[kernel-sec-discuss] r5623 - active
Ben Hutchings
benh at moszumanska.debian.org
Sun Oct 8 16:11:20 UTC 2017
Author: benh
Date: 2017-10-08 16:11:20 +0000 (Sun, 08 Oct 2017)
New Revision: 5623
Modified:
active/CVE-2017-14991
Log:
Fill in status of CVE-2017-14991
Modified: active/CVE-2017-14991
===================================================================
--- active/CVE-2017-14991 2017-10-08 15:29:25 UTC (rev 5622)
+++ active/CVE-2017-14991 2017-10-08 16:11:20 UTC (rev 5623)
@@ -1,12 +1,15 @@
Description: scsi: sg: fixup infoleak when using SG_GET_REQUEST_TABLE
References:
Notes:
+ bwh> Introduced in 4.12-rc1 by commit 109bade9c62 "scsi: sg: use standard
+ bwh> lists for sg_requests". This was backported to some stable branches,
+ bwh> but I'm not sure why. We might want to take both commits.
Bugs:
upstream: released (4.14-rc2) [3e0097499839e0fe3af380410eababe5a47c4cf9]
4.9-upstream-stable: released (4.9.53) [90cb12f6dc5ac45c51082721ec5bbe18850cf80f]
-3.16-upstream-stable:
-3.2-upstream-stable:
+3.16-upstream-stable: N/A "Vulnerable code introduced later"
+3.2-upstream-stable: N/A "Vulnerable code introduced later"
sid: released (4.13.4-1)
-4.9-stretch-security: needed
-3.16-jessie-security:
-3.2-wheezy-security:
+4.9-stretch-security: N/A "Vulnerable code introduced later"
+3.16-jessie-security: N/A "Vulnerable code introduced later"
+3.2-wheezy-security: N/A "Vulnerable code introduced later"
More information about the kernel-sec-discuss
mailing list