[Secure-testing-commits] r56499 - data/CVE

[Moritz Muehlenhoff]

Author: jmm
Date: 2017-10-07 17:01:57 +0000 (Sat, 07 Oct 2017)
New Revision: 56499

Modified:
   data/CVE/list
Log:
one more linux issue fixed in stretch
one linux issue ignored for stretch


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-10-07 15:08:45 UTC (rev 56498)
+++ data/CVE/list	2017-10-07 17:01:57 UTC (rev 56499)
@@ -12546,6 +12546,7 @@
 	NOTE: Fixed by (master): http://git.qemu.org/?p=qemu.git;a=commitdiff;h=041e32b8d9d076980b4e35317c0339e57ab888f1
 CVE-2017-10663 (The sanity_check_ckpt function in fs/f2fs/super.c in the Linux kernel ...)
 	- linux 4.12.6-1
+	[stretch] - linux 4.9.51-1
 	[wheezy] - linux <not-affected> (Vulnerable code not present)
 	NOTE: Fixed by: https://git.kernel.org/linus/15d3042a937c13f5d9244241c7a9c8416ff6e82a (v4.13-rc1)
 CVE-2017-10662 (The sanity_check_raw_super function in fs/f2fs/super.c in the Linux ...)
@@ -46069,7 +46070,7 @@
 	NOTE: Introduced by: htttps://git.kernel.org/linus/bf5a755f5e9186406bbf50f4087100af5bd68e40
 	NOTE: http://www.openwall.com/lists/oss-security/2016/10/13/11
 CVE-2016-8660 (The XFS subsystem in the Linux kernel through 4.8.2 allows local users ...)
-	- linux <unfixed>
+	- linux <unfixed> (low)
 	[jessie] - linux <not-affected> (Vulnerable code not present)
 	[wheezy] - linux <not-affected> (Vulnerable code not present)
 CVE-2016-8659 (Bubblewrap before 0.1.3 sets the PR_SET_DUMPABLE flag, which might ...)
@@ -72475,6 +72476,7 @@
 	NOTE: http://xenbits.xen.org/xsa/advisory-164.html
 CVE-2015-8553 (Xen allows guest OS users to obtain sensitive information from ...)
 	- linux <unfixed>
+	[stretch] - linux <ignored> (Intrusive; breaks qemu as used in Jessie; cf. kernel-sec for more details)
 	[jessie] - linux <ignored> (Intrusive; breaks qemu as used in Jessie; cf. kernel-sec for more details)
 	[wheezy] - linux <ignored> (Intrusive; breaks qemu as used in Wheezy; cf. kernel-sec for more details)
 	- linux-2.6 <removed>