[linux] 01/01: Merge tag 'debian/4.9.65-3+deb9u1' into jessie-backports

debian-kernel at lists.debian.org debian-kernel at lists.debian.org
Sat Dec 23 21:25:46 UTC 2017 

This is an automated email from the git hooks/post-receive script.

benh pushed a commit to branch jessie-backports
in repository linux.

commit da84bdb0c9ac5cf2be7fc180dc0853bf9abd3c51
Merge: a700b41 e7f8080
Author: Ben Hutchings <ben at decadent.org.uk>
Date:   Sat Dec 23 04:46:50 2017 +0000

    Merge tag 'debian/4.9.65-3+deb9u1' into jessie-backports
    
    Release linux (4.9.65-3+deb9u1).

 debian/changelog                                   |  48 +++++++
 ...vent-stack-info-leak-from-the-efs-element.patch |  48 +++++++
 ...-adjust-insn_aux_data-when-patching-insns.patch |  93 ++++++++++++
 .../bugfix/all/bpf-fix-branch-pruning-logic.patch  | 111 +++++++++++++++
 ...-incorrect-sign-extension-in-check_alu_op.patch |  50 +++++++
 ...t-out-of-bounds-stack-pointer-calculation.patch |  53 +++++++
 ...s_equal-comparison-of-pointer-and-unknown.patch |  36 +++++
 ...-require-that-the-underlying-hash-algorit.patch | 142 +++++++++++++++++++
 ...ypto-salsa20-fix-blkcipher_walk-API-usage.patch |  84 +++++++++++
 ...cve-2017-8824-use-after-free-in-dccp-code.patch |  38 +++++
 ...ssing-permission-check-for-request_key-de.patch | 157 +++++++++++++++++++++
 ...ix-stack-out-of-bounds-read-in-write_mmio.patch | 154 ++++++++++++++++++++
 ...sb-v2-lmedm04-Improve-logic-checking-of-w.patch |  83 +++++++++++
 ...sb-v2-lmedm04-move-ts2020-attach-to-dm04_.patch |  67 +++++++++
 ...-fix-an-error-handling-path-in-hdpvr_prob.patch |  98 +++++++++++++
 ...4-fix-for-a-race-condition-in-raw_sendmsg.patch |  71 ++++++++++
 ...fnetlink_cthelper-add-missing-permission-.patch |  74 ++++++++++
 ...lter-xt_osf-add-missing-permission-checks.patch |  56 ++++++++
 .../all/netlink-add-netns-check-on-taps.patch      |  39 +++++
 ...prevent-malicious-bnuminterfaces-overflow.patch |  44 ++++++
 ...emove-i-o-port-0x80-bypass-on-intel-hosts.patch |  47 ++++++
 debian/patches/series                              |  20 +++
 22 files changed, 1613 insertions(+)

diff --cc debian/changelog
index ee24c97,7b3f009..ace98b8
--- a/debian/changelog
+++ b/debian/changelog
@@@ -1,17 -1,37 +1,65 @@@
++linux (4.9.65-3+deb9u1~bpo8+1) jessie-backports; urgency=medium
++
++  * Rebuild for jessie-backports:
++    - Revert "[x86] psmouse: Enable MOUSE_PS2_VMMOUSE", which breaks
++      xserver-xorg-input-vmmouse and several metapackages in jessie
++    - Revert changes to use gcc-6 compiler, not found in jessie
++    - Change ABI number to 0.bpo.4
++    - Revert changes to flex and asciidoc build-dependencies
++    - linux-image-dbg: Revert changes to packaging of debug symbols
++    - Revert "enable `perf data' support" as libbabeltrace is not available
++    - [mips*] Disable RELOCATABLE and RANDOMIZE_BASE.
++
++ -- Ben Hutchings <ben at decadent.org.uk>  Sat, 23 Dec 2017 04:47:27 +0000
++
+ linux (4.9.65-3+deb9u1) stretch-security; urgency=high
+ 
+   * dccp: CVE-2017-8824: use-after-free in DCCP code
+   * media: dvb-usb-v2: lmedm04: Improve logic checking of warm start
+     (CVE-2017-16538)
+   * media: dvb-usb-v2: lmedm04: move ts2020 attach to dm04_lme2510_tuner
+     (CVE-2017-16538)
+   * media: hdpvr: Fix an error handling path in hdpvr_probe() (CVE-2017-16644)
+   * bpf/verifier: Fix multiple security issues:
+     - adjust insn_aux_data when patching insns
+     - fix branch pruning logic
+     - reject out-of-bounds stack pointer calculation
+     - fix incorrect sign extension in check_alu_op() (CVE-2017-16995)
+     - Fix states_equal() comparison of pointer and UNKNOWN
+   * netfilter: nfnetlink_cthelper: Add missing permission checks
+     (CVE-2017-17448)
+   * netlink: Add netns check on taps (CVE-2017-17449)
+   * netfilter: xt_osf: Add missing permission checks (CVE-2017-17450)
+   * USB: core: prevent malicious bNumInterfaces overflow (CVE-2017-17558)
+   * net: ipv4: fix for a race condition in raw_sendmsg (CVE-2017-17712)
+   * [armhf,arm64,x86] KVM: Fix stack-out-of-bounds read in write_mmio
+     (CVE-2017-17741)
+   * crypto: salsa20 - fix blkcipher_walk API usage (CVE-2017-17805)
+   * crypto: hmac - require that the underlying hash algorithm is unkeyed
+     (CVE-2017-17806)
+   * KEYS: add missing permission check for request_key() destination
+     (CVE-2017-17807)
+   * [x86]  KVM: VMX: remove I/O port 0x80 bypass on Intel hosts
+     (CVE-2017-1000407)
+   * bluetooth: Prevent stack info leak from the EFS element.
+     (CVE-2017-1000410)
+ 
+  -- Ben Hutchings <ben at decadent.org.uk>  Sat, 23 Dec 2017 00:39:51 +0000
+ 
 +linux (4.9.65-3~bpo8+1) jessie-backports; urgency=medium
 +
 +  * Rebuild for jessie-backports:
 +    - Revert "[x86] psmouse: Enable MOUSE_PS2_VMMOUSE", which breaks
 +      xserver-xorg-input-vmmouse and several metapackages in jessie
 +    - Revert changes to use gcc-6 compiler, not found in jessie
 +    - Change ABI number to 0.bpo.4
 +    - Revert changes to flex and asciidoc build-dependencies
 +    - linux-image-dbg: Revert changes to packaging of debug symbols
 +    - Revert "enable `perf data' support" as libbabeltrace is not available
 +    - [mips*] Disable RELOCATABLE and RANDOMIZE_BASE.
 +
 + -- Ben Hutchings <ben at decadent.org.uk>  Sat, 09 Dec 2017 01:41:29 +0000
 +
  linux (4.9.65-3) stretch; urgency=medium
  
    [ Salvatore Bonaccorso ]

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/kernel/linux.git

More information about the Kernel-svn-changes mailing list