 is as well in 3.16.35 thus
- canril> no release in 3.16-upstream-stable contained
- carnil> the vulnerability.
- carnil> So the issue was introduced and fixed in two
- carnil> different releases still while beeing maintained
- carnil> by the Ubuntu Kernel team and before "upstreamed"
- carnil> back.
-Bugs:
-upstream: released (3.19-rc7) [c3c87e770458aa004bd7ed3f29945ff436fd6511]
-4.9-upstream-stable: N/A "Fixed before branching point"
-3.16-upstream-stable: released (3.16.35) [08446eea4a583919b979915f4dec2fa94ac6186c]
-3.2-upstream-stable: N/A "Vulnerable code not present"
-sid: released (3.16.7-ckt7-1)
-3.16-jessie-security: N/A "Fixed before branching point for jessie"
-3.2-wheezy-security: N/A "Vulnerable code not present"
Copied: retired/CVE-2015-9004 (from rev 5326, active/CVE-2015-9004)
===================================================================
--- retired/CVE-2015-9004 (rev 0)
+++ retired/CVE-2015-9004 2017-05-31 19:20:32 UTC (rev 5327)
@@ -0,0 +1,29 @@
+Description: perf: Tighten (and fix) the grouping condition
+References:
+ https://source.android.com/security/bulletin/2017-05-01
+Notes:
+ carnil> According to upstream commit it should fix
+ carnil> 9fc81d87420d ("perf: Fix events installation
+ carnil> during moving group"), which is in 3.19-rc1.
+ carnil> so might actually be not affecting any other
+ carnil> release, but needs check
+ nsl> 9fc81d87420d was backported to 3.16 in 3.16.35
+ nsl> along with the fix. 3.16 was likely never
+ nsl> vulnerable, but nonetheless has the fix.
+ carnil> 9fc81d87420d backported to 3.16.7-ckt4
+ carnil> c3c87e770458 backported to 3.16.7-ckt6
+ carnil> the fix for 3.16 is as well in 3.16.35 thus
+ canril> no release in 3.16-upstream-stable contained
+ carnil> the vulnerability.
+ carnil> So the issue was introduced and fixed in two
+ carnil> different releases still while beeing maintained
+ carnil> by the Ubuntu Kernel team and before "upstreamed"
+ carnil> back.
+Bugs:
+upstream: released (3.19-rc7) [c3c87e770458aa004bd7ed3f29945ff436fd6511]
+4.9-upstream-stable: N/A "Fixed before branching point"
+3.16-upstream-stable: released (3.16.35) [08446eea4a583919b979915f4dec2fa94ac6186c]
+3.2-upstream-stable: N/A "Vulnerable code not present"
+sid: released (3.16.7-ckt7-1)
+3.16-jessie-security: N/A "Fixed before branching point for jessie"
+3.2-wheezy-security: N/A "Vulnerable code not present"
More information about the kernel-sec-discuss
mailing list