[linux] branch jessie-security updated (08a4215 -> 54fe5e5)

debian-kernel at lists.debian.org debian-kernel at lists.debian.org
Tue Mar 14 14:16:58 UTC 2017 

This is an automated email from the git hooks/post-receive script.

benh pushed a change to branch jessie-security
in repository linux.

      from  08a4215   Prepare to release linux (3.16.39-1+deb8u2).
       new  a59d773   timer: Restrict timer_stats to initial PID namespace (CVE-2017-5967)
       new  57753e8   mbcache: Reschedule before restarting iteration in mb_cache_entry_alloc()
       new  0a86879   mnt: Add a per mount namespace limit on the number of mounts (CVE-2016-6213)
       new  ccfdfd2   vfs: Commit to never having executables on proc and sysfs
       new  51c19d7   aio: mark AIO pseudo-fs noexec (CVE-2016-10044)
       new  71b7929   l2tp: fix racy SOCK_ZAPPED flag check in l2tp_ip{,6}_bind() (CVE-2016-10200)
       new  54fe5e5   ext4: validate s_first_meta_bg at mount time (CVE-2016-10208)

The 7 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.


Summary of changes:
 debian/changelog                                   |  13 +
 .../bugfix/all/aio-mark-aio-pseudo-fs-noexec.patch |  58 +++++
 ...t4-validate-s_first_meta_bg-at-mount-time.patch |  65 +++++
 ...cy-sock_zapped-flag-check-in-l2tp_ip-6-_b.patch | 161 +++++++++++++
 ...tarting-iteration-in-mb_cache_entry_alloc.patch |  22 ++
 ...er-mount-namespace-limit-on-the-number-of.patch | 268 +++++++++++++++++++++
 ...rict-timer_stats-to-initial-pid-namespace.patch |  37 +++
 ...to-never-having-exectuables-on-proc-and-s.patch | 183 ++++++++++++++
 .../vfs-fix-abi-change-for-cve-2016-6213-fix.patch |  23 ++
 debian/patches/series                              |   8 +
 10 files changed, 838 insertions(+)
 create mode 100644 debian/patches/bugfix/all/aio-mark-aio-pseudo-fs-noexec.patch
 create mode 100644 debian/patches/bugfix/all/ext4-validate-s_first_meta_bg-at-mount-time.patch
 create mode 100644 debian/patches/bugfix/all/l2tp-fix-racy-sock_zapped-flag-check-in-l2tp_ip-6-_b.patch
 create mode 100644 debian/patches/bugfix/all/mbcache-reschedule-before-restarting-iteration-in-mb_cache_entry_alloc.patch
 create mode 100644 debian/patches/bugfix/all/mnt-add-a-per-mount-namespace-limit-on-the-number-of.patch
 create mode 100644 debian/patches/bugfix/all/timer-restrict-timer_stats-to-initial-pid-namespace.patch
 create mode 100644 debian/patches/bugfix/all/vfs-commit-to-never-having-exectuables-on-proc-and-s.patch
 create mode 100644 debian/patches/debian/vfs-fix-abi-change-for-cve-2016-6213-fix.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/kernel/linux.git

More information about the Kernel-svn-changes mailing list