[kernel-sec-discuss] r5624 - active

Ben Hutchings benh at moszumanska.debian.org
Sun Oct 8 16:14:06 UTC 2017 

Author: benh
Date: 2017-10-08 16:14:06 +0000 (Sun, 08 Oct 2017)
New Revision: 5624

Modified:
   active/CVE-2017-1000251
   active/CVE-2017-12153
   active/CVE-2017-12154
   active/CVE-2017-14156
   active/CVE-2017-14340
   active/CVE-2017-14489
   active/CVE-2017-8831
Log:
Mark issues pending in 3.{2,16}-upstream-stable

Modified: active/CVE-2017-1000251
===================================================================
--- active/CVE-2017-1000251	2017-10-08 16:11:20 UTC (rev 5623)
+++ active/CVE-2017-1000251	2017-10-08 16:14:06 UTC (rev 5624)
@@ -9,8 +9,8 @@
 Bugs:
 upstream: released (4.14-rc1) [e860d2c904d1a9f38a24eb44c9f34b8f915a6ea3]
 4.9-upstream-stable: released (4.9.50) [6300c8bfafe032187f3cbaa43dbf7d306650c5ed]
-3.16-upstream-stable: needed
-3.2-upstream-stable: needed
+3.16-upstream-stable: pending (3.16.49) [bluetooth-properly-check-l2cap-config-option-output-buffer-length.patch]
+3.2-upstream-stable: pending (3.2.94) [bluetooth-properly-check-l2cap-config-option-output-buffer-length.patch]
 sid: released (4.12.13-1)
 4.9-stretch-security: released (4.9.30-2+deb9u4) [bugfix/all/bluetooth-properly-check-l2cap-config-option-output-.patch]
 3.16-jessie-security: released (3.16.43-2+deb8u4) [bugfix/all/bluetooth-properly-check-l2cap-config-option-output-.patch]

Modified: active/CVE-2017-12153
===================================================================
--- active/CVE-2017-12153	2017-10-08 16:11:20 UTC (rev 5623)
+++ active/CVE-2017-12153	2017-10-08 16:14:06 UTC (rev 5624)
@@ -8,8 +8,8 @@
 Bugs:
 upstream: released (4.14-rc2) [e785fa0a164aa11001cba931367c7f94ffaff888]
 4.9-upstream-stable: released (4.9.53) [c820441a7a52e3626aede8df94069a50a9e4efdb]
-3.16-upstream-stable: needed
-3.2-upstream-stable: needed
+3.16-upstream-stable: pending (3.16.49) [nl80211-check-for-the-required-netlink-attributes-presence.patch]
+3.2-upstream-stable: pending (3.2.94) [nl80211-check-for-the-required-netlink-attributes-presence.patch]
 sid: released (4.12.13-1) [bugfix/all/nl80211-check-for-the-required-netlink-attributes-presence.patch]
 4.9-stretch-security: released (4.9.30-2+deb9u4) [bugfix/all/nl80211-check-for-the-required-netlink-attributes-presence.patch]
 3.16-jessie-security: released (3.16.43-2+deb8u4) [bugfix/all/nl80211-check-for-the-required-netlink-attributes-presence.patch]

Modified: active/CVE-2017-12154
===================================================================
--- active/CVE-2017-12154	2017-10-08 16:11:20 UTC (rev 5623)
+++ active/CVE-2017-12154	2017-10-08 16:14:06 UTC (rev 5624)
@@ -8,8 +8,8 @@
  https://bugzilla.redhat.com/show_bug.cgi?id=1491224
 upstream: released (4.14-rc1) [51aa68e7d57e3217192d88ce90fd5b8ef29ec94f]
 4.9-upstream-stable: released (4.9.53) [86ef97b2dfd504fbc65f6b244a422db0c1b15797]
-3.16-upstream-stable: needed
-3.2-upstream-stable: needed
+3.16-upstream-stable: pending (3.16.49) [kvm-nvmx-don-t-allow-l2-to-access-the-hardware-cr8.patch]
+3.2-upstream-stable: pending (3.2.94) [kvm-nvmx-don-t-allow-l2-to-access-the-hardware-cr8.patch]
 sid: released (4.12.13-1) [bugfix/x86/kvm-nvmx-don-t-allow-l2-to-access-the-hardware-cr8.patch]
 4.9-stretch-security: released (4.9.30-2+deb9u4) [bugfix/x86/kvm-nvmx-don-t-allow-l2-to-access-the-hardware-cr8.patch]
 3.16-jessie-security: released (3.16.43-2+deb8u4) [bugfix/x86/kvm-nvmx-don-t-allow-l2-to-access-the-hardware-cr8.patch]

Modified: active/CVE-2017-14156
===================================================================
--- active/CVE-2017-14156	2017-10-08 16:11:20 UTC (rev 5623)
+++ active/CVE-2017-14156	2017-10-08 16:14:06 UTC (rev 5624)
@@ -7,8 +7,8 @@
 Bugs:
 upstream: released (4.14-rc1) [8e75f7a7a00461ef6d91797a60b606367f6e344d]
 4.9-upstream-stable: released (4.9.53) [64afde6f956dfcb719e329a9d2098b53e68d2755]
-3.16-upstream-stable: needed
-3.2-upstream-stable: needed
+3.16-upstream-stable: pending (3.16.49) [video-fbdev-aty-do-not-leak-uninitialized-padding-in-clk-to.patch]
+3.2-upstream-stable: pending (3.2.94) [video-fbdev-aty-do-not-leak-uninitialized-padding-in-clk-to.patch]
 sid: released (4.12.13-1) [bugfix/all/video-fbdev-aty-do-not-leak-uninitialized-padding-in.patch]
 4.9-stretch-security: released (4.9.30-2+deb9u4) [bugfix/all/video-fbdev-aty-do-not-leak-uninitialized-padding-in.patch]
 3.16-jessie-security: released (3.16.43-2+deb8u4) [bugfix/all/video-fbdev-aty-do-not-leak-uninitialized-padding-in.patch]

Modified: active/CVE-2017-14340
===================================================================
--- active/CVE-2017-14340	2017-10-08 16:11:20 UTC (rev 5623)
+++ active/CVE-2017-14340	2017-10-08 16:14:06 UTC (rev 5624)
@@ -7,8 +7,8 @@
 Bugs:
 upstream: released (4.14-rc1) [b31ff3cdf540110da4572e3e29bd172087af65cc]
 4.9-upstream-stable: released (4.9.50) [5b82e0e938af5d9dfb038e2483cb2a84e24584fd]
-3.16-upstream-stable: needed
-3.2-upstream-stable: needed
+3.16-upstream-stable: pending (3.16.49) [xfs-xfs_is_realtime_inode-should-be-false-if-no-rt-device-present.patch]
+3.2-upstream-stable: pending (3.2.94) [xfs-xfs_is_realtime_inode-should-be-false-if-no-rt-device-present.patch]
 sid: released (4.12.13-1)
 4.9-stretch-security: released (4.9.30-2+deb9u4) [bugfix/all/xfs-XFS_IS_REALTIME_INODE-should-be-false-if-no-rt-d.patch]
 3.16-jessie-security: released (3.16.43-2+deb8u4) [bugfix/all/xfs-xfs_is_realtime_inode-should-be-false-if-no-rt-d.patch]

Modified: active/CVE-2017-14489
===================================================================
--- active/CVE-2017-14489	2017-10-08 16:11:20 UTC (rev 5623)
+++ active/CVE-2017-14489	2017-10-08 16:14:06 UTC (rev 5624)
@@ -16,8 +16,8 @@
 Bugs:
 upstream: released (4.14-rc3) [c88f0e6b06f4092995688211a631bb436125d77b]
 4.9-upstream-stable: released (4.9.53) [b42bf0f15cf70926f3a460e7517703fda6191ba7]
-3.16-upstream-stable: needed
-3.2-upstream-stable: needed
+3.16-upstream-stable: pending (3.16.49) [scsi-scsi_transport_iscsi-fix-the-issue-that-iscsi_if_rx-doesn-t.patch]
+3.2-upstream-stable: pending (3.2.94) [scsi-scsi_transport_iscsi-fix-the-issue-that-iscsi_if_rx-doesn-t.patch]
 sid: released (4.12.13-1) [bugfix/all/scsi-fix-the-issue-that-iscsi_if_rx-doesn-t-parse-nlmsg-properly.patch]
 4.9-stretch-security: released (4.9.30-2+deb9u4) [bugfix/all/scsi-fix-the-issue-that-iscsi_if_rx-doesn-t-parse-nlmsg-properly.patch]
 3.16-jessie-security: released (3.16.43-2+deb8u4) [bugfix/all/scsi-fix-the-issue-that-iscsi_if_rx-doesn-t-parse-nlmsg-properly.patch]

Modified: active/CVE-2017-8831
===================================================================
--- active/CVE-2017-8831	2017-10-08 16:11:20 UTC (rev 5623)
+++ active/CVE-2017-8831	2017-10-08 16:14:06 UTC (rev 5624)
@@ -7,8 +7,8 @@
  https://bugzilla.kernel.org/show_bug.cgi?id=195559
 upstream: released (4.13-rc1) [6fb05e0dd32e566facb96ea61a48c7488daa5ac3]
 4.9-upstream-stable: released (4.9.42) [12d17d78e3f74b5022f61eee7d6de082e472a401]
-3.16-upstream-stable: needed
-3.2-upstream-stable: needed
+3.16-upstream-stable: pending (3.16.49) [saa7164-fix-double-fetch-pcie-access-condition.patch]
+3.2-upstream-stable: pending (3.2.94) [saa7164-fix-double-fetch-pcie-access-condition.patch]
 sid: released (4.12.6-1)
 4.9-stretch-security: released (4.9.47-1)
 3.16-jessie-security: needed

More information about the kernel-sec-discuss mailing list