[kernel-sec-discuss] r5529 - active retired
Ben Hutchings
benh at moszumanska.debian.org
Thu Sep 7 15:58:18 UTC 2017
Author: benh
Date: 2017-09-07 15:58:17 +0000 (Thu, 07 Sep 2017)
New Revision: 5529
Added:
retired/CVE-2017-13693
retired/CVE-2017-13694
retired/CVE-2017-13695
Removed:
active/CVE-2017-13693
active/CVE-2017-13694
active/CVE-2017-13695
Modified:
active/CVE-2017-14106
active/CVE-2017-14140
active/CVE-2017-14156
active/CVE-2017-7558
Log:
Fill in missing status fields and retire non-isues
Deleted: active/CVE-2017-13693
===================================================================
--- active/CVE-2017-13693 2017-09-07 07:54:30 UTC (rev 5528)
+++ active/CVE-2017-13693 2017-09-07 15:58:17 UTC (rev 5529)
@@ -1,13 +0,0 @@
-Description:
-References:
- https://patchwork.kernel.org/patch/9919053/
-Notes:
-Bugs:
-upstream:
-4.9-upstream-stable:
-3.16-upstream-stable:
-3.2-upstream-stable:
-sid:
-4.9-stretch-security:
-3.16-jessie-security:
-3.2-wheezy-security:
Deleted: active/CVE-2017-13694
===================================================================
--- active/CVE-2017-13694 2017-09-07 07:54:30 UTC (rev 5528)
+++ active/CVE-2017-13694 2017-09-07 15:58:17 UTC (rev 5529)
@@ -1,13 +0,0 @@
-Description:
-References:
- https://patchwork.kernel.org/patch/9806085/
-Notes:
-Bugs:
-upstream:
-4.9-upstream-stable:
-3.16-upstream-stable:
-3.2-upstream-stable:
-sid:
-4.9-stretch-security:
-3.16-jessie-security:
-3.2-wheezy-security:
Deleted: active/CVE-2017-13695
===================================================================
--- active/CVE-2017-13695 2017-09-07 07:54:30 UTC (rev 5528)
+++ active/CVE-2017-13695 2017-09-07 15:58:17 UTC (rev 5529)
@@ -1,13 +0,0 @@
-Description:
-References:
- https://patchwork.kernel.org/patch/9850567/
-Notes:
-Bugs:
-upstream:
-4.9-upstream-stable:
-3.16-upstream-stable:
-3.2-upstream-stable:
-sid:
-4.9-stretch-security:
-3.16-jessie-security:
-3.2-wheezy-security:
Modified: active/CVE-2017-14106
===================================================================
--- active/CVE-2017-14106 2017-09-07 07:54:30 UTC (rev 5528)
+++ active/CVE-2017-14106 2017-09-07 15:58:17 UTC (rev 5529)
@@ -2,12 +2,14 @@
References:
https://groups.google.com/forum/#!topic/syzkaller/e4SrsEBEziQ
Notes:
+ bwh> This might not be possible in earlier versions, but it does look
+ bwh> plausible and the fix should have no effect if it's not possible.
Bugs:
upstream: released (4.12-rc3) [499350a5a6e7512d9ed369ed63a4244b6536f4f8]
-4.9-upstream-stable:
-3.16-upstream-stable:
-3.2-upstream-stable:
+4.9-upstream-stable: needed
+3.16-upstream-stable: needed
+3.2-upstream-stable: needed
sid: released (4.12.6-1)
-4.9-stretch-security:
-3.16-jessie-security:
-3.2-wheezy-security:
+4.9-stretch-security: needed
+3.16-jessie-security: needed
+3.2-wheezy-security: needed
Modified: active/CVE-2017-14140
===================================================================
--- active/CVE-2017-14140 2017-09-07 07:54:30 UTC (rev 5528)
+++ active/CVE-2017-14140 2017-09-07 15:58:17 UTC (rev 5529)
@@ -4,9 +4,9 @@
Bugs:
upstream: released (4.13-rc6) [197e7e521384a23b9e585178f3f11c9fa08274b9]
4.9-upstream-stable: released (4.9.45) [61332dc598c3f223678b2d7192ccf3472c544799]
-3.16-upstream-stable:
-3.2-upstream-stable:
+3.16-upstream-stable: needed
+3.2-upstream-stable: needed
sid: pending (4.12.10-1)
-4.9-stretch-security:
-3.16-jessie-security:
-3.2-wheezy-security:
+4.9-stretch-security: needed
+3.16-jessie-security: needed
+3.2-wheezy-security: needed
Modified: active/CVE-2017-14156
===================================================================
--- active/CVE-2017-14156 2017-09-07 07:54:30 UTC (rev 5528)
+++ active/CVE-2017-14156 2017-09-07 15:58:17 UTC (rev 5529)
@@ -5,11 +5,11 @@
https://marc.info/?l=linux-kernel&m=150453196710422&w=2
Notes:
Bugs:
-upstream:
-4.9-upstream-stable:
-3.16-upstream-stable:
-3.2-upstream-stable:
-sid:
-4.9-stretch-security:
-3.16-jessie-security:
-3.2-wheezy-security:
+upstream: needed
+4.9-upstream-stable: needed
+3.16-upstream-stable: needed
+3.2-upstream-stable: needed
+sid: needed
+4.9-stretch-security: needed
+3.16-jessie-security: needed
+3.2-wheezy-security: needed
Modified: active/CVE-2017-7558
===================================================================
--- active/CVE-2017-7558 2017-09-07 07:54:30 UTC (rev 5528)
+++ active/CVE-2017-7558 2017-09-07 15:58:17 UTC (rev 5529)
@@ -6,13 +6,14 @@
carnil> proposed patch in https://marc.info/?l=linux-netdev&m=150348777122761&w=2
carnil> the bug is said to be present from 4.7-rc1 on wards, but needs to be
carnil> checked if we have otherwise backport the issue
+ bwh> The sctp_diag code was added in 4.7 and we did not backport it.
Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1480266
upstream: released (4.13) [ee6c88bb754e3d363e568da78086adfedb692447]
4.9-upstream-stable: needed
-3.16-upstream-stable:
-3.2-upstream-stable:
+3.16-upstream-stable: N/A "Vulnerable code not present"
+3.2-upstream-stable: N/A "Vulnerable code not present"
sid: needed
-4.9-stretch-security:
-3.16-jessie-security:
-3.2-wheezy-security:
+4.9-stretch-security: needed
+3.16-jessie-security: N/A "Vulnerable code not present"
+3.2-wheezy-security: N/A "Vulnerable code not present"
Copied: retired/CVE-2017-13693 (from rev 5528, active/CVE-2017-13693)
===================================================================
--- retired/CVE-2017-13693 (rev 0)
+++ retired/CVE-2017-13693 2017-09-07 15:58:17 UTC (rev 5529)
@@ -0,0 +1,15 @@
+Description: Invalid ACPI table triggers warning
+References:
+ https://patchwork.kernel.org/patch/9919053/
+Notes:
+ bwh> This is not a security issue, since ACPI tables must already be
+ bwh> trusted.
+Bugs:
+upstream: ignored "Not a security issue"
+4.9-upstream-stable: ignored "Not a security issue"
+3.16-upstream-stable: ignored "Not a security issue"
+3.2-upstream-stable: ignored "Not a security issue"
+sid: ignored "Not a security issue"
+4.9-stretch-security: ignored "Not a security issue"
+3.16-jessie-security: ignored "Not a security issue"
+3.2-wheezy-security: ignored "Not a security issue"
Copied: retired/CVE-2017-13694 (from rev 5528, active/CVE-2017-13694)
===================================================================
--- retired/CVE-2017-13694 (rev 0)
+++ retired/CVE-2017-13694 2017-09-07 15:58:17 UTC (rev 5529)
@@ -0,0 +1,15 @@
+Description: Invalid ACPI table triggers warning
+References:
+ https://patchwork.kernel.org/patch/9806085/
+Notes:
+ bwh> This is not a security issue, since ACPI tables must already be
+ bwh> trusted.
+Bugs:
+upstream: ignored "Not a security issue"
+4.9-upstream-stable: ignored "Not a security issue"
+3.16-upstream-stable: ignored "Not a security issue"
+3.2-upstream-stable: ignored "Not a security issue"
+sid: ignored "Not a security issue"
+4.9-stretch-security: ignored "Not a security issue"
+3.16-jessie-security: ignored "Not a security issue"
+3.2-wheezy-security: ignored "Not a security issue"
Copied: retired/CVE-2017-13695 (from rev 5528, active/CVE-2017-13695)
===================================================================
--- retired/CVE-2017-13695 (rev 0)
+++ retired/CVE-2017-13695 2017-09-07 15:58:17 UTC (rev 5529)
@@ -0,0 +1,15 @@
+Description: Invalid ACPI table triggers warning
+References:
+ https://patchwork.kernel.org/patch/9850567/
+Notes:
+ bwh> This is not a security issue, since ACPI tables must already be
+ bwh> trusted.
+Bugs:
+upstream: ignored "Not a security issue"
+4.9-upstream-stable: ignored "Not a security issue"
+3.16-upstream-stable: ignored "Not a security issue"
+3.2-upstream-stable: ignored "Not a security issue"
+sid: ignored "Not a security issue"
+4.9-stretch-security: ignored "Not a security issue"
+3.16-jessie-security: ignored "Not a security issue"
+3.2-wheezy-security: ignored "Not a security issue"
More information about the kernel-sec-discuss
mailing list