[Secure-testing-commits] r44369 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Tue Sep 6 13:50:50 UTC 2016
Author: carnil
Date: 2016-09-06 13:50:50 +0000 (Tue, 06 Sep 2016)
New Revision: 44369
Modified:
data/CVE/list
Log:
Expand comments for CVE-2016-2188/linux explaining why it's not yet fixed with the 4.5.1-1 included commit
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-09-06 12:51:11 UTC (rev 44368)
+++ data/CVE/list 2016-09-06 13:50:50 UTC (rev 44369)
@@ -15825,7 +15825,7 @@
CVE-2016-2189
REJECTED
CVE-2016-2188 (The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the ...)
- - linux 4.5.1-1
+ - linux <unfixed>
[jessie] - linux <no-dsa> (Minor issue)
[wheezy] - linux <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1317018
@@ -15833,6 +15833,9 @@
NOTE: http://seclists.org/bugtraq/2016/Mar/87
NOTE: http://marc.info/?l=linux-usb&m=145796659429788&w=2
NOTE: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4ec0ef3a82125efc36173062a50624550a900ae0
+ NOTE: From kernel-sec triaging: the above commits only handles the case where there
+ NOTE: are zero endpoints, but not the case where there are some endpoints but none of the expected type.
+ NOTE: So this is not really fixed anywhere yet.
CVE-2016-2187 (The gtco_probe function in drivers/input/tablet/gtco.c in the Linux ...)
{DSA-3607-1 DLA-516-1}
- linux 4.5.2-1
More information about the Secure-testing-commits
mailing list