[kernel-sec-discuss] r5562 - active

Salvatore Bonaccorso carnil at moszumanska.debian.org
Tue Sep 19 04:30:04 UTC 2017 

Author: carnil
Date: 2017-09-19 04:30:03 +0000 (Tue, 19 Sep 2017)
New Revision: 5562

Modified:
   active/CVE-2017-1000251
   active/CVE-2017-1000252
   active/CVE-2017-12153
   active/CVE-2017-12154
   active/CVE-2017-14051
   active/CVE-2017-14156
   active/CVE-2017-14340
   active/CVE-2017-14489
   active/CVE-2017-14497
   active/CVE-2017-7558
Log:
Mark 4.12.13-1 as released for sid

Modified: active/CVE-2017-1000251
===================================================================
--- active/CVE-2017-1000251	2017-09-18 23:49:39 UTC (rev 5561)
+++ active/CVE-2017-1000251	2017-09-19 04:30:03 UTC (rev 5562)
@@ -11,7 +11,7 @@
 4.9-upstream-stable: released (4.9.50) [6300c8bfafe032187f3cbaa43dbf7d306650c5ed]
 3.16-upstream-stable: needed
 3.2-upstream-stable: needed
-sid: pending (4.12.13-1)
+sid: released (4.12.13-1)
 4.9-stretch-security: pending (4.9.30-2+deb9u4) [bugfix/all/bluetooth-properly-check-l2cap-config-option-output-.patch]
 3.16-jessie-security: pending (3.16.43-2+deb8u4) [bugfix/all/bluetooth-properly-check-l2cap-config-option-output-.patch]
 3.2-wheezy-security: pending (3.2.93-1) [bugfix/all/bluetooth-properly-check-l2cap-config-option-output-.patch]

Modified: active/CVE-2017-1000252
===================================================================
--- active/CVE-2017-1000252	2017-09-18 23:49:39 UTC (rev 5561)
+++ active/CVE-2017-1000252	2017-09-19 04:30:03 UTC (rev 5562)
@@ -10,7 +10,7 @@
 4.9-upstream-stable: needed
 3.16-upstream-stable: N/A "Vulnerable code introduced in 4.4-rc1 with efc644048ecde54f016011fe10110addd0de348f"
 3.2-upstream-stable: N/A "Vulnerable code introduced in 4.4-rc1 with efc644048ecde54f016011fe10110addd0de348f"
-sid: pending (4.12.13-1) [bugfix/x86/kvm-vmx-do-not-bug-on-out-of-bounds-guest-irq.patch]
+sid: released (4.12.13-1) [bugfix/x86/kvm-vmx-do-not-bug-on-out-of-bounds-guest-irq.patch]
 4.9-stretch-security: pending (4.9.30-2+deb9u4) [bugfix/x86/kvm-vmx-do-not-bug-on-out-of-bounds-guest-irq.patch]
 3.16-jessie-security: N/A 'Vulnerable code not present"
 3.2-wheezy-security: N/A 'Vulnerable code not present"

Modified: active/CVE-2017-12153
===================================================================
--- active/CVE-2017-12153	2017-09-18 23:49:39 UTC (rev 5561)
+++ active/CVE-2017-12153	2017-09-19 04:30:03 UTC (rev 5562)
@@ -10,7 +10,7 @@
 4.9-upstream-stable: needed
 3.16-upstream-stable: needed
 3.2-upstream-stable: needed
-sid: pending (4.12.13-1) [bugfix/all/nl80211-check-for-the-required-netlink-attributes-presence.patch]
+sid: released (4.12.13-1) [bugfix/all/nl80211-check-for-the-required-netlink-attributes-presence.patch]
 4.9-stretch-security: pending (4.9.30-2+deb9u4) [bugfix/all/nl80211-check-for-the-required-netlink-attributes-presence.patch]
 3.16-jessie-security: pending (3.16.43-2+deb8u4) [bugfix/all/nl80211-check-for-the-required-netlink-attributes-presence.patch]
 3.2-wheezy-security: pending (3.2.93-1) [bugfix/all/nl80211-check-for-the-required-netlink-attributes-presence.patch]

Modified: active/CVE-2017-12154
===================================================================
--- active/CVE-2017-12154	2017-09-18 23:49:39 UTC (rev 5561)
+++ active/CVE-2017-12154	2017-09-19 04:30:03 UTC (rev 5562)
@@ -10,7 +10,7 @@
 4.9-upstream-stable: needed
 3.16-upstream-stable: needed
 3.2-upstream-stable: needed
-sid: pending (4.12.13-1) [bugfix/x86/kvm-nvmx-don-t-allow-l2-to-access-the-hardware-cr8.patch]
+sid: released (4.12.13-1) [bugfix/x86/kvm-nvmx-don-t-allow-l2-to-access-the-hardware-cr8.patch]
 4.9-stretch-security: pending (4.9.30-2+deb9u4) [bugfix/x86/kvm-nvmx-don-t-allow-l2-to-access-the-hardware-cr8.patch]
 3.16-jessie-security: pending (3.16.43-2+deb8u4) [bugfix/x86/kvm-nvmx-don-t-allow-l2-to-access-the-hardware-cr8.patch]
 3.2-wheezy-security: pending (3.2.93-1) [bugfix/x86/kvm-nvmx-don-t-allow-l2-to-access-the-hardware-cr8.patch]

Modified: active/CVE-2017-14051
===================================================================
--- active/CVE-2017-14051	2017-09-18 23:49:39 UTC (rev 5561)
+++ active/CVE-2017-14051	2017-09-19 04:30:03 UTC (rev 5562)
@@ -8,7 +8,7 @@
 4.9-upstream-stable: needed
 3.16-upstream-stable: needed
 3.2-upstream-stable: needed
-sid: pending (4.12.13-1) [bugfix/all/scsi-qla2xxx-Fix-an-integer-overflow-in-sysfs-code.patch]
+sid: released (4.12.13-1) [bugfix/all/scsi-qla2xxx-Fix-an-integer-overflow-in-sysfs-code.patch]
 4.9-stretch-security: pending (4.9.30-2+deb9u4) [bugfix/all/scsi-qla2xxx-fix-an-integer-overflow-in-sysfs-code.patch]
 3.16-jessie-security: pending (3.16.43-2+deb8u4) [bugfix/all/scsi-qla2xxx-fix-an-integer-overflow-in-sysfs-code.patch]
 3.2-wheezy-security: needed

Modified: active/CVE-2017-14156
===================================================================
--- active/CVE-2017-14156	2017-09-18 23:49:39 UTC (rev 5561)
+++ active/CVE-2017-14156	2017-09-19 04:30:03 UTC (rev 5562)
@@ -9,7 +9,7 @@
 4.9-upstream-stable: needed
 3.16-upstream-stable: needed
 3.2-upstream-stable: needed
-sid: pending (4.12.13-1) [bugfix/all/video-fbdev-aty-do-not-leak-uninitialized-padding-in.patch]
+sid: released (4.12.13-1) [bugfix/all/video-fbdev-aty-do-not-leak-uninitialized-padding-in.patch]
 4.9-stretch-security: pending (4.9.30-2+deb9u4) [bugfix/all/video-fbdev-aty-do-not-leak-uninitialized-padding-in.patch]
 3.16-jessie-security: pending (3.16.43-2+deb8u4) [bugfix/all/video-fbdev-aty-do-not-leak-uninitialized-padding-in.patch]
 3.2-wheezy-security: pending (3.2.93-1) [bugfix/all/video-fbdev-aty-do-not-leak-uninitialized-padding-in.patch]

Modified: active/CVE-2017-14340
===================================================================
--- active/CVE-2017-14340	2017-09-18 23:49:39 UTC (rev 5561)
+++ active/CVE-2017-14340	2017-09-19 04:30:03 UTC (rev 5562)
@@ -9,7 +9,7 @@
 4.9-upstream-stable: needed
 3.16-upstream-stable: needed
 3.2-upstream-stable: needed
-sid: pending (4.12.13-1)
+sid: released (4.12.13-1)
 4.9-stretch-security: pending (4.9.30-2+deb9u4) [bugfix/all/xfs-XFS_IS_REALTIME_INODE-should-be-false-if-no-rt-d.patch]
 3.16-jessie-security: pending (3.16.43-2+deb8u4) [bugfix/all/xfs-xfs_is_realtime_inode-should-be-false-if-no-rt-d.patch]
 3.2-wheezy-security: pending (3.2.93-1) [bugfix/all/xfs-xfs_is_realtime_inode-should-be-false-if-no-rt-d.patch]

Modified: active/CVE-2017-14489
===================================================================
--- active/CVE-2017-14489	2017-09-18 23:49:39 UTC (rev 5561)
+++ active/CVE-2017-14489	2017-09-19 04:30:03 UTC (rev 5562)
@@ -11,7 +11,7 @@
 4.9-upstream-stable: needed
 3.16-upstream-stable: needed
 3.2-upstream-stable: needed
-sid: pending (4.12.13-1) [bugfix/all/scsi-fix-the-issue-that-iscsi_if_rx-doesn-t-parse-nlmsg-properly.patch]
+sid: released (4.12.13-1) [bugfix/all/scsi-fix-the-issue-that-iscsi_if_rx-doesn-t-parse-nlmsg-properly.patch]
 4.9-stretch-security: pending (4.9.30-2+deb9u4) [bugfix/all/scsi-fix-the-issue-that-iscsi_if_rx-doesn-t-parse-nlmsg-properly.patch]
 3.16-jessie-security: pending (3.16.43-2+deb8u4) [bugfix/all/scsi-fix-the-issue-that-iscsi_if_rx-doesn-t-parse-nlmsg-properly.patch]
 3.2-wheezy-security: pending (3.2.93-1) [bugfix/all/scsi-fix-the-issue-that-iscsi_if_rx-doesn-t-parse-nlmsg-properly.patch]

Modified: active/CVE-2017-14497
===================================================================
--- active/CVE-2017-14497	2017-09-18 23:49:39 UTC (rev 5561)
+++ active/CVE-2017-14497	2017-09-19 04:30:03 UTC (rev 5562)
@@ -9,7 +9,7 @@
 4.9-upstream-stable: needed
 3.16-upstream-stable: N/A "Vulnerable code introduced later"
 3.2-upstream-stable: N/A "Vulnerable code introduced later"
-sid: pending (4.12.13-1) [bugfix/all/packet-don-t-write-vnet-header-beyond-end-of-buffer.patch]
+sid: released (4.12.13-1) [bugfix/all/packet-don-t-write-vnet-header-beyond-end-of-buffer.patch]
 4.9-stretch-security: pending (4.9.30-2+deb9u4) [bugfix/all/packet-don-t-write-vnet-header-beyond-end-of-buffer.patch]
 3.16-jessie-security: N/A "Vulnerable code not present"
 3.2-wheezy-security: N/A "Vulnerable code not present"

Modified: active/CVE-2017-7558
===================================================================
--- active/CVE-2017-7558	2017-09-18 23:49:39 UTC (rev 5561)
+++ active/CVE-2017-7558	2017-09-19 04:30:03 UTC (rev 5562)
@@ -13,7 +13,7 @@
 4.9-upstream-stable: needed
 3.16-upstream-stable: N/A "Vulnerable code not present"
 3.2-upstream-stable: N/A "Vulnerable code not present"
-sid: pending (4.12.13-1) [bugfix/all/sctp-Avoid-out-of-bounds-reads-from-address-storage.patch]
+sid: released (4.12.13-1) [bugfix/all/sctp-Avoid-out-of-bounds-reads-from-address-storage.patch]
 4.9-stretch-security: pending (4.9.30-2+deb9u4) [bugfix/all/sctp-Avoid-out-of-bounds-reads-from-address-storage.patch]
 3.16-jessie-security: N/A "Vulnerable code not present"
 3.2-wheezy-security: N/A "Vulnerable code not present"

More information about the kernel-sec-discuss mailing list