[kernel-sec-discuss] r5699 - active

Ben Hutchings benh at moszumanska.debian.org
Sun Nov 5 21:04:47 UTC 2017 

Author: benh
Date: 2017-11-05 21:04:47 +0000 (Sun, 05 Nov 2017)
New Revision: 5699

Modified:
   active/CVE-2017-0786
   active/CVE-2017-12190
   active/CVE-2017-12192
   active/CVE-2017-12193
   active/CVE-2017-13080
   active/CVE-2017-15265
   active/CVE-2017-15299
   active/CVE-2017-15649
   active/CVE-2017-16527
   active/CVE-2017-16529
   active/CVE-2017-16530
   active/CVE-2017-16531
   active/CVE-2017-16532
   active/CVE-2017-16533
   active/CVE-2017-16535
Log:
Mark issues pending for {3.2,3.16}-upstream-stable

Modified: active/CVE-2017-0786
===================================================================
--- active/CVE-2017-0786	2017-11-05 17:54:49 UTC (rev 5698)
+++ active/CVE-2017-0786	2017-11-05 21:04:47 UTC (rev 5699)
@@ -6,7 +6,7 @@
 Bugs:
 upstream: released (4.14-rc4) [17df6453d4be17910456e99c5a85025aa1b7a246]
 4.9-upstream-stable: released (4.9.55) [4d3132d97aa753104ee35722352a895750a0fca5]
-3.16-upstream-stable: needed
+3.16-upstream-stable: pending (3.16.50) [brcmfmac-add-length-check-in-brcmf_cfg80211_escan_handler.patch]
 3.2-upstream-stable: N/A "Vulnerable code not present"
 sid: released (4.13.4-2) [bugfix/all/brcmfmac-add-length-check-in-brcmf_cfg80211_escan_ha.patch]
 4.9-stretch-security: needed

Modified: active/CVE-2017-12190
===================================================================
--- active/CVE-2017-12190	2017-11-05 17:54:49 UTC (rev 5698)
+++ active/CVE-2017-12190	2017-11-05 21:04:47 UTC (rev 5699)
@@ -12,8 +12,8 @@
  https://bugzilla.redhat.com/show_bug.cgi?id=1495089
 upstream: released (4.14-rc5) [95d78c28b5a85bacbc29b8dba7c04babb9b0d467]
 4.9-upstream-stable: released (4.9.57) [5444d8ab9a1406af9f1bc2f00c26838637542480]
-3.16-upstream-stable: needed
-3.2-upstream-stable: needed
+3.16-upstream-stable: pending (3.16.50) [fix-unbalanced-page-refcounting-in-bio_map_user_iov.patch]
+3.2-upstream-stable: pending (3.2.95) [fix-unbalanced-page-refcounting-in-bio_map_user_iov.patch]
 sid: released (4.13.10-1)
 4.9-stretch-security: needed
 3.16-jessie-security: needed

Modified: active/CVE-2017-12192
===================================================================
--- active/CVE-2017-12192	2017-11-05 17:54:49 UTC (rev 5698)
+++ active/CVE-2017-12192	2017-11-05 21:04:47 UTC (rev 5699)
@@ -5,7 +5,7 @@
 Bugs:
 upstream: released (4.14-rc3) [37863c43b2c6464f252862bf2e9768264e961678]
 4.9-upstream-stable: released (4.9.53) [dda70d28c0ac191f128bfd3acfd800667ed86bdf]
-3.16-upstream-stable: needed
+3.16-upstream-stable: pending (3.16.50) [keys-prevent-keyctl_read-on-negative-key.patch]
 3.2-upstream-stable: N/A "Vulnerable code introduced later in 3.13-rc1"
 sid: released (4.13.4-2) [bugfix/all/KEYS-prevent-KEYCTL_READ-on-negative-key.patch]
 4.9-stretch-security: needed

Modified: active/CVE-2017-12193
===================================================================
--- active/CVE-2017-12193	2017-11-05 17:54:49 UTC (rev 5698)
+++ active/CVE-2017-12193	2017-11-05 21:04:47 UTC (rev 5699)
@@ -4,7 +4,7 @@
 Bugs:
 upstream: released (4.14-rc7) [ea6789980fdaa610d7eb63602c746bf6ec70cd2b]
 4.9-upstream-stable: released (4.9.60) [67bcc5e530d55e646b7324038c926c2bde735a7e]
-3.16-upstream-stable: needed
+3.16-upstream-stable: pending (3.16.50) [assoc_array-fix-a-buggy-node-splitting-case.patch]
 3.2-upstream-stable: N/A "Introduced in 3.13-rc1 with 3cb989501c2688cacbb7dc4b0d353faf838f53a1"
 sid: pending (4.13.11-1)
 4.9-stretch-security: needed

Modified: active/CVE-2017-13080
===================================================================
--- active/CVE-2017-13080	2017-11-05 17:54:49 UTC (rev 5698)
+++ active/CVE-2017-13080	2017-11-05 21:04:47 UTC (rev 5699)
@@ -8,8 +8,8 @@
 Bugs:
 upstream: released (4.14-rc6) [fdf7cb4185b60c68e1a75e61691c4afdc15dea0e]
 4.9-upstream-stable: needed
-3.16-upstream-stable: needed
-3.2-upstream-stable: needed
+3.16-upstream-stable: pending (3.16.50) [mac80211-accept-key-reinstall-without-changing-anything.patch]
+3.2-upstream-stable: pending (3.2.95) [mac80211-accept-key-reinstall-without-changing-anything.patch]
 sid: needed
 4.9-stretch-security: needed
 3.16-jessie-security: needed

Modified: active/CVE-2017-15265
===================================================================
--- active/CVE-2017-15265	2017-11-05 17:54:49 UTC (rev 5698)
+++ active/CVE-2017-15265	2017-11-05 21:04:47 UTC (rev 5699)
@@ -11,8 +11,8 @@
 Bugs:
 upstream: released (4.14-rc5) [71105998845fb012937332fe2e806d443c09e026]
 4.9-upstream-stable: released (4.9.57) [35b84860667ff081eee56b62f3db2a28ca8a3823]
-3.16-upstream-stable: needed
-3.2-upstream-stable: needed
+3.16-upstream-stable: pending (3.16.50) [alsa-seq-fix-use-after-free-at-creating-a-port.patch]
+3.2-upstream-stable: pending (3.2.95) [alsa-seq-fix-use-after-free-at-creating-a-port.patch]
 sid: released (4.13.4-2) [bugfix/all/ALSA-seq-Fix-use-after-free-at-creating-a-port.patch]
 4.9-stretch-security: needed
 3.16-jessie-security: needed

Modified: active/CVE-2017-15299
===================================================================
--- active/CVE-2017-15299	2017-11-05 17:54:49 UTC (rev 5698)
+++ active/CVE-2017-15299	2017-11-05 21:04:47 UTC (rev 5699)
@@ -15,8 +15,8 @@
 Bugs:
 upstream: released (4.14-rc6) [60ff5b2f547af3828aebafd54daded44cfb0807a]
 4.9-upstream-stable: released (4.9.59) [da0c7503c0b886784bf8bcb279c7d71c1e50c438]
-3.16-upstream-stable: needed
-3.2-upstream-stable: needed
+3.16-upstream-stable: pending (3.16.50) [keys-don-t-let-add_key-update-an-uninstantiated-key.patch]
+3.2-upstream-stable: pending (3.2.95) [keys-don-t-let-add_key-update-an-uninstantiated-key.patch]
 sid: released (4.13.10-1)
 4.9-stretch-security: needed
 3.16-jessie-security: needed

Modified: active/CVE-2017-15649
===================================================================
--- active/CVE-2017-15649	2017-11-05 17:54:49 UTC (rev 5698)
+++ active/CVE-2017-15649	2017-11-05 21:04:47 UTC (rev 5699)
@@ -6,8 +6,8 @@
 Bugs:
 upstream: released (4.14-rc2) [008ba2a13f2d04c947adc536d19debb8fe66f110], (4.14-rc4) [4971613c1639d8e5f102c4e797c3bf8f83a5a69e]
 4.9-upstream-stable: released (4.9.55) [6f7cdd4aa0a45f21edf6cb31236cd9d10c0d7992, 0f22167d3321a028c0b6edc2d5b2ab0e37a2ac53]
-3.16-upstream-stable: needed
-3.2-upstream-stable: needed
+3.16-upstream-stable: pending (3.16.50) [packet-hold-bind-lock-when-rebinding-to-fanout-hook.patch, packet-in-packet_do_bind-test-fanout-with-bind_lock-held.patch]
+3.2-upstream-stable: pending (3.2.95) [packet-hold-bind-lock-when-rebinding-to-fanout-hook.patch, packet-in-packet_do_bind-test-fanout-with-bind_lock-held.patch]
 sid: released (4.13.10-1)
 4.9-stretch-security: needed
 3.16-jessie-security: needed

Modified: active/CVE-2017-16527
===================================================================
--- active/CVE-2017-16527	2017-11-05 17:54:49 UTC (rev 5698)
+++ active/CVE-2017-16527	2017-11-05 21:04:47 UTC (rev 5699)
@@ -6,8 +6,8 @@
 Bugs:
 upstream: released (4.14-rc5) [124751d5e63c823092060074bd0abaae61aaa9c4]
 4.9-upstream-stable: released (4.9.57) [e0c70289a1e334a60b54b54688f18e2ee38396a9]
-3.16-upstream-stable: needed
-3.2-upstream-stable: needed
+3.16-upstream-stable: pending (3.16.50) [alsa-usb-audio-kill-stray-urb-at-exiting.patch]
+3.2-upstream-stable: pending (3.2.95) [alsa-usb-audio-kill-stray-urb-at-exiting.patch]
 sid: released (4.13.10-1)
 4.9-stretch-security: needed
 3.16-jessie-security: needed

Modified: active/CVE-2017-16529
===================================================================
--- active/CVE-2017-16529	2017-11-05 17:54:49 UTC (rev 5698)
+++ active/CVE-2017-16529	2017-11-05 21:04:47 UTC (rev 5699)
@@ -6,8 +6,8 @@
 Bugs:
 upstream: released (4.14-rc4) [bfc81a8bc18e3c4ba0cbaa7666ff76be2f998991]
 4.9-upstream-stable: released (4.9.55) [37b6d898388e78d92a13a8ab50c960d507c968d1]
-3.16-upstream-stable: needed
-3.2-upstream-stable: needed
+3.16-upstream-stable: pending (3.16.50) [alsa-usb-audio-check-out-of-bounds-access-by-corrupted-buffer.patch]
+3.2-upstream-stable: pending (3.2.95) [alsa-usb-audio-check-out-of-bounds-access-by-corrupted-buffer.patch]
 sid: released (4.13.10-1)
 4.9-stretch-security: needed
 3.16-jessie-security: needed

Modified: active/CVE-2017-16530
===================================================================
--- active/CVE-2017-16530	2017-11-05 17:54:49 UTC (rev 5698)
+++ active/CVE-2017-16530	2017-11-05 21:04:47 UTC (rev 5699)
@@ -6,7 +6,7 @@
 Bugs:
 upstream: released (4.14-rc4) [786de92b3cb26012d3d0f00ee37adf14527f35c4]
 4.9-upstream-stable: released (4.9.55) [d77606e93d819ad4b8f57511ff61a629ced49750]
-3.16-upstream-stable: needed
+3.16-upstream-stable: pending (3.16.50) [usb-uas-fix-bug-in-handling-of-alternate-settings.patch]
 3.2-upstream-stable: N/A "Vulnerable code not present"
 sid: released (4.13.10-1)
 4.9-stretch-security: needed

Modified: active/CVE-2017-16531
===================================================================
--- active/CVE-2017-16531	2017-11-05 17:54:49 UTC (rev 5698)
+++ active/CVE-2017-16531	2017-11-05 21:04:47 UTC (rev 5699)
@@ -6,8 +6,8 @@
 Bugs:
 upstream: released (4.14-rc4) [bd7a3fe770ebd8391d1c7d072ff88e9e76d063eb]
 4.9-upstream-stable: released (4.9.55) [a6d4ce2e8b653ff7facde0d0051663fa4cf57b78]
-3.16-upstream-stable: needed
-3.2-upstream-stable: needed
+3.16-upstream-stable: pending (3.16.50) [usb-fix-out-of-bounds-in-usb_set_configuration.patch]
+3.2-upstream-stable: pending (3.2.95) [usb-fix-out-of-bounds-in-usb_set_configuration.patch]
 sid: released (4.13.10-1)
 4.9-stretch-security: needed
 3.16-jessie-security: needed

Modified: active/CVE-2017-16532
===================================================================
--- active/CVE-2017-16532	2017-11-05 17:54:49 UTC (rev 5698)
+++ active/CVE-2017-16532	2017-11-05 21:04:47 UTC (rev 5699)
@@ -5,8 +5,8 @@
 Bugs:
 upstream: released (4.14-rc5) [7c80f9e4a588f1925b07134bb2e3689335f6c6d8]
 4.9-upstream-stable: needed
-3.16-upstream-stable: needed
-3.2-upstream-stable: needed
+3.16-upstream-stable: pending (3.16.50) [usb-usbtest-fix-null-pointer-dereference.patch]
+3.2-upstream-stable: pending (3.2.95) [usb-usbtest-fix-null-pointer-dereference.patch]
 sid: needed
 4.9-stretch-security: needed
 3.16-jessie-security: needed

Modified: active/CVE-2017-16533
===================================================================
--- active/CVE-2017-16533	2017-11-05 17:54:49 UTC (rev 5698)
+++ active/CVE-2017-16533	2017-11-05 21:04:47 UTC (rev 5699)
@@ -5,8 +5,8 @@
 Bugs:
 upstream: released (4.14-rc5) [f043bfc98c193c284e2cd768fefabe18ac2fed9b]
 4.9-upstream-stable: released (4.9.57) [57265cddde308292af881ce634a5378dd4e25900]
-3.16-upstream-stable: needed
-3.2-upstream-stable: needed
+3.16-upstream-stable: pending (3.16.50) [hid-usbhid-fix-out-of-bounds-bug.patch]
+3.2-upstream-stable: pending (3.2.95) [hid-usbhid-fix-out-of-bounds-bug.patch]
 sid: released (4.13.10-1)
 4.9-stretch-security: needed
 3.16-jessie-security: needed

Modified: active/CVE-2017-16535
===================================================================
--- active/CVE-2017-16535	2017-11-05 17:54:49 UTC (rev 5698)
+++ active/CVE-2017-16535	2017-11-05 21:04:47 UTC (rev 5699)
@@ -5,8 +5,8 @@
 Bugs:
 upstream: released (4.14-c6) [1c0edc3633b56000e18d82fc241e3995ca18a69e]
 4.9-upstream-stable: released (4.9.59) [9d13d3e05be29056eeab610d9ad26b04c9231a04]
-3.16-upstream-stable: needed
-3.2-upstream-stable: needed
+3.16-upstream-stable: pending (3.16.50) [usb-core-fix-out-of-bounds-access-bug-in-usb_get_bos_descriptor.patch]
+3.2-upstream-stable: pending (3.2.95) [usb-core-fix-out-of-bounds-access-bug-in-usb_get_bos_descriptor.patch]
 sid: released (4.13.10-1)
 4.9-stretch-security: needed
 3.16-jessie-security: needed

More information about the kernel-sec-discuss mailing list