[kernel-sec-discuss] r5560 - active

Ben Hutchings benh at moszumanska.debian.org
Mon Sep 18 03:01:29 UTC 2017 

Author: benh
Date: 2017-09-18 03:01:29 +0000 (Mon, 18 Sep 2017)
New Revision: 5560

Modified:
   active/CVE-2017-1000251
   active/CVE-2017-1000252
   active/CVE-2017-12134
   active/CVE-2017-12146
   active/CVE-2017-12153
   active/CVE-2017-12154
   active/CVE-2017-14051
   active/CVE-2017-14106
   active/CVE-2017-14140
   active/CVE-2017-14156
   active/CVE-2017-14340
   active/CVE-2017-14489
   active/CVE-2017-14497
   active/CVE-2017-7558
Log:
Mark issues pending for stretch

Modified: active/CVE-2017-1000251
===================================================================
--- active/CVE-2017-1000251	2017-09-18 02:27:16 UTC (rev 5559)
+++ active/CVE-2017-1000251	2017-09-18 03:01:29 UTC (rev 5560)
@@ -12,6 +12,6 @@
 3.16-upstream-stable: needed
 3.2-upstream-stable: needed
 sid: pending (4.12.12-3) [bugfix/all/Bluetooth-Properly-check-L2CAP-config-option-output-.patch]
-4.9-stretch-security: needed
+4.9-stretch-security: pending (4.9.30-2+deb9u4) [bugfix/all/bluetooth-properly-check-l2cap-config-option-output-.patch]
 3.16-jessie-security: pending (3.16.43-2+deb8u4) [bugfix/all/bluetooth-properly-check-l2cap-config-option-output-.patch]
 3.2-wheezy-security: pending (3.2.93-1) [bugfix/all/bluetooth-properly-check-l2cap-config-option-output-.patch]

Modified: active/CVE-2017-1000252
===================================================================
--- active/CVE-2017-1000252	2017-09-18 02:27:16 UTC (rev 5559)
+++ active/CVE-2017-1000252	2017-09-18 03:01:29 UTC (rev 5560)
@@ -11,6 +11,6 @@
 3.16-upstream-stable: N/A "Vulnerable code introduced in 4.4-rc1 with efc644048ecde54f016011fe10110addd0de348f"
 3.2-upstream-stable: N/A "Vulnerable code introduced in 4.4-rc1 with efc644048ecde54f016011fe10110addd0de348f"
 sid: needed
-4.9-stretch-security: needed
+4.9-stretch-security: pending (4.9.30-2+deb9u4) [bugfix/x86/kvm-vmx-do-not-bug-on-out-of-bounds-guest-irq.patch]
 3.16-jessie-security: N/A 'Vulnerable code not present"
 3.2-wheezy-security: N/A 'Vulnerable code not present"

Modified: active/CVE-2017-12134
===================================================================
--- active/CVE-2017-12134	2017-09-18 02:27:16 UTC (rev 5559)
+++ active/CVE-2017-12134	2017-09-18 03:01:29 UTC (rev 5560)
@@ -8,6 +8,6 @@
 3.16-upstream-stable: released (3.16.48) [f664b0113d2bb8d4bcdf5d03b72eb4c433ded452]
 3.2-upstream-stable: released (3.2.93) [33bab9221e22bab4ddc167f6c49b6ca9c35c2ccf]
 sid: released (4.12.12-1)
-4.9-stretch-security: needed
+4.9-stretch-security: pending (4.9.30-2+deb9u4) [bugfix/all/xen-fix-bio-vec-merging.patch]
 3.16-jessie-security: pending (3.16.43-2+deb8u4) [bugfix/all/xen-fix-bio-vec-merging.patch]
 3.2-wheezy-security: pending (3.2.93-1)

Modified: active/CVE-2017-12146
===================================================================
--- active/CVE-2017-12146	2017-09-18 02:27:16 UTC (rev 5559)
+++ active/CVE-2017-12146	2017-09-18 03:01:29 UTC (rev 5560)
@@ -8,6 +8,6 @@
 3.16-upstream-stable: N/A "Vulnerable code introduced in 3.17-rc1 with 3d713e0e382e6fcfb4bba1501645b66c129ad60b"
 3.2-upstream-stable: N/A "Vulnerable code introduced in 3.17-rc1 with 3d713e0e382e6fcfb4bba1501645b66c129ad60b"
 sid: released (4.11.11-1)
-4.9-stretch-security: needed
+4.9-stretch-security: pending (4.9.30-2+deb9u4) [bugfix/all/driver-core-platform-fix-race-condition-with-driver_.patch]
 3.16-jessie-security: N/A "Vulnerable code not present"
 3.2-wheezy-security: N/A "Vulnerable code not present"

Modified: active/CVE-2017-12153
===================================================================
--- active/CVE-2017-12153	2017-09-18 02:27:16 UTC (rev 5559)
+++ active/CVE-2017-12153	2017-09-18 03:01:29 UTC (rev 5560)
@@ -11,6 +11,6 @@
 3.16-upstream-stable: needed
 3.2-upstream-stable: needed
 sid: needed
-4.9-stretch-security: needed
+4.9-stretch-security: pending (4.9.30-2+deb9u4) [bugfix/all/nl80211-check-for-the-required-netlink-attributes-presence.patch]
 3.16-jessie-security: pending (3.16.43-2+deb8u4) [bugfix/all/nl80211-check-for-the-required-netlink-attributes-presence.patch]
 3.2-wheezy-security: pending (3.2.93-1) [bugfix/all/nl80211-check-for-the-required-netlink-attributes-presence.patch]

Modified: active/CVE-2017-12154
===================================================================
--- active/CVE-2017-12154	2017-09-18 02:27:16 UTC (rev 5559)
+++ active/CVE-2017-12154	2017-09-18 03:01:29 UTC (rev 5560)
@@ -11,6 +11,6 @@
 3.16-upstream-stable: needed
 3.2-upstream-stable: needed
 sid: needed
-4.9-stretch-security: needed
+4.9-stretch-security: pending (4.9.30-2+deb9u4) [bugfix/x86/kvm-nvmx-don-t-allow-l2-to-access-the-hardware-cr8.patch]
 3.16-jessie-security: pending (3.16.43-2+deb8u4) [bugfix/x86/kvm-nvmx-don-t-allow-l2-to-access-the-hardware-cr8.patch]
 3.2-wheezy-security: pending (3.2.93-1) [bugfix/x86/kvm-nvmx-don-t-allow-l2-to-access-the-hardware-cr8.patch]

Modified: active/CVE-2017-14051
===================================================================
--- active/CVE-2017-14051	2017-09-18 02:27:16 UTC (rev 5559)
+++ active/CVE-2017-14051	2017-09-18 03:01:29 UTC (rev 5560)
@@ -9,6 +9,6 @@
 3.16-upstream-stable: needed
 3.2-upstream-stable: needed
 sid: pending (4.12.12-3) [bugfix/all/scsi-qla2xxx-Fix-an-integer-overflow-in-sysfs-code.patch]
-4.9-stretch-security: needed
+4.9-stretch-security: pending (4.9.30-2+deb9u4) [bugfix/all/scsi-qla2xxx-fix-an-integer-overflow-in-sysfs-code.patch]
 3.16-jessie-security: pending (3.16.43-2+deb8u4) [bugfix/all/scsi-qla2xxx-fix-an-integer-overflow-in-sysfs-code.patch]
 3.2-wheezy-security: needed

Modified: active/CVE-2017-14106
===================================================================
--- active/CVE-2017-14106	2017-09-18 02:27:16 UTC (rev 5559)
+++ active/CVE-2017-14106	2017-09-18 03:01:29 UTC (rev 5560)
@@ -10,6 +10,6 @@
 3.16-upstream-stable: released (3.16.48) [32cb2d4a59d0512aa825e7f0352f66063482cc07]
 3.2-upstream-stable: released (3.2.93) [16a0303d3f6b222044de5d33c01cbdf590050473]
 sid: released (4.12.6-1)
-4.9-stretch-security: needed
+4.9-stretch-security: pending (4.9.30-2+deb9u4) [bugfix/all/tcp-initialize-rcv_mss-to-tcp_min_mss-instead-of-0.patch]
 3.16-jessie-security: pending (3.16.43-2+deb8u4) [bugfix/all/tcp-initialize-rcv_mss-to-tcp_min_mss-instead-of-0.patch]
 3.2-wheezy-security: pending (3.2.93-1)

Modified: active/CVE-2017-14140
===================================================================
--- active/CVE-2017-14140	2017-09-18 02:27:16 UTC (rev 5559)
+++ active/CVE-2017-14140	2017-09-18 03:01:29 UTC (rev 5560)
@@ -7,6 +7,6 @@
 3.16-upstream-stable: released (3.16.48) [b5a16892623afec2d3212b963dd688b258002b4b]
 3.2-upstream-stable: released (3.2.93) [a9a659c916c81b3385479ee00d4547912f08abf6]
 sid: released (4.12.12-1)
-4.9-stretch-security: needed
+4.9-stretch-security: pending (4.9.30-2+deb9u4) [bugfix/all/sanitize-move_pages-permission-checks.patch]
 3.16-jessie-security: pending (3.16.43-2+deb8u4) [bugfix/all/sanitize-move_pages-permission-checks.patch]
 3.2-wheezy-security: pending (3.2.93-1)

Modified: active/CVE-2017-14156
===================================================================
--- active/CVE-2017-14156	2017-09-18 02:27:16 UTC (rev 5559)
+++ active/CVE-2017-14156	2017-09-18 03:01:29 UTC (rev 5560)
@@ -10,6 +10,6 @@
 3.16-upstream-stable: needed
 3.2-upstream-stable: needed
 sid: needed
-4.9-stretch-security: needed
+4.9-stretch-security: pending (4.9.30-2+deb9u4) [bugfix/all/video-fbdev-aty-do-not-leak-uninitialized-padding-in.patch]
 3.16-jessie-security: pending (3.16.43-2+deb8u4) [bugfix/all/video-fbdev-aty-do-not-leak-uninitialized-padding-in.patch]
 3.2-wheezy-security: pending (3.2.93-1) [bugfix/all/video-fbdev-aty-do-not-leak-uninitialized-padding-in.patch]

Modified: active/CVE-2017-14340
===================================================================
--- active/CVE-2017-14340	2017-09-18 02:27:16 UTC (rev 5559)
+++ active/CVE-2017-14340	2017-09-18 03:01:29 UTC (rev 5560)
@@ -9,7 +9,7 @@
 4.9-upstream-stable: needed
 3.16-upstream-stable: needed
 3.2-upstream-stable: needed
-sid: pending (4.12.12-3) [bugfix/all/xfs-XFS_IS_REALTIME_INODE-should-be-false-if-no-rt-d.patch] needed
-4.9-stretch-security: needed
+sid: pending (4.12.12-3) [bugfix/all/xfs-XFS_IS_REALTIME_INODE-should-be-false-if-no-rt-d.patch]
+4.9-stretch-security: pending (4.9.30-2+deb9u4) [bugfix/all/xfs-XFS_IS_REALTIME_INODE-should-be-false-if-no-rt-d.patch]
 3.16-jessie-security: pending (3.16.43-2+deb8u4) [bugfix/all/xfs-xfs_is_realtime_inode-should-be-false-if-no-rt-d.patch]
 3.2-wheezy-security: pending (3.2.93-1) [bugfix/all/xfs-xfs_is_realtime_inode-should-be-false-if-no-rt-d.patch]

Modified: active/CVE-2017-14489
===================================================================
--- active/CVE-2017-14489	2017-09-18 02:27:16 UTC (rev 5559)
+++ active/CVE-2017-14489	2017-09-18 03:01:29 UTC (rev 5560)
@@ -12,6 +12,6 @@
 3.16-upstream-stable: needed
 3.2-upstream-stable: needed
 sid: needed
-4.9-stretch-security: needed
+4.9-stretch-security: pending (4.9.30-2+deb9u4) [bugfix/all/scsi-fix-the-issue-that-iscsi_if_rx-doesn-t-parse-nlmsg-properly.patch]
 3.16-jessie-security: pending (3.16.43-2+deb8u4) [bugfix/all/scsi-fix-the-issue-that-iscsi_if_rx-doesn-t-parse-nlmsg-properly.patch]
 3.2-wheezy-security: pending (3.2.93-1) [bugfix/all/scsi-fix-the-issue-that-iscsi_if_rx-doesn-t-parse-nlmsg-properly.patch]

Modified: active/CVE-2017-14497
===================================================================
--- active/CVE-2017-14497	2017-09-18 02:27:16 UTC (rev 5559)
+++ active/CVE-2017-14497	2017-09-18 03:01:29 UTC (rev 5560)
@@ -10,6 +10,6 @@
 3.16-upstream-stable: N/A "Vulnerable code introduced later"
 3.2-upstream-stable: N/A "Vulnerable code introduced later"
 sid: needed
-4.9-stretch-security: needed
+4.9-stretch-security: pending (4.9.30-2+deb9u4) [bugfix/all/packet-don-t-write-vnet-header-beyond-end-of-buffer.patch]
 3.16-jessie-security: N/A "Vulnerable code not present"
 3.2-wheezy-security: N/A "Vulnerable code not present"

Modified: active/CVE-2017-7558
===================================================================
--- active/CVE-2017-7558	2017-09-18 02:27:16 UTC (rev 5559)
+++ active/CVE-2017-7558	2017-09-18 03:01:29 UTC (rev 5560)
@@ -14,6 +14,6 @@
 3.16-upstream-stable: N/A "Vulnerable code not present"
 3.2-upstream-stable: N/A "Vulnerable code not present"
 sid: pending (4.12.12-3) [bugfix/all/sctp-Avoid-out-of-bounds-reads-from-address-storage.patch]
-4.9-stretch-security: needed
+4.9-stretch-security: pending (4.9.30-2+deb9u4) [bugfix/all/sctp-Avoid-out-of-bounds-reads-from-address-storage.patch]
 3.16-jessie-security: N/A "Vulnerable code not present"
 3.2-wheezy-security: N/A "Vulnerable code not present"

More information about the kernel-sec-discuss mailing list