[Secure-testing-commits] r39532 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sun Feb 7 19:40:29 UTC 2016
Author: carnil
Date: 2016-02-07 19:40:29 +0000 (Sun, 07 Feb 2016)
New Revision: 39532
Modified:
data/CVE/list
Log:
Mark CVEs as fixed for linux/4.3.5-1 upload to unstable
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-02-07 10:33:36 UTC (rev 39531)
+++ data/CVE/list 2016-02-07 19:40:29 UTC (rev 39532)
@@ -530,7 +530,7 @@
RESERVED
CVE-2015-8787 [Missing NULL pointer check in nf_nat_redirect_ipv4]
RESERVED
- - linux <unfixed>
+ - linux 4.3.5-1
[jessie] - linux <not-affected> (Vulnerable code introduced in v3.19-rc1)
[wheezy] - linux <not-affected> (Vulnerable code introduced in v3.19-rc1)
- linux-2.6 <not-affected> (Vulnerable code introduced in v3.19-rc1)
@@ -557,7 +557,7 @@
TODO: confirm if squeeze is affected as well
CVE-2016-2070 [division by zero in TCP code]
RESERVED
- - linux <unfixed>
+ - linux 4.3.5-1
[jessie] - linux <not-affected> (Vulnerable code introduced later)
[wheezy] - linux <not-affected> (Vulnerable code introduced later)
- linux-2.6 <not-affected> (Vulnerable code introduced later)
@@ -655,7 +655,7 @@
CVE-2016-2069 [x86 Linux TLB flush bug]
RESERVED
{DLA-412-1}
- - linux <unfixed>
+ - linux 4.3.5-1
- linux-2.6 <removed>
NOTE: http://www.openwall.com/lists/oss-security/2016/01/25/1
NOTE: https://git.kernel.org/linus/71b3c126e61177eb693423f2e18a1914205b165e (v4.5-rc1)
@@ -4841,7 +4841,7 @@
CVE-2015-8785 [fuse: possible denial of service in fuse_fill_write_pages()]
RESERVED
{DLA-412-1}
- - linux <unfixed>
+ - linux 4.3.5-1
- linux-2.6 <removed>
NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3ca8138f014a913f98e6ef40e939868e1e9ea876 (v4.4-rc5)
NOTE: Introduced in: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ea9b9907b82a09bd1a708004454f7065de77c5b0 (v2.6.26-rc1)
@@ -64729,9 +64729,10 @@
CVE-2013-4312
RESERVED
{DSA-3448-1}
- - linux 4.3.3-6
+ - linux 4.3.5-1
- linux-2.6 <removed>
NOTE: https://git.kernel.org/linus/712f4aad406bb1ed67f3f98d04c044191f0ff593
+ NOTE: First patch for mitigation in 4.3.3-6, 4.3.5-1 adds a second bit required
CVE-2013-4311 (libvirt 1.0.5.x before 1.0.5.6, 0.10.2.x before 0.10.2.8, and 0.9.12.x ...)
- libvirt <unfixed> (unimportant)
NOTE: polkit support not activated in Debian build, will be fixed in point update
More information about the Secure-testing-commits
mailing list