[linux] branch jessie-backports updated (57c8c7e -> 943dfbb)
debian-kernel at lists.debian.org
debian-kernel at lists.debian.org
Thu Sep 28 17:18:22 UTC 2017
This is an automated email from the git hooks/post-receive script.
benh pushed a change to branch jessie-backports
in repository linux.
from 57c8c7e Merge tag 'debian/4.9.30-2+deb9u2' into jessie-backports
adds 3046d0a [x86] drm/vmwgfx: limit the number of mip levels in vmw_gb_surface_define_ioctl() (CVE-2017-7346)
adds 8eafcab rxrpc: Fix several cases where a padded len isn't checked in ticket decode (CVE-2017-7482)
adds 7aaeb81 brcmfmac: fix possible buffer overflow in brcmf_cfg80211_mgmt_tx() (CVE-2017-7541)
adds e3ef297 ipv6: avoid overflow of offset in ip6_find_1stfragopt (CVE-2017-7542)
adds 81326d3 [x86] drm/vmwgfx: Make sure backup_handle is always valid (CVE-2017-9605)
adds 882fc3b drm/virtio: don't leak bo on drm_gem_object_init failure (CVE-2017-10810)
adds 6fa619c xen-blkback: don't leak stack data via response ring (CVE-2017-10911)
adds 162d277 mqueue: fix a use-after-free in sys_mq_notify() (CVE-2017-11176)
adds 2e52ae7 fs/exec.c: account for argv/envp pointers (CVE-2017-1000365)
adds 7c1804a dentry name snapshots (CVE-2017-7533)
adds 7f983da Prepare to release linux (4.9.30-2+deb9u3).
adds 43ff539 [x86] KVM: fix singlestepping over syscall (CVE-2017-7518)
adds 69821fc binfmt_elf: use ELF_ET_DYN_BASE only for PIE (CVE-2017-1000370, CVE-2017-1000371)
adds 6d8e5bf Add fixes for CVE-2017-1000380
adds af0165b xfrm: policy: check policy direction value (CVE-2017-11600)
adds cad5bfa packet: fix tp_reserve race in packet_set_ring (CVE-2017-1000111)
adds 91c6faa udp: consistently apply ufo or fragmentation (CVE-2017-1000112)
adds 7e7c3ca Add various security fixes
adds af58409 Add Debian bug # for CVE-2017-1000251
adds b25378b Prepare to release linux (4.9.30-2+deb9u4).
adds 35df1e4 [amd64] mm: revert ELF_ET_DYN_BASE base changes (fixes regression of ASan)
new 943dfbb Merge tag 'debian/4.9.30-2+deb9u5' into jessie-backports
The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.
Summary of changes:
debian/changelog | 73 +++++
...-timer-fix-missing-queue-indices-reset-at.patch | 52 +++
...lsa-timer-fix-race-between-read-and-ioctl.patch | 69 ++++
...nfmt_elf-use-elf_et_dyn_base-only-for-pie.patch | 167 ++++++++++
...roperly-check-l2cap-config-option-output-.patch | 353 +++++++++++++++++++++
...x-possible-buffer-overflow-in-brcmf_cfg80.patch | 46 +++
.../patches/bugfix/all/dentry-name-snapshots.patch | 228 +++++++++++++
...-platform-fix-race-condition-with-driver_.patch | 59 ++++
...don-t-leak-bo-on-drm_gem_object_init-fail.patch | 35 ++
.../fs-exec.c-account-for-argv-envp-pointers.patch | 90 ++++++
...overflow-of-offset-in-ip6_find_1stfragopt.patch | 55 ++++
...-use-consistent-conditional-judgement-for.patch | 38 +++
...86_64-and-arm64-elf_et_dyn_base-base-chan.patch | 60 ++++
...eue-fix-a-use-after-free-in-sys_mq_notify.patch | 50 +++
...-the-required-netlink-attributes-presence.patch | 36 +++
...-t-write-vnet-header-beyond-end-of-buffer.patch | 68 ++++
...et-fix-tp_reserve-race-in-packet_set_ring.patch | 46 +++
...everal-cases-where-a-padded-len-isn-t-che.patch | 206 ++++++++++++
.../sanitize-move_pages-permission-checks.patch | 71 +++++
...-iscsi_if_rx-doesn-t-parse-nlmsg-properly.patch | 55 ++++
...xxx-fix-an-integer-overflow-in-sysfs-code.patch | 58 ++++
...-out-of-bounds-reads-from-address-storage.patch | 184 +++++++++++
...alize-rcv_mss-to-tcp_min_mss-instead-of-0.patch | 35 ++
...p-consistently-apply-ufo-or-fragmentation.patch | 85 +++++
...-aty-do-not-leak-uninitialized-padding-in.patch | 30 ++
...k-don-t-leak-stack-data-via-response-ring.patch | 130 ++++++++
.../bugfix/all/xen-fix-bio-vec-merging.patch | 59 ++++
.../xfrm-policy-check-policy-direction-value.patch | 40 +++
...REALTIME_INODE-should-be-false-if-no-rt-d.patch | 67 ++++
...x-Make-sure-backup_handle-is-always-valid.patch | 60 ++++
...limit-the-number-of-mip-levels-in-vmw_gb_.patch | 38 +++
...don-t-allow-l2-to-access-the-hardware-cr8.patch | 34 ++
...vmx-do-not-bug-on-out-of-bounds-guest-irq.patch | 52 +++
.../kvm-x86-fix-singlestepping-over-syscall.patch | 125 ++++++++
debian/patches/series | 33 ++
35 files changed, 2887 insertions(+)
create mode 100644 debian/patches/bugfix/all/alsa-timer-fix-missing-queue-indices-reset-at.patch
create mode 100644 debian/patches/bugfix/all/alsa-timer-fix-race-between-read-and-ioctl.patch
create mode 100644 debian/patches/bugfix/all/binfmt_elf-use-elf_et_dyn_base-only-for-pie.patch
create mode 100644 debian/patches/bugfix/all/bluetooth-properly-check-l2cap-config-option-output-.patch
create mode 100644 debian/patches/bugfix/all/brcmfmac-fix-possible-buffer-overflow-in-brcmf_cfg80.patch
create mode 100644 debian/patches/bugfix/all/dentry-name-snapshots.patch
create mode 100644 debian/patches/bugfix/all/driver-core-platform-fix-race-condition-with-driver_.patch
create mode 100644 debian/patches/bugfix/all/drm-virtio-don-t-leak-bo-on-drm_gem_object_init-fail.patch
create mode 100644 debian/patches/bugfix/all/fs-exec.c-account-for-argv-envp-pointers.patch
create mode 100644 debian/patches/bugfix/all/ipv6-avoid-overflow-of-offset-in-ip6_find_1stfragopt.patch
create mode 100644 debian/patches/bugfix/all/ipv6-should-use-consistent-conditional-judgement-for.patch
create mode 100644 debian/patches/bugfix/all/mm-revert-x86_64-and-arm64-elf_et_dyn_base-base-chan.patch
create mode 100644 debian/patches/bugfix/all/mqueue-fix-a-use-after-free-in-sys_mq_notify.patch
create mode 100644 debian/patches/bugfix/all/nl80211-check-for-the-required-netlink-attributes-presence.patch
create mode 100644 debian/patches/bugfix/all/packet-don-t-write-vnet-header-beyond-end-of-buffer.patch
create mode 100644 debian/patches/bugfix/all/packet-fix-tp_reserve-race-in-packet_set_ring.patch
create mode 100644 debian/patches/bugfix/all/rxrpc-Fix-several-cases-where-a-padded-len-isn-t-che.patch
create mode 100644 debian/patches/bugfix/all/sanitize-move_pages-permission-checks.patch
create mode 100644 debian/patches/bugfix/all/scsi-fix-the-issue-that-iscsi_if_rx-doesn-t-parse-nlmsg-properly.patch
create mode 100644 debian/patches/bugfix/all/scsi-qla2xxx-fix-an-integer-overflow-in-sysfs-code.patch
create mode 100644 debian/patches/bugfix/all/sctp-Avoid-out-of-bounds-reads-from-address-storage.patch
create mode 100644 debian/patches/bugfix/all/tcp-initialize-rcv_mss-to-tcp_min_mss-instead-of-0.patch
create mode 100644 debian/patches/bugfix/all/udp-consistently-apply-ufo-or-fragmentation.patch
create mode 100644 debian/patches/bugfix/all/video-fbdev-aty-do-not-leak-uninitialized-padding-in.patch
create mode 100644 debian/patches/bugfix/all/xen-blkback-don-t-leak-stack-data-via-response-ring.patch
create mode 100644 debian/patches/bugfix/all/xen-fix-bio-vec-merging.patch
create mode 100644 debian/patches/bugfix/all/xfrm-policy-check-policy-direction-value.patch
create mode 100644 debian/patches/bugfix/all/xfs-XFS_IS_REALTIME_INODE-should-be-false-if-no-rt-d.patch
create mode 100644 debian/patches/bugfix/x86/drm-vmwgfx-Make-sure-backup_handle-is-always-valid.patch
create mode 100644 debian/patches/bugfix/x86/drm-vmwgfx-limit-the-number-of-mip-levels-in-vmw_gb_.patch
create mode 100644 debian/patches/bugfix/x86/kvm-nvmx-don-t-allow-l2-to-access-the-hardware-cr8.patch
create mode 100644 debian/patches/bugfix/x86/kvm-vmx-do-not-bug-on-out-of-bounds-guest-irq.patch
create mode 100644 debian/patches/bugfix/x86/kvm-x86-fix-singlestepping-over-syscall.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/kernel/linux.git
More information about the Kernel-svn-changes
mailing list