[kernel-sec-discuss] r5726 - active retired

Ben Hutchings benh at moszumanska.debian.org
Fri Nov 17 14:13:18 UTC 2017 

Author: benh
Date: 2017-11-17 14:13:18 +0000 (Fri, 17 Nov 2017)
New Revision: 5726

Added:
   active/CVE-2016-10208
Removed:
   retired/CVE-2016-10208
Log:
Bring CVE-2016-10208 out of retirement as it still affects 3.2

Copied: active/CVE-2016-10208 (from rev 5725, retired/CVE-2016-10208)
===================================================================
--- active/CVE-2016-10208	                        (rev 0)
+++ active/CVE-2016-10208	2017-11-17 14:13:18 UTC (rev 5726)
@@ -0,0 +1,18 @@
+Description: ext4 memory corruption
+References:
+ https://bugzilla.suse.com/show_bug.cgi?id=1023377
+ https://bugzilla.redhat.com/show_bug.cgi?id=1395190
+ http://www.spinics.net/lists/linux-ext4/msg54572.html
+Notes:
+ bwh> Initial upstream fix was too strict, causing a regression; see commit
+ bwh> 2ba3e6e8afc9 ("ext4: fix fencepost in s_first_meta_bg validation").
+ bwh> Bug was introduced in 3.6 by commit 952fc18ef9ec "ext4: fix overhead
+ bwh> calculation used by ext4_statfs()" but that was backported to 3.2.
+Bugs:
+upstream: released (4.10-rc1) [3a4b77cd47bb837b8557595ec7425f281f2ca1fe]
+4.9-upstream-stable: released (4.9.9) [13e6ef99d23b05807e7f8a72f45e3d8260b61570]
+3.16-upstream-stable: released (3.16.41) [cde863587b6809fdf61ea3c5391ecf06884b5516]
+3.2-upstream-stable: needed
+sid: released (4.9.10-1)
+3.16-jessie-security: released (3.16.43-1) [bugfix/all/ext4-validate-s_first_meta_bg-at-mount-time.patch]
+3.2-wheezy-security: needed

Deleted: retired/CVE-2016-10208
===================================================================
--- retired/CVE-2016-10208	2017-11-17 05:12:34 UTC (rev 5725)
+++ retired/CVE-2016-10208	2017-11-17 14:13:18 UTC (rev 5726)
@@ -1,16 +0,0 @@
-Description: ext4 memory corruption
-References:
- https://bugzilla.suse.com/show_bug.cgi?id=1023377
- https://bugzilla.redhat.com/show_bug.cgi?id=1395190
- http://www.spinics.net/lists/linux-ext4/msg54572.html
-Notes:
- bwh> Initial upstream fix was too strict, causing a regression; see commit
- bwh> 2ba3e6e8afc9 ("ext4: fix fencepost in s_first_meta_bg validation")
-Bugs:
-upstream: released (4.10-rc1) [3a4b77cd47bb837b8557595ec7425f281f2ca1fe]
-4.9-upstream-stable: released (4.9.9) [13e6ef99d23b05807e7f8a72f45e3d8260b61570]
-3.16-upstream-stable: released (3.16.41) [cde863587b6809fdf61ea3c5391ecf06884b5516]
-3.2-upstream-stable: N/A "Introduced in 3.6-rc1 with 952fc18ef9ec707ebdc16c0786ec360295e5ff15"
-sid: released (4.9.10-1)
-3.16-jessie-security: released (3.16.43-1) [bugfix/all/ext4-validate-s_first_meta_bg-at-mount-time.patch]
-3.2-wheezy-security: N/A "Introduced in 3.6-rc1 with 952fc18ef9ec707ebdc16c0786ec360295e5ff15"

More information about the kernel-sec-discuss mailing list