[Secure-testing-commits] r49681 - data/CVE

Ben Hutchings benh at moszumanska.debian.org
Tue Mar 14 17:52:26 UTC 2017 

Author: benh
Date: 2017-03-14 17:52:26 +0000 (Tue, 14 Mar 2017)
New Revision: 49681

Modified:
   data/CVE/list
Log:
Triage some linux issues for wheezy

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-03-14 16:33:33 UTC (rev 49680)
+++ data/CVE/list	2017-03-14 17:52:26 UTC (rev 49681)
@@ -25279,6 +25279,7 @@
 	NOTE: Fixed by: https://git.kernel.org/linus/951b6a0717db97ce420547222647bcc40bf1eacd (4.2-rc1)
 CVE-2015-8955 (arch/arm64/kernel/perf_event.c in the Linux kernel before 4.1 on arm64 ...)
 	- linux 4.1.3-1
+	[wheezy] - linux <not-affected> (Vulnerable code not present; arm64 introduced in 3.7)
 	[jessie] - linux 3.16.39-1
 	NOTE: Fixed by: https://git.kernel.org/linus/8fff105e13041e49b82f92eef034f363a6b1c071 (4.1-rc1)
 CVE-2016-10057
@@ -26516,6 +26517,7 @@
 	NOT-FOR-US: Synaptics driver for Android
 CVE-2015-8950 (arch/arm64/mm/dma-mapping.c in the Linux kernel before 4.0.3, as used ...)
 	- linux 4.0.4-1
+	[wheezy] - linux <not-affected> (Vulnerable code not present; arm64 introduced in 3.7)
 	[jessie] - linux 3.16.7-ckt17-1
 	NOTE: Fixed by: https://git.kernel.org/linus/6829e274a623187c24f7cfc0e3d35f25d087fcc5 (4.1-rc2)
 CVE-2016-10051 [Double free]
@@ -28707,6 +28709,7 @@
 	NOTE: libv8 is not covered by security support
 CVE-2016-6213 (fs/namespace.c in the Linux kernel before 4.9 does not restrict how ...)
 	- linux 4.8.11-1
+	[wheezy] - linux <no-dsa> (Only exploitable by privileged user; too many changes to backport)
 	NOTE: https://lkml.org/lkml/2016/8/28/269
 	NOTE: Fixed by: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d29216842a85c7970c536108e093963f02714498
 CVE-2016-6186 (Cross-site scripting (XSS) vulnerability in the ...)
@@ -51245,6 +51248,7 @@
 	NOTE: http://xenbits.xen.org/xsa/advisory-145.html
 CVE-2013-7445 (The Direct Rendering Manager (DRM) subsystem in the Linux kernel ...)
 	- linux <unfixed>
+	[wheezy] - linux <no-dsa> (Minor issue, requires invasive changes)
 	[jessie] - linux <no-dsa> (Minor issue, requires invasive changes)
 	- linux-2.6 <removed>
 	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=60533

More information about the Secure-testing-commits mailing list