[kernel-sec-discuss] r5722 - active

Ben Hutchings benh at moszumanska.debian.org
Thu Nov 16 18:01:11 UTC 2017 

Author: benh
Date: 2017-11-16 18:01:10 +0000 (Thu, 16 Nov 2017)
New Revision: 5722

Modified:
   active/CVE-2017-16536
   active/CVE-2017-16537
   active/CVE-2017-16646
   active/CVE-2017-16647
   active/CVE-2017-16648
   active/CVE-2017-16649
   active/CVE-2017-16650
Log:
Mark issues pending/released upstream

Modified: active/CVE-2017-16536
===================================================================
--- active/CVE-2017-16536	2017-11-16 17:50:26 UTC (rev 5721)
+++ active/CVE-2017-16536	2017-11-16 18:01:10 UTC (rev 5722)
@@ -5,7 +5,7 @@
  bwh> Introduced in 2.6.30 by commit e0d3bafd0258 "V4L/DVB (10954): Add
  bwh> cx231xx USB driver"
 Bugs:
-upstream: needed
+upstream: pending (4.15-rc1) [6c3b047fa2d2286d5e438bcb470c7b1a49f415f6]
 4.9-upstream-stable: needed
 3.16-upstream-stable: needed
 3.2-upstream-stable: needed

Modified: active/CVE-2017-16537
===================================================================
--- active/CVE-2017-16537	2017-11-16 17:50:26 UTC (rev 5721)
+++ active/CVE-2017-16537	2017-11-16 18:01:10 UTC (rev 5722)
@@ -5,7 +5,7 @@
  bwh> Introduced in 2.6.35 by commit 21677cfc562a "V4L/DVB: ir-core: add imon
  bwh> driver"
 Bugs:
-upstream: needed
+upstream: pending (4.15-rc1) [58fd55e838276a0c13d1dc7c387f90f25063cbf3]
 4.9-upstream-stable: needed
 3.16-upstream-stable: needed
 3.2-upstream-stable: needed

Modified: active/CVE-2017-16646
===================================================================
--- active/CVE-2017-16646	2017-11-16 17:50:26 UTC (rev 5721)
+++ active/CVE-2017-16646	2017-11-16 18:01:10 UTC (rev 5722)
@@ -5,7 +5,7 @@
  bwh> Introduced in 3.17 by commit 8abe4a0a3f6d "[media] dib7000: export just
  bwh> one symbol".
 Bugs:
-upstream: needed
+upstream: pending (4.15-rc1) [eb0c19942288569e0ae492476534d5a485fb8ab4]
 4.9-upstream-stable: needed
 3.16-upstream-stable: N/A "Vulnerable code not present"
 3.2-upstream-stable: N/A "Vulnerable code not present"

Modified: active/CVE-2017-16647
===================================================================
--- active/CVE-2017-16647	2017-11-16 17:50:26 UTC (rev 5721)
+++ active/CVE-2017-16647	2017-11-16 18:01:10 UTC (rev 5722)
@@ -4,7 +4,7 @@
 Notes:
  bwh> Introduced in 4.9 by commit d9fe64e51114 "net: asix: Add in_pm parameter".
 Bugs:
-upstream: needed
+upstream: pending (4.15-rc1) [8f5624629105589bcc23d0e51cc01bd8103d09a5]
 4.9-upstream-stable: needed
 3.16-upstream-stable: N/A "Vulnerable code not present"
 3.2-upstream-stable: N/A "Vulnerable code not present"

Modified: active/CVE-2017-16648
===================================================================
--- active/CVE-2017-16648	2017-11-16 17:50:26 UTC (rev 5721)
+++ active/CVE-2017-16648	2017-11-16 18:01:10 UTC (rev 5722)
@@ -3,9 +3,11 @@
  https://patchwork.kernel.org/patch/10046189/
 Notes:
  bwh> Introduced in 4.14-rc6 by commit ead666000a5f "media: dvb_frontend:
- bwh> only use kref after initialized".
+ bwh> only use kref after initialized".  Upstream fix probably depends on
+ bwh> commit 62229de19ff2 "media: dvb-core: always call invoke_release() in
+ bwh> fe_free()".
 Bugs:
-upstream: needed
+upstream: pending (4.15-rc1) [b1cb7372fa822af6c06c8045963571d13ad6348b]
 4.9-upstream-stable: N/A "Vulnerable code not present"
 3.16-upstream-stable: N/A "Vulnerable code not present"
 3.2-upstream-stable: N/A "Vulnerable code not present"

Modified: active/CVE-2017-16649
===================================================================
--- active/CVE-2017-16649	2017-11-16 17:50:26 UTC (rev 5721)
+++ active/CVE-2017-16649	2017-11-16 18:01:10 UTC (rev 5722)
@@ -5,7 +5,7 @@
  bwh> Probably introduced in 2.6.19 by commit a99c19492a80 "USB: usbnet - Add
  bwh> unlink_rx_urbs() call to allow for Jumbo Frames".
 Bugs:
-upstream: needed
+upstream: released (4.14) [2cb80187ba065d7decad7c6614e35e07aec8a974]
 4.9-upstream-stable: needed
 3.16-upstream-stable: needed
 3.2-upstream-stable: needed

Modified: active/CVE-2017-16650
===================================================================
--- active/CVE-2017-16650	2017-11-16 17:50:26 UTC (rev 5721)
+++ active/CVE-2017-16650	2017-11-16 18:01:10 UTC (rev 5722)
@@ -5,7 +5,7 @@
  bwh> Introduced in 3.4 by commit 423ce8caab7e "net: usb: qmi_wwan: New driver
  bwh> for Huawei QMI based WWAN devices".
 Bugs:
-upstream: needed
+upstream: released (4.14) [7fd078337201cf7468f53c3d9ef81ff78cb6df3b]
 4.9-upstream-stable: needed
 3.16-upstream-stable: needed
 3.2-upstream-stable: N/A "Vulnerable code not present"

More information about the kernel-sec-discuss mailing list