[Secure-testing-commits] r40147 - in data: . CVE DSA
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu Mar 3 19:28:26 UTC 2016
Author: carnil
Date: 2016-03-03 19:28:26 +0000 (Thu, 03 Mar 2016)
New Revision: 40147
Modified:
data/CVE/list
data/DSA/list
data/dsa-needed.txt
Log:
Reserve DSA number for linux
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-03-03 16:16:46 UTC (rev 40146)
+++ data/CVE/list 2016-03-03 19:28:26 UTC (rev 40147)
@@ -814,6 +814,7 @@
RESERVED
CVE-2016-2550 [unix: correctly track in-flight fds in sending process user_struct]
RESERVED
+ {DSA-3503-1}
- linux <unfixed>
- linux-2.6 <removed>
NOTE: Upstream fix: https://git.kernel.org/linus/415e3d3e90ce9e18727e8843ae343eda5a58fad6 (v4.5-rc4)
@@ -822,36 +823,43 @@
NOTE: addressing CVE-2013-4312 was not applied.
CVE-2016-2549 [ALSA: hrtimer: Fix stall by hrtimer_cancel()]
RESERVED
+ {DSA-3503-1}
- linux 4.4.2-1
- linux-2.6 <removed>
NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2ba1fe7a06d3624f9a7586d672b55f08f7c670f3 (v4.5-rc1)
CVE-2016-2548
RESERVED
+ {DSA-3503-1}
- linux 4.4.2-1
- linux-2.6 <removed>
NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b5a663aa426f4884c71cd8580adae73f33570f0d (v4.5-rc1)
CVE-2016-2547
RESERVED
+ {DSA-3503-1}
- linux 4.4.2-1
- linux-2.6 <removed>
NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b5a663aa426f4884c71cd8580adae73f33570f0d (v4.5-rc1)
CVE-2016-2546 [ALSA: timer: Fix race among timer ioctls]
RESERVED
+ {DSA-3503-1}
- linux 4.4.2-1
- linux-2.6 <removed>
NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=af368027a49a751d6ff4ee9e3f9961f35bb4fede (v4.5-rc1)
CVE-2016-2545 [ALSA: timer: Fix double unlink of active_list]
RESERVED
+ {DSA-3503-1}
- linux 4.4.2-1
- linux-2.6 <removed>
NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee8413b01045c74340aa13ad5bdf905de32be736 (v4.5-rc1)
CVE-2016-2544 [ALSA: seq: Fix race at timer setup and close]
RESERVED
+ {DSA-3503-1}
- linux 4.4.2-1
- linux-2.6 <removed>
NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3567eb6af614dac436c4b16a8d426f9faed639b3 (v4.5-rc1)
CVE-2016-2543 [ALSA: seq: Fix missing NULL check at remove_events ioctl]
RESERVED
+ {DSA-3503-1}
- linux 4.4.2-1
- linux-2.6 <removed>
NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=030e2c78d3a91dd0d27fef37e91950dde333eba1 (v4.5-rc1)
@@ -1313,11 +1321,14 @@
NOTE: https://nodesecurity.io/advisories/66
NOTE: nodejs not covered by security support
CVE-2015-8830 [aio write triggers integer overflow in some network protocols]
+ RESERVED
- linux 4.1.3-1
+ [jessie] - linux 3.16.7-ckt20-1+deb8u4
[wheezy] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/4c185ce06dca14f5cea192f5a2c981ef50663f2b (v4.1-rc1)
CVE-2015-8816 [USB hub invalid memory access in hub_activate()]
RESERVED
+ {DSA-3503-1}
- linux 4.4.2-1
- linux-2.6 <removed>
NOTE: Fixed by: https://git.kernel.org/linus/e50293ef9775c5f1cf3fcc093037dd6a8c5684ea (v4.4-rc6)
@@ -1471,7 +1482,7 @@
NOTE: https://github.com/kamailio/kamailio/commit/f50c9c853e7809810099c970780c30b0765b0643
CVE-2016-2384 [Double-free in snd-usbmidi-lib triggered by invalid USB descriptor]
RESERVED
- {DLA-439-1}
+ {DSA-3503-1 DLA-439-1}
- linux 4.4.2-1
- linux-2.6 <removed>
NOTE: Fixed by: https://git.kernel.org/linus/07d86ca93db7e5cdf4743564d98292042ec21af7 (v4.5-rc4)
@@ -1792,7 +1803,7 @@
NOT-FOR-US: Umbraco
CVE-2015-8812 [Flaw in CXGB3 driver]
RESERVED
- {DLA-439-1}
+ {DSA-3503-1 DLA-439-1}
- linux 4.4.2-1
- linux-2.6 <removed>
NOTE: http://www.openwall.com/lists/oss-security/2016/02/11/1
@@ -2601,7 +2612,7 @@
RESERVED
CVE-2016-2069 [x86 Linux TLB flush bug]
RESERVED
- {DLA-412-1}
+ {DSA-3503-1 DLA-412-1}
- linux 4.3.5-1
- linux-2.6 <removed>
NOTE: http://www.openwall.com/lists/oss-security/2016/01/25/1
@@ -3988,6 +3999,7 @@
CVE-2015-8767 (net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not ...)
{DSA-3448-1 DLA-412-1}
- linux 4.3.1-1
+ [wheezy] - linux 3.2.73-2+deb7u3
- linux-2.6 <removed>
NOTE: https://git.kernel.org/linus/635682a14427d241bab7bbdeebb48a7d7b91638e (v4.3-rc4)
NOTE: http://www.openwall.com/lists/oss-security/2016/01/11/4
@@ -6518,6 +6530,7 @@
RESERVED
{DLA-439-1}
- linux 3.16.2-2
+ [wheezy] - linux 3.2.73-2+deb7u3
- linux-2.6 <removed>
NOTE: https://rhn.redhat.com/errata/RHSA-2016-0103.html
NOTE: The upstream fix for 3.16 was correct, but wheezy had a incomplete backport
@@ -6718,6 +6731,7 @@
CVE-2016-0723 (Race condition in the tty_ioctl function in drivers/tty/tty_io.c in ...)
{DSA-3448-1 DLA-412-1}
- linux 4.3.3-6
+ [wheezy] - linux 3.2.73-2+deb7u3
- linux-2.6 <removed>
NOTE: http://lkml.iu.edu/hypermail/linux/kernel/1511.3/03045.html
NOTE: https://git.kernel.org/linus/5c17c861a357e9458001f021a7afa7aab9937439 (v4.5-rc2)
@@ -6997,7 +7011,7 @@
- qemu <not-affected> (Issue specific to virtfs-proxy-helper in Gentoo installed suid)
NOTE: http://www.openwall.com/lists/oss-security/2015/12/14/5
CVE-2015-8785 (The fuse_fill_write_pages function in fs/fuse/file.c in the Linux ...)
- {DLA-412-1}
+ {DSA-3503-1 DLA-412-1}
- linux 4.3.5-1
- linux-2.6 <removed>
NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3ca8138f014a913f98e6ef40e939868e1e9ea876 (v4.4-rc5)
@@ -11591,6 +11605,7 @@
CVE-2015-7566 (The clie_5_attach function in drivers/usb/serial/visor.c in the Linux ...)
{DSA-3448-1 DLA-412-1}
- linux 4.3.3-6
+ [wheezy] - linux 3.2.73-2+deb7u3
- linux-2.6 <removed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283371 (not (yet) public)
NOTE: Proposed upstream patch: http://marc.info/?l=linux-usb&m=145260786729359&w=2
@@ -42777,6 +42792,7 @@
NOTE: environment.
CVE-2014-6276
RESERVED
+ {DSA-3502-1}
- roundup <unfixed>
NOTE: http://hg.code.sf.net/p/roundup/code/rev/a403c29ffaf9
CVE-2014-6275
@@ -67051,7 +67067,7 @@
- moodle 2.5.2-1
[squeeze] - moodle <not-affected>
CVE-2013-4312 (The Linux kernel before 4.4.1 allows local users to bypass ...)
- {DSA-3448-1}
+ {DSA-3503-1 DSA-3448-1}
- linux 4.3.5-1
- linux-2.6 <removed>
NOTE: https://git.kernel.org/linus/712f4aad406bb1ed67f3f98d04c044191f0ff593
Modified: data/DSA/list
===================================================================
--- data/DSA/list 2016-03-03 16:16:46 UTC (rev 40146)
+++ data/DSA/list 2016-03-03 19:28:26 UTC (rev 40147)
@@ -1,3 +1,7 @@
+[03 Mar 2016] DSA-3503-1 linux - security update
+ {CVE-2013-4312 CVE-2015-8785 CVE-2015-8812 CVE-2015-8816 CVE-2016-2069 CVE-2016-2384 CVE-2016-2543 CVE-2016-2544 CVE-2016-2545 CVE-2016-2546 CVE-2016-2547 CVE-2016-2548 CVE-2016-2549 CVE-2016-2550}
+ [wheezy] - linux 3.2.73-2+deb7u3
+ [jessie] - linux 3.16.7-ckt20-1+deb8u4
[03 Mar 2016] DSA-3502-1 roundup - security update
{CVE-2014-6276}
[wheezy] - roundup 1.4.20-1.1+deb7u1
Modified: data/dsa-needed.txt
===================================================================
--- data/dsa-needed.txt 2016-03-03 16:16:46 UTC (rev 40146)
+++ data/dsa-needed.txt 2016-03-03 19:28:26 UTC (rev 40147)
@@ -52,7 +52,7 @@
--
libsndfile (Guido Günther)
--
-linux (carnil)
+linux
Wait until more severe issues have accumulated
--
mediawiki/oldstable
More information about the Secure-testing-commits
mailing list