[kernel-sec-discuss] [Git][kernel-team/kernel-sec][master] Mark three CVEs as pending for 4.9.82-1+deb9u1

Salvatore Bonaccorso gitlab at salsa.debian.org
Thu Feb 22 09:36:48 UTC 2018 

Salvatore Bonaccorso pushed to branch master at Debian kernel team / kernel-sec


Commits:
e08fdbd1 by Salvatore Bonaccorso at 2018-02-22T10:35:18+01:00
Mark three CVEs as pending for 4.9.82-1+deb9u1

4.9.82-1+deb9u1 is the version including the fixes in the git repository
including those fixes.

Marking as well CVE-2017-5715 as fixed following the strategy used for
sid. The upload enforces a compiler with retpoline support thus making
the mitigation effectinve.

- - - - -


3 changed files:

- active/CVE-2017-13166
- active/CVE-2017-5715
- active/CVE-2018-5750


Changes:

=====================================
active/CVE-2017-13166
=====================================
--- a/active/CVE-2017-13166
+++ b/active/CVE-2017-13166
@@ -13,6 +13,6 @@ upstream: released (4.16-rc1) [b2469c814fbc8f1f19676dd4912717b798df511e, 181a4a2
 3.16-upstream-stable: needed
 3.2-upstream-stable: needed
 sid: released (4.15.4-1)
-4.9-stretch-security: needed
+4.9-stretch-security: pending (4.9.82-1+deb9u1)
 3.16-jessie-security: needed
 3.2-wheezy-security: needed


=====================================
active/CVE-2017-5715
=====================================
--- a/active/CVE-2017-5715
+++ b/active/CVE-2017-5715
@@ -16,12 +16,14 @@ Notes:
  carnil> branch accordingly.
  carnil> 4.14.17-1 upload enforces a dependency on the used compiler
  carnil> with retpoline support.
+ carnil> 4.9.82-1+deb9u1 upload enforces a dependency on the used
+ carnil> compiler with retpoline support.
 Bugs:
 upstream: released (4.15-rc8)
 4.9-upstream-stable: released (4.9.77)
 3.16-upstream-stable: needed
 3.2-upstream-stable: needed
 sid: released (4.14.17-1)
-4.9-stretch-security: needed
+4.9-stretch-security: pending (4.9.82-1+deb9u1)
 3.16-jessie-security: needed
 3.2-wheezy-security: needed


=====================================
active/CVE-2018-5750
=====================================
--- a/active/CVE-2018-5750
+++ b/active/CVE-2018-5750
@@ -8,6 +8,6 @@ upstream: released (4.16-rc1) [43cdd1b716b26f6af16da4e145b6578f98798bf6]
 3.16-upstream-stable: needed
 3.2-upstream-stable: needed
 sid: released (4.15.4-1)
-4.9-stretch-security: needed
+4.9-stretch-security: pending (4.9.82-1+deb9u1)
 3.16-jessie-security: needed
 3.2-wheezy-security: needed



View it on GitLab: https://salsa.debian.org/kernel-team/kernel-sec/commit/e08fdbd1830a50175170d1449ee06360514f8d34

---
View it on GitLab: https://salsa.debian.org/kernel-team/kernel-sec/commit/e08fdbd1830a50175170d1449ee06360514f8d34
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/kernel-sec-discuss/attachments/20180222/ee6c3bd3/attachment-0001.html>

More information about the kernel-sec-discuss mailing list