[Secure-testing-commits] r48457 - data/CVE

Fri Jan 27 20:44:46 UTC 2017

Author: carnil
Date: 2017-01-27 20:44:46 +0000 (Fri, 27 Jan 2017)
New Revision: 48457

Modified:
   data/CVE/list
Log:
Record fixed version for linux in unstable

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2017-01-27 20:23:26 UTC (rev 48456)
+++ data/CVE/list	2017-01-27 20:44:46 UTC (rev 48457)
@@ -123,14 +123,14 @@
 	TODO: check affected versions
 CVE-2017-5577 [drm/vc4: Return -EINVAL on the overflow checks failing]
 	RESERVED
-	- linux <unfixed>
+	- linux 4.9.6-1
 	[jessie] - linux <not-affected> (Vulnerable code introduced later)
 	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
 	NOTE: https://lkml.org/lkml/2017/1/17/759
 	NOTE: Introduced by: https://github.com/torvalds/linux/commit/d5b1a78a772f1e31a94f8babfa964152ec5e9aa5 (4.5-rc1)
 CVE-2017-5576 [drm/vc4: Fix an integer overflow in temporary allocation layout]
 	RESERVED
-	- linux <unfixed>
+	- linux 4.9.6-1
 	[jessie] - linux <not-affected> (Vulnerable code introduced later)
 	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
 	NOTE: https://lkml.org/lkml/2017/1/17/761
@@ -286,7 +286,7 @@
 	NOTE: Fixed by: https://git.kernel.org/linus/06deeec77a5a689cc94b21a8a91a76e42176685d (v4.10-rc1)
 CVE-2016-10153 [libceph: introduce ceph_crypt() for in-place en/decryption]
 	RESERVED
-	- linux <unfixed>
+	- linux 4.9.6-1
 	[jessie] - linux <not-affected> (Introduced in 4.9 in combination with VMAP_STACK)
 	[wheezy] - linux <not-affected> (Introduced in 4.9 in combination with VMAP_STACK)
 	NOTE: Fixed by: https://git.kernel.org/linus/a45f795c65b479b4ba107b6ccde29b896d51ee98 (v4.10-rc1)
@@ -329,31 +329,31 @@
 	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=33243031dad02d161225ba99d782616da133f689
 CVE-2017-5551 [sgid bit not cleared on tmpfs]
 	RESERVED
-	- linux <unfixed>
+	- linux 4.9.6-1
 	NOTE: Fixed by: https://git.kernel.org/linus/497de07d89c1410d76a15bec2bb41f24a2a89f31 (4.10-rc4)
 CVE-2017-5550 [fix a fencepost error in pipe_advance()]
 	RESERVED
-	- linux <unfixed>
+	- linux 4.9.6-1
 	NOTE: Fixed by: https://git.kernel.org/linus/b9dc6f65bc5e232d1c05fe34b5daadc7e8bbf1fb (4.10-rc4)
 CVE-2017-5549 [USB: serial: kl5kusb105: fix line-state error handling]
 	RESERVED
-	- linux <unfixed>
+	- linux 4.9.6-1
 	NOTE: Fixed by: https://git.kernel.org/linus/146cc8a17a3b4996f6805ee5c080e7101277c410 (4.10-rc4)
 CVE-2017-5548 [ieee802154: atusb: do not use the stack for buffers to make them DMA able]
 	RESERVED
-	- linux <unfixed>
+	- linux 4.9.6-1
 	[jessie] - linux <not-affected> (Introduced in 4.9 in combination with VMAP_STACK)
 	[wheezy] - linux <not-affected> (Introduced in 4.9 in combination with VMAP_STACK)
 	NOTE: Fixed by: https://git.kernel.org/linus/05a974efa4bdf6e2a150e3f27dc6fcf0a9ad5655
 CVE-2017-5547 [HID: corsair: fix DMA buffers on stack]
 	RESERVED
-	- linux <unfixed>
+	- linux 4.9.6-1
 	[jessie] - linux <not-affected> (Vulnerable code introduced in v4.4-rc1)
 	[wheezy] - linux <not-affected> (Vulnerable code introduced in v4.4-rc1)
 	NOTE: Fixed by: https://git.kernel.org/linus/6d104af38b570d37aa32a5803b04c354f8ed513d
 CVE-2017-5546 [mm/slab.c: fix SLAB freelist randomization duplicate entries]
 	RESERVED
-	- linux <unfixed>
+	- linux 4.9.6-1
 	[jessie] - linux <not-affected> (freelist randomisation introduced in 4.7)
 	[wheezy] - linux <not-affected> (freelist randomisation introduced in 4.7)
 	NOTE: Fixed by: https://git.kernel.org/linus/c4e490cf148e85ead0d1b1c2caaba833f1d5b29f (v4.10-rc4)
@@ -8107,13 +8107,13 @@
 CVE-2017-2585
 	RESERVED
 CVE-2017-2584 (arch/x86/kvm/emulate.c in the Linux kernel through 4.9.3 allows local ...)
-	- linux <unfixed>
+	- linux 4.9.6-1
 	[wheezy] - linux <not-affected> (Vulnerable code introduced in 3.6-rc1)
 	NOTE: Upstream patch: https://www.spinics.net/lists/kvm/msg143571.html
 	NOTE: Fixed by: https://git.kernel.org/linus/129a72a0d3c8e139a04512325384fe5ac119e74d
 CVE-2017-2583
 	RESERVED
-	- linux <unfixed>
+	- linux 4.9.6-1
 	[wheezy] - linux <not-affected> (Vulnerable code introduced in 3.6-rc1)
 	NOTE: Fixed by: https://git.kernel.org/linus/33ab91103b3415e12457e3104f0e4517ce12d0f3
 CVE-2017-2582
@@ -14807,7 +14807,7 @@
 	NOTE: https://git.enlightenment.org/apps/terminology.git/commit/?id=b80bedc7c21ecffe99d8d142930db696eebdd6a5
 	NOTE: http://www.openwall.com/lists/oss-security/2016/11/04/12
 CVE-2016-9191 (The cgroup offline implementation in the Linux kernel through 4.8.11 ...)
-	- linux <unfixed>
+	- linux 4.9.6-1
 	[wheezy] - linux <not-affected> (Vulnerable code introduced in 3.11-rc1)
 	NOTE: Fixed by: https://git.kernel.org/linus/93362fa47fe98b62e4a34ab408c4a418432e7939 (v4.10-rc4)
 	NOTE: Introduced by: https://git.kernel.org/linus/f0c3b5093addc8bfe9fe3a5b01acb7ec7969eafa (v3.11-rc1)
@@ -17241,7 +17241,7 @@
 CVE-2016-8406 (An information disclosure vulnerability in kernel components including ...)
 	- linux <undetermined>
 CVE-2016-8405 (An information disclosure vulnerability in kernel components including ...)
-	- linux <unfixed>
+	- linux 4.9.6-1
 	NOTE: Fixed by: https://git.kernel.org/linus/2dc705a9930b4806250fbf5a76e55266e59389f2
 CVE-2016-8404 (An information disclosure vulnerability in kernel components including ...)
 	- linux <undetermined>


