[kernel-sec-discuss] r5643 - active retired

Salvatore Bonaccorso carnil at moszumanska.debian.org
Thu Oct 12 11:38:07 UTC 2017 

Author: carnil
Date: 2017-10-12 11:38:07 +0000 (Thu, 12 Oct 2017)
New Revision: 5643

Added:
   retired/CVE-2017-14991
Removed:
   active/CVE-2017-14991
Log:
Retire CVE-2017-14991

Deleted: active/CVE-2017-14991
===================================================================
--- active/CVE-2017-14991	2017-10-12 11:36:19 UTC (rev 5642)
+++ active/CVE-2017-14991	2017-10-12 11:38:07 UTC (rev 5643)
@@ -1,16 +0,0 @@
-Description: scsi: sg: fixup infoleak when using SG_GET_REQUEST_TABLE
-References:
-Notes:
- bwh> Introduced in 4.12-rc1 by commit 109bade9c62 "scsi: sg: use standard
- bwh> lists for sg_requests". This was backported to some stable branches,
- bwh> but I'm not sure why. We might want to take both commits.
- carnil> For 4.9-upstream stable this was in 4.9.52.
-Bugs:
-upstream: released (4.14-rc2) [3e0097499839e0fe3af380410eababe5a47c4cf9]
-4.9-upstream-stable: released (4.9.53) [90cb12f6dc5ac45c51082721ec5bbe18850cf80f]
-3.16-upstream-stable: N/A "Vulnerable code introduced later"
-3.2-upstream-stable: N/A "Vulnerable code introduced later"
-sid: released (4.13.4-1)
-4.9-stretch-security: N/A "Vulnerable code introduced later"
-3.16-jessie-security: N/A "Vulnerable code introduced later"
-3.2-wheezy-security: N/A "Vulnerable code introduced later"

Copied: retired/CVE-2017-14991 (from rev 5642, active/CVE-2017-14991)
===================================================================
--- retired/CVE-2017-14991	                        (rev 0)
+++ retired/CVE-2017-14991	2017-10-12 11:38:07 UTC (rev 5643)
@@ -0,0 +1,16 @@
+Description: scsi: sg: fixup infoleak when using SG_GET_REQUEST_TABLE
+References:
+Notes:
+ bwh> Introduced in 4.12-rc1 by commit 109bade9c62 "scsi: sg: use standard
+ bwh> lists for sg_requests". This was backported to some stable branches,
+ bwh> but I'm not sure why. We might want to take both commits.
+ carnil> For 4.9-upstream stable this was in 4.9.52.
+Bugs:
+upstream: released (4.14-rc2) [3e0097499839e0fe3af380410eababe5a47c4cf9]
+4.9-upstream-stable: released (4.9.53) [90cb12f6dc5ac45c51082721ec5bbe18850cf80f]
+3.16-upstream-stable: N/A "Vulnerable code introduced later"
+3.2-upstream-stable: N/A "Vulnerable code introduced later"
+sid: released (4.13.4-1)
+4.9-stretch-security: N/A "Vulnerable code introduced later"
+3.16-jessie-security: N/A "Vulnerable code introduced later"
+3.2-wheezy-security: N/A "Vulnerable code introduced later"

More information about the kernel-sec-discuss mailing list