* [cip-dev] [Git][cip-project/cip-kernel/cip-kernel-sec][master] 3 commits: Import more data
@ 2019-02-11 22:05 Ben Hutchings
0 siblings, 0 replies; 2+ messages in thread
From: Ben Hutchings @ 2019-02-11 22:05 UTC (permalink / raw)
To: cip-dev
Ben Hutchings pushed to branch master at cip-project / cip-kernel / cip-kernel-sec
Commits:
75376d99 by Ben Hutchings at 2019-02-11T20:47:33Z
Import more data
- - - - -
5c5b5306 by Ben Hutchings at 2019-02-11T22:04:23Z
Record introduced-by commits for several issues
- - - - -
6ed13434 by Ben Hutchings at 2019-02-11T22:04:41Z
Record fixes for CVE-2018-3620 and CVE-2018-16885
- - - - -
27 changed files:
- issues/CVE-2017-18249.yml
- issues/CVE-2017-5967.yml
- issues/CVE-2017-9725.yml
- issues/CVE-2018-10876.yml
- issues/CVE-2018-10877.yml
- issues/CVE-2018-10878.yml
- issues/CVE-2018-10879.yml
- issues/CVE-2018-10880.yml
- issues/CVE-2018-10882.yml
- issues/CVE-2018-10883.yml
- issues/CVE-2018-14616.yml
- issues/CVE-2018-14625.yml
- issues/CVE-2018-16882.yml
- issues/CVE-2018-16885.yml
- issues/CVE-2018-17972.yml
- issues/CVE-2018-18281.yml
- issues/CVE-2018-19407.yml
- issues/CVE-2018-19824.yml
- issues/CVE-2018-19854.yml
- issues/CVE-2018-20169.yml
- issues/CVE-2018-20669.yml
- issues/CVE-2018-3620.yml
- issues/CVE-2018-5391.yml
- + issues/CVE-2019-6974.yml
- + issues/CVE-2019-7221.yml
- + issues/CVE-2019-7222.yml
- issues/CVE-2019-7308.yml
Changes:
=====================================
issues/CVE-2017-18249.yml
=====================================
@@ -5,6 +5,8 @@ references:
- https://github.com/torvalds/linux/commit/30a61ddf8117c26ac5b295e1233eaa9629a94ca3
comments:
Debian-bwh: So far I've failed to backport this even to 4.9.
+introduced-by:
+ mainline: [e05df3b115e7308afbca652769b54e4549fcc723]
fixed-by:
linux-4.4.y: [a4f4f97573bfb057bbc30696d803cc37ed629d02]
linux-4.9.y: [cb9b1d4ec206702a4df1cb42ba8142f39acfdd91]
=====================================
issues/CVE-2017-5967.yml
=====================================
@@ -14,6 +14,9 @@ comments:
acceptable for stable branches, other than possibly 4.9. We
could instead prevent processes outside the initial pid
namespace from opening the file.
+ Although MITRE's description only refers to /proc/timer_list,
+ /proc/timer_stats also exposes pids if CONFIG_TIMER_STATS is
+ enabled.
Ubuntu-jdstrand: |-
android kernels (flo, goldfish, grouper, maguro, mako and manta) are
not supported on the Ubuntu Touch 14.10 and earlier preview kernels
=====================================
issues/CVE-2017-9725.yml
=====================================
@@ -2,5 +2,7 @@ description: 'mm: cma: fix incorrect type conversion for size during dma allocat
references:
- https://bugzilla.redhat.com/show_bug.cgi?id=1489088
- https://source.android.com/security/bulletin/2017-09-01
+introduced-by:
+ mainline: [c64be2bb1c6eb43c838b2c6d57b074078be208dd]
fixed-by:
mainline: [67a2e213e7e937c41c52ab5bc46bf3f4de469f6e]
=====================================
issues/CVE-2018-10876.yml
=====================================
@@ -12,6 +12,7 @@ references:
- https://usn.ubuntu.com/usn/usn-3871-1
- https://usn.ubuntu.com/usn/usn-3871-3
- https://usn.ubuntu.com/usn/usn-3871-4
+- https://usn.ubuntu.com/usn/usn-3871-5
comments:
Ubuntu-sbeattie: |-
fs/ext4/balloc.c
=====================================
issues/CVE-2018-10877.yml
=====================================
@@ -13,6 +13,7 @@ references:
- https://usn.ubuntu.com/usn/usn-3871-1
- https://usn.ubuntu.com/usn/usn-3871-3
- https://usn.ubuntu.com/usn/usn-3871-4
+- https://usn.ubuntu.com/usn/usn-3871-5
comments:
Ubuntu-sbeattie: |-
possible reproducer in bug report
=====================================
issues/CVE-2018-10878.yml
=====================================
@@ -15,6 +15,7 @@ references:
- https://usn.ubuntu.com/usn/usn-3871-1
- https://usn.ubuntu.com/usn/usn-3871-3
- https://usn.ubuntu.com/usn/usn-3871-4
+- https://usn.ubuntu.com/usn/usn-3871-5
comments:
Ubuntu-sbeattie: reproducer in bug report
reporters:
=====================================
issues/CVE-2018-10879.yml
=====================================
@@ -15,6 +15,7 @@ references:
- https://usn.ubuntu.com/usn/usn-3871-1
- https://usn.ubuntu.com/usn/usn-3871-3
- https://usn.ubuntu.com/usn/usn-3871-4
+- https://usn.ubuntu.com/usn/usn-3871-5
comments:
Ubuntu-sbeattie: |-
possible reproducer in kernel bug report
=====================================
issues/CVE-2018-10880.yml
=====================================
@@ -12,6 +12,7 @@ references:
- https://usn.ubuntu.com/usn/usn-3871-1
- https://usn.ubuntu.com/usn/usn-3871-3
- https://usn.ubuntu.com/usn/usn-3871-4
+- https://usn.ubuntu.com/usn/usn-3871-5
comments:
Ubuntu-sbeattie: |-
possible reproducer in bug report
=====================================
issues/CVE-2018-10882.yml
=====================================
@@ -11,6 +11,7 @@ references:
- https://usn.ubuntu.com/usn/usn-3871-1
- https://usn.ubuntu.com/usn/usn-3871-3
- https://usn.ubuntu.com/usn/usn-3871-4
+- https://usn.ubuntu.com/usn/usn-3871-5
comments:
Ubuntu-sbeattie: possible reproducer in bug report
reporters:
=====================================
issues/CVE-2018-10883.yml
=====================================
@@ -13,6 +13,7 @@ references:
- https://usn.ubuntu.com/usn/usn-3871-4
- https://usn.ubuntu.com/usn/usn-3879-1
- https://usn.ubuntu.com/usn/usn-3879-2
+- https://usn.ubuntu.com/usn/usn-3871-5
comments:
Debian-carnil: |-
Upstream 4.9.x series did only contain the first part in
=====================================
issues/CVE-2018-14616.yml
=====================================
@@ -12,6 +12,8 @@ comments:
not the default filesystem and it is not widely used in Ubuntu
reporters:
- Wen Xu
+introduced-by:
+ mainline: [57e5055b0a5e33267b8be366ee52ce5cdc239bc7]
fixed-by:
linux-4.14.y: [38fce19d4d7bc8acfa183ee2918758d279a69c9a]
linux-4.4.y: [4901e126b6e1677c90d3c0a668193e52ecdd4971]
=====================================
issues/CVE-2018-14625.yml
=====================================
@@ -9,6 +9,8 @@ references:
- https://usn.ubuntu.com/usn/usn-3871-3
- https://usn.ubuntu.com/usn/usn-3871-4
- https://usn.ubuntu.com/usn/usn-3878-1
+- https://usn.ubuntu.com/usn/usn-3871-5
+- https://usn.ubuntu.com/usn/usn-3878-2
comments:
bwh: |-
I'm not certain when this was introduced but the earliest possible
=====================================
issues/CVE-2018-16882.yml
=====================================
@@ -16,6 +16,8 @@ references:
- https://usn.ubuntu.com/usn/usn-3871-3
- https://usn.ubuntu.com/usn/usn-3871-4
- https://usn.ubuntu.com/usn/usn-3878-1
+- https://usn.ubuntu.com/usn/usn-3871-5
+- https://usn.ubuntu.com/usn/usn-3878-2
comments:
Debian-carnil: |-
Commit fixes 5e2f30b756a37 "KVM: nVMX: get rid of nested_get_page()"
=====================================
issues/CVE-2018-16885.yml
=====================================
@@ -15,4 +15,5 @@ comments:
reporters:
- Paolo Abeni
fixed-by:
- mainline: [21226abb4e9f14d88238964d89b279e461ddc30c]
+ linux-3.16.y: [874c613a476d6a283ce418290c4472a07dadadf6]
+ mainline: [06ebb06d49486676272a3c030bfeef4bd969a8e6]
=====================================
issues/CVE-2018-17972.yml
=====================================
@@ -13,6 +13,7 @@ references:
- https://usn.ubuntu.com/usn/usn-3871-4
- https://usn.ubuntu.com/usn/usn-3880-1
- https://usn.ubuntu.com/usn/usn-3880-2
+- https://usn.ubuntu.com/usn/usn-3871-5
reporters:
- Jann Horn
introduced-by:
=====================================
issues/CVE-2018-18281.yml
=====================================
@@ -11,6 +11,7 @@ references:
- https://usn.ubuntu.com/usn/usn-3871-4
- https://usn.ubuntu.com/usn/usn-3880-1
- https://usn.ubuntu.com/usn/usn-3880-2
+- https://usn.ubuntu.com/usn/usn-3871-5
reporters:
- Jann Horn
introduced-by:
=====================================
issues/CVE-2018-19407.yml
=====================================
@@ -10,6 +10,8 @@ references:
- https://usn.ubuntu.com/usn/usn-3878-1
- https://usn.ubuntu.com/usn/usn-3879-1
- https://usn.ubuntu.com/usn/usn-3879-2
+- https://usn.ubuntu.com/usn/usn-3871-5
+- https://usn.ubuntu.com/usn/usn-3878-2
comments:
Debian-bwh: |-
I'm fairly sure this is impossible before commit 5c919412fe61
=====================================
issues/CVE-2018-19824.yml
=====================================
@@ -14,6 +14,7 @@ reporters:
introduced-by:
mainline: [362e4e49abe53e89d87455dfcd7c1bbaf08a839d]
fixed-by:
+ linux-3.16.y: [1c38b9d9e74a24a8ed9089429031f6d7721b6df0]
linux-4.14.y: [19f74e45746253cafb8cb1e773041e7cadbac622]
linux-4.19.y: [a7e719ace75e4451b7958cb73cbc12c627760007]
linux-4.4.y: [82fa3e95432f95254fd07556c55b1018145e1439]
=====================================
issues/CVE-2018-19854.yml
=====================================
@@ -11,6 +11,7 @@ references:
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f43f39958beb206b53292801e216d9b8a660f087
- https://usn.ubuntu.com/usn/usn-3872-1
- https://usn.ubuntu.com/usn/usn-3878-1
+- https://usn.ubuntu.com/usn/usn-3878-2
comments:
Debian-carnil: |-
Regreession from CVE-2013-2547 and commit fixes 4473710df1f8
=====================================
issues/CVE-2018-20169.yml
=====================================
@@ -17,6 +17,7 @@ reporters:
introduced-by:
mainline: [1da177e4c3f41524e886b7f1b8a0c1fc7321cac2]
fixed-by:
+ linux-3.16.y: [f8860a91d7538022c1c3f0bdddeec9a9d83e0c09]
linux-4.14.y: [7b6e85da8d94948201abb8d576d485892a6a878f]
linux-4.19.y: [1b2e742bf7230ce04cda5b7348f922174bef2d7a]
linux-4.4.y: [c380600bf71c35dc23aa0c3628a1013ec10cb349]
=====================================
issues/CVE-2018-20669.yml
=====================================
@@ -2,11 +2,14 @@ description: Missing access_ok() checks in IOCTL function (gpu/drm/i915 Driver)
references:
- https://www.openwall.com/lists/oss-security/2019/01/23/6
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20669
+- https://www.openwall.com/lists/oss-security/2019/02/07/1
comments:
Ubuntu-tyhicks: |-
Only the i915_gem_execbuffer2_ioctl() changes are technically needed
for this CVE. It would be ideal to audit the callers of the other changed
functions in the fix commit.
+ This CVE is being disputed. See the oss-security emails on
+ 2019-02-07 for details.
introduced-by:
mainline: [2889caa9232109afc8881f29a2205abeb5709d0c]
fixed-by:
=====================================
issues/CVE-2018-3620.yml
=====================================
@@ -37,6 +37,20 @@ comments:
reporters:
- Researchers from Intel
fixed-by:
+ linux-3.16.y: [10855c7f42392ba42dcd0a934b3f99d0bd1eea31, 3e2303b14e5560ef760b7934a8c4c9ad1cdf246f,
+ 5fe3e72fa4229fa457d6a6a31d104aff23edd8bd, a21dcddca6930a1edb043712e8562365ccf96dba,
+ 251377474f8c66ec70e5b3883fee13db791e21a4, 299147ddcbd447d97e80088d05aff0fa62af34c2,
+ 74a430116636754bf42e7ab08fdd9629bd00ffc1, cf957b8f323ad8237f5c685eea8415a3086b1d33,
+ f168a77cc3d6289f9ac07b381f0ab5c3b0d8b6db, 90ff407c74170af5be4ccf02baa1ee89fef36976,
+ d6d4b0323639065a2360b50392aa05ba3fdd5dff, c11f6523a7298a7e0b1a2b767e292a69639b997d,
+ c11f6523a7298a7e0b1a2b767e292a69639b997d, b3dc998f1ca71c91f0b0e077a360405f0550a511,
+ 13948a9f275c7d945589737c6f29241b97930630, 9c8c0995084eb87c0f634a16d4a05406f3d3a16f,
+ 308ad2888759478ed11dc989e8538c621046b811, e2ec50b1272c238735ebf48a25020676818aef79,
+ df54183ac4eccbbae95afedf7ed1643ac46ac88a, f168a77cc3d6289f9ac07b381f0ab5c3b0d8b6db,
+ 7076c25fd00163ce2189a88a31877cc1376b0be5, 6097e7f43a8b9109626e3ffef3e280119febb2f9,
+ 1fb3a36c0e333e2810c9aa4715c0e2080dad5a19, 9c8c0995084eb87c0f634a16d4a05406f3d3a16f,
+ 308ad2888759478ed11dc989e8538c621046b811, e2ec50b1272c238735ebf48a25020676818aef79,
+ b579b8f2128ee2b9e9393b6a18297bb79080ef34, 2dd5705f361a1335f067e56f69a3994fcf9e98f4]
linux-4.14.y: [aefe1861bc156102ac5d5be18cf781a76537c119, 39991a7aa8d527164a87f90bb18b07b2699ed7d0,
83ef7e8c0cb72510588ee8b96f5cf30c1ecd9270, 8c35b2fcbe6a86be93aa7cb9c4842e3c70b77620,
aff6fe17f52815e6ebdbf82b69f3edf669808eb6, 3d98de691c013ea4e60360db93b885fe9db15c37,
=====================================
issues/CVE-2018-5391.yml
=====================================
@@ -54,6 +54,10 @@ fixed-by:
37c7cc80b1d7de36a6ed54796ae30ee091d05eab, 6b921536f1707a240e6f53843f1f26231016fda5,
04b28f406e86512a3592664553b5e17efe663ece, c91f27fb571666a176e1446646726f78d4657ddb,
b3a0c61b73699b3764a6568e85c67f599158c541, 08fb833b40e361ce927c64d40e348af96996d9eb]
+ linux-4.4.y: [ef0f963de1d2c5bc99d3d6ace3dd44a7d6002717, 26cfea3c1d041d08edacae291565f295553e15ce,
+ 3f78a3f45e79ca378cb850a598e4c76633710e92, 5f2d68b6b5a439c3223d8fa6ba20736f91fc58d8,
+ acd00a0692072b374afee4b6f38c1eb1c6cf6f4a, 2039bd8669f4ecefca163f0c9d8c5f5f6a4c8610,
+ 2822475e70db5a4b46de88a5b66eb2aceb3734af, cb5fd4aa24b57206548d5940dc359f0b181a2688]
linux-4.9.y: [7fca77153c5c2a2c59e70720332bce7088aef8e8, 2ffb1c363dfa89858dded0b291f005faf1b72adc,
bbf6d8604475f36279c7b2d9a1f425654bc24588, dae73e7d73fce8d8d5132ec3c94de16280653fc6,
1b363f81f38f28bd69ec90837da0f65161f36325, 620018dd713da51daac7ec4cd0ae54b0f0fa0f75,
=====================================
issues/CVE-2019-6974.yml
=====================================
@@ -0,0 +1,10 @@
+description: |-
+ kvm: fix kvm_ioctl_create_device() reference counting
+ https://bugzilla.redhat.com/show_bug.cgi?id=1671913
+ https://git.kernel.org/pub/scm/virt/kvm/kvm.git/commit/?id=cfa39381173d5f969daf43582c95ad679189cbc9
+comments:
+ Debian-carnil: 'Commit fixes 852b6d57dc7f ("kvm: add device control API") (3.10-rc1)'
+introduced-by:
+ mainline: [852b6d57dc7fa378019786fa84727036e56839ea]
+fixed-by:
+ mainline: [cfa39381173d5f969daf43582c95ad679189cbc9]
=====================================
issues/CVE-2019-7221.yml
=====================================
@@ -0,0 +1,8 @@
+description: 'KVM: nVMX: unconditionally cancel preemption timer in free_nested'
+references:
+- https://git.kernel.org/pub/scm/virt/kvm/kvm.git/commit/?id=ecec76885bcfe3294685dc363fd1273df0d5d65f
+- https://bugzilla.redhat.com/show_bug.cgi?id=1671904
+introduced-by:
+ mainline: [f4124500c2c13eb1208c6143b3f6d469709dea10]
+fixed-by:
+ mainline: [ecec76885bcfe3294685dc363fd1273df0d5d65f]
=====================================
issues/CVE-2019-7222.yml
=====================================
@@ -0,0 +1,8 @@
+description: 'KVM: x86: work around leak of uninitialized stack contents'
+references:
+- https://git.kernel.org/pub/scm/virt/kvm/kvm.git/commit/?id=353c0956a618a07ba4bbe7ad00ff29fe70e8412a
+- https://bugzilla.redhat.com/show_bug.cgi?id=1671930
+introduced-by:
+ mainline: [27d6c865211662721e6cf305706e4a3da35f12b4]
+fixed-by:
+ mainline: [353c0956a618a07ba4bbe7ad00ff29fe70e8412a]
=====================================
issues/CVE-2019-7308.yml
=====================================
@@ -18,6 +18,8 @@ comments:
the kernel lockdown feature which blocks BPF program loading.
reporters:
- Jann Horn
+introduced-by:
+ mainline: [1be7f75d1668d6296b80bf35dcf6762393530afc]
fixed-by:
linux-4.19.y: [f92a819b4cbef8c9527d9797110544b2055a4b96]
linux-4.20.y: [078da99d449f64ca04d459cdbdcce513b64173cd]
View it on GitLab: https://gitlab.com/cip-project/cip-kernel/cip-kernel-sec/compare/2673ace439e64574f09d38e7fcd8e87b2b673ce5...6ed13434893858c8af2b7799a8ff451d68b4e9f4
--
View it on GitLab: https://gitlab.com/cip-project/cip-kernel/cip-kernel-sec/compare/2673ace439e64574f09d38e7fcd8e87b2b673ce5...6ed13434893858c8af2b7799a8ff451d68b4e9f4
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cip-project.org/pipermail/cip-dev/attachments/20190211/4375aaad/attachment-0001.html>
^ permalink raw reply [flat|nested] 2+ messages in thread
* [cip-dev] [Git][cip-project/cip-kernel/cip-kernel-sec][master] 3 commits: Import more data
@ 2019-08-14 18:23 Ben Hutchings
0 siblings, 0 replies; 2+ messages in thread
From: Ben Hutchings @ 2019-08-14 18:23 UTC (permalink / raw)
To: cip-dev
Ben Hutchings pushed to branch master at cip-project / cip-kernel / cip-kernel-sec
Commits:
d2f70487 by Ben Hutchings at 2019-08-06T15:53:33Z
Import more data
Signed-off-by: Ben Hutchings <ben.hutchings at codethink.co.uk>
- - - - -
8747b6a7 by Ben Hutchings at 2019-08-06T16:12:50Z
Fill in status for linux-4.4.y-cip-rt for two issues
I missed these two when adding the -rt branches.
Fixes: 71a5163608b3 ("Add linux-4.{4,19}.y-cip-rt branches to ...")
Signed-off-by: Ben Hutchings <ben.hutchings at codethink.co.uk>
- - - - -
58c58863 by Ben Hutchings at 2019-08-14T18:23:09Z
Merge branch 'bwh/update-issues' into 'master'
Update issues
See merge request cip-project/cip-kernel/cip-kernel-sec!4
- - - - -
17 changed files:
- issues/CVE-2017-18379.yml
- + issues/CVE-2017-ipv6-mroute-type-check.yml
- issues/CVE-2018-13093.yml
- issues/CVE-2018-20854.yml
- issues/CVE-2018-20855.yml
- issues/CVE-2018-20856.yml
- issues/CVE-2019-10207.yml
- issues/CVE-2019-11091.yml
- issues/CVE-2019-11487.yml
- issues/CVE-2019-11599.yml
- issues/CVE-2019-11833.yml
- issues/CVE-2019-11884.yml
- issues/CVE-2019-13631.yml
- issues/CVE-2019-13648.yml
- issues/CVE-2019-14283.yml
- issues/CVE-2019-14284.yml
- issues/CVE-2019-3900.yml
Changes:
=====================================
issues/CVE-2017-18379.yml
=====================================
@@ -1,4 +1,11 @@
description: 'nvmet-fc: ensure target queue id within range'
+references:
+- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18379
+- https://git.kernel.org/linus/0c319d3a144d4b8f1ea2047fd614d2149b68f889
+comments:
+ Debian-bwh: |-
+ Introduced in Linux 4.10 by commit c53432030d86 "nvme-fabrics: Add
+ target support for FC transport".
introduced-by:
mainline: [c53432030d86429dc9fe5adc3d68cb9d1343b0b2]
fixed-by:
=====================================
issues/CVE-2017-ipv6-mroute-type-check.yml
=====================================
@@ -0,0 +1,7 @@
+description: IPv6 mroute missing type check
+references:
+- https://lists.openwall.net/netdev/2017/12/04/40
+fixed-by:
+ linux-4.4.y: [ee2f25641633ffb03fb88e4fa8a6424d24d3f295]
+ linux-4.9.y: [1e531ad4316cb47c6c2b42f3257d1841a6e837e7]
+ mainline: [99253eb750fda6a644d5188fb26c43bad8d5a745]
=====================================
issues/CVE-2018-13093.yml
=====================================
@@ -5,6 +5,8 @@ references:
- https://git.kernel.org/pub/scm/fs/xfs/xfs-linux.git/commit/?h=for-next&id=afca6c5b2595fc44383919fba740c194b0b76aff
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13093
- https://github.com/torvalds/linux/commit/afca6c5b2595fc44383919fba740c194b0b76aff
+reporters:
+- Wen Xu
introduced-by:
mainline: [1da177e4c3f41524e886b7f1b8a0c1fc7321cac2]
fixed-by:
=====================================
issues/CVE-2018-20854.yml
=====================================
@@ -6,6 +6,11 @@ references:
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20854
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6acb47d1a318e5b3b7115354ebc4ea060c59d3a1
- https://github.com/torvalds/linux/commit/6acb47d1a318e5b3b7115354ebc4ea060c59d3a1
+comments:
+ Debian-carnil: |-
+ Driver intorduced in same upstream version as per 51f6b410fc22
+ ("phy: add driver for Microsemi Ocelot SerDes muxing") so it is
+ disputable why this has a CVE.
introduced-by:
mainline: [51f6b410fc220d8a5a4fae00ebfd8243b6c11d4e]
fixed-by:
=====================================
issues/CVE-2018-20855.yml
=====================================
@@ -4,6 +4,12 @@ references:
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.7
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0625b4ba1a5d4703c7fb01c497bd6c156908af00
- https://github.com/torvalds/linux/commit/0625b4ba1a5d4703c7fb01c497bd6c156908af00
+comments:
+ Debian-bwh: |-
+ Introduced in Linux 4.17 by commit 41d902cb7c32 "RDMA/mlx5: Fix
+ definition of mlx5_ib_create_qp_resp".
+introduced-by:
+ mainline: [41d902cb7c326d711674977763c4b30df87611bc]
fixed-by:
mainline: [0625b4ba1a5d4703c7fb01c497bd6c156908af00]
ignore:
=====================================
issues/CVE-2018-20856.yml
=====================================
@@ -4,6 +4,10 @@ references:
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.7
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54648cf1ec2d7f4b6a71767799c45676a138ca24
- https://github.com/torvalds/linux/commit/54648cf1ec2d7f4b6a71767799c45676a138ca24
+comments:
+ Debian-bwh: |-
+ Introduced in Linux 3.18 by commit 7c94e1c157a2 "block: introduce
+ blk_flush_queue to drive flush machinery".
introduced-by:
mainline: [7c94e1c157a227837b04f02f5edeff8301410ba2]
fixed-by:
=====================================
issues/CVE-2019-10207.yml
=====================================
@@ -2,3 +2,19 @@ description: 'bluetooth: hci_uart: 0x0 address execution as nonprivileged user'
references:
- https://www.openwall.com/lists/oss-security/2019/07/25/1
- https://lore.kernel.org/linux-bluetooth/20190725120909.31235-1-vdronov at redhat.com/T/#u
+- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10207
+- https://lore.kernel.org/linux-bluetooth/20190729122215.9948-1-vdronov at redhat.com/
+comments:
+ Debian-bwh: |-
+ For hci_ath, this was introduced in Linux 2.6.36 by commit
+ b3190df62861 "Bluetooth: Support for Atheros AR300x serial chip".
+ For hci_uart, this was introduced in Linux 4.2 by commit
+ 2a973dfada2b "Bluetooth: hci_uart: Add new line discipline
+ enhancements".
+fixed-by:
+ linux-4.14.y: [69f9c2bc3f754ad1d610b30b940681d678c8e684]
+ linux-4.19.y: [56966212e23f82ced10831f7cca02f7339147428]
+ linux-4.4.y: [37fb924139954a28a1f04959070c3cc762b0de4c]
+ linux-4.9.y: [58a01b0bd8ea5fddb51d4d854bb149a1a7312c12]
+ linux-5.2.y: [785b5dc6c06083a874d7bda593de06a01ac7fe6a]
+ mainline: [b36a1552d7319bbfd5cf7f08726c23c5c66d4f73]
=====================================
issues/CVE-2019-11091.yml
=====================================
@@ -133,6 +133,18 @@ fixed-by:
f223c10cf17689353a41e052bfc16c9ac4758132, adef560d1ef8ab84aceee8b6ebae6f515c2b7a66,
179adc415f947eb64eb12a15c90d0d8da09418b9, 8be7f1183d2f113d82c0c68a5e23a44d7fb8a8b6,
683f9fba8c27817b6c2f7320a4095ca353022651]
+ linux-4.4.y-cip-rt: [a50e2ca5757f54fc5b0eabbb77a509209cbcc40d, 31a2c5f7a25b1cf4739ccd0244b0b270c42dab89,
+ 71041afe26a30d8a5bfb75ff5699c9cfdee5250a, 693eb3bdaf19dd58aea99a5ed088dd6319ecc098,
+ 0f961ec593057bad865d3a9f6834c0ca1582d486, 3092ad5c4f2ed6925847273a65c5598a73ee88d8,
+ 2b26dff34698b8f4b57c5492c17a3fcf71e32de6, 0144cbc1247411f6fa07447ce9a4ae204903031a,
+ e2896d6b1e485605b5c436f11abc2016a60c083a, 06deb655ae265b397cd013db5cb77aa442a68617,
+ 48204fd98023ff7d05166c7ddb9d8afd2c5006e9, e0e64cdc7fd9eb3dbcf670e8c3dd9dfd0501d104,
+ 9fe26a407f0eca058829dec41a4de71c70bfc3ec, 3fb41b4e2d389f2b187e2e12a7c8611d6c4b0e30,
+ 8c7398befdf1ecb163b5d0f6f5ba27b45c63211e, d4c1e6cbbcdca0f4688a58092ecbb81a58fe4421,
+ a41a2dee403d99e6c13d35b935a310b0609b8e6a, 7a6c2a6c4235e68472d1924b2d3f6f808ee5d39a,
+ f223c10cf17689353a41e052bfc16c9ac4758132, adef560d1ef8ab84aceee8b6ebae6f515c2b7a66,
+ 179adc415f947eb64eb12a15c90d0d8da09418b9, 8be7f1183d2f113d82c0c68a5e23a44d7fb8a8b6,
+ 683f9fba8c27817b6c2f7320a4095ca353022651]
linux-4.9.y: [ffe8cffc8be1ae47c08cbc3571bed6b5b0fa53ad, 192d1975450e51c1abb725343a7e19a4d61e30bd,
626743f43da44598076019a82193caf49dca1fde, 2a099011de8abebac475a90dad1835c60dfca88c,
da360f1f5eb43e0d71009bab3be53c7a06d40caf, 96c06cda5b4bdc6a3a9a8f8adc46c86077a70ee0,
=====================================
issues/CVE-2019-11487.yml
=====================================
@@ -14,6 +14,7 @@ references:
- https://github.com/torvalds/linux/commit/8fde12ca79aff9b5ba951fce1a2641901b8d8e64
- https://github.com/torvalds/linux/commit/f958d7b528b1b40c44cfda5eabe2d82760d868c3
- https://usn.ubuntu.com/usn/usn-4069-1
+- https://usn.ubuntu.com/usn/usn-4069-2
comments:
Debian-bwh: |-
I'm having trouble backporting to this to 3.16 because we don't
@@ -45,3 +46,4 @@ ignore:
linux-3.16.y: Minor issue, difficult to backport fix
linux-4.4.y: Minor issue, difficult to backport fix
linux-4.4.y-cip: Minor issue, difficult to backport fix
+ linux-4.4.y-cip-rt: Minor issue, difficult to backport fix
=====================================
issues/CVE-2019-11599.yml
=====================================
@@ -8,6 +8,7 @@ references:
- http://www.openwall.com/lists/oss-security/2019/04/29/2
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=04f5866e41fb70690e28397487d8bd8eea7d712a
- https://usn.ubuntu.com/usn/usn-4069-1
+- https://usn.ubuntu.com/usn/usn-4069-2
comments:
Debian-bwh: |-
The backports to 4.4 and 4.9 are still under discussion.
=====================================
issues/CVE-2019-11833.yml
=====================================
@@ -7,6 +7,7 @@ references:
- https://usn.ubuntu.com/usn/usn-4068-2
- https://usn.ubuntu.com/usn/usn-4069-1
- https://usn.ubuntu.com/usn/usn-4076-1
+- https://usn.ubuntu.com/usn/usn-4069-2
introduced-by:
mainline: [a86c61812637c7dd0c57e29880cffd477b62f2e7]
fixed-by:
=====================================
issues/CVE-2019-11884.yml
=====================================
@@ -8,6 +8,7 @@ references:
- https://usn.ubuntu.com/usn/usn-4068-2
- https://usn.ubuntu.com/usn/usn-4069-1
- https://usn.ubuntu.com/usn/usn-4076-1
+- https://usn.ubuntu.com/usn/usn-4069-2
comments:
Debian-carnil: similar issue to CVE-2011-1079.
fixed-by:
=====================================
issues/CVE-2019-13631.yml
=====================================
@@ -5,7 +5,10 @@ references:
introduced-by:
mainline: [a19ceb56cbd1e1beff3e9cf6042e1f31f6487aa6]
fixed-by:
+ linux-4.14.y: [81bf168d855cc1d97a7c9cde6787ff42485556c8]
linux-4.19.y: [d657077eda7b5572d86f2f618391bb016b5d9a64]
+ linux-4.4.y: [3ca20e950203a6c7759186ec4e89cbd33ee2bf81]
+ linux-4.9.y: [2628fa1a6d824ee1f3fe67a272a3d00ba33d23fa]
linux-5.2.y: [63fabf4287b23da069986b7a7fdc6ad0b202f00a]
mainline: [2a017fd82c5402b3c8df5e3d6e5165d9e6147dc1]
ignore:
=====================================
issues/CVE-2019-13648.yml
=====================================
@@ -2,6 +2,7 @@ description: 'powerpc/tm: Fix oops on sigreturn on systems without TM'
references:
- https://patchwork.ozlabs.org/patch/1133904/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13648
+- https://www.openwall.com/lists/oss-security/2019/07/30/1
comments:
Debian-bwh: |-
We have disabled CONFIG_PPC_TRANSACTIONAL_MEM in 4.9.184-1 for
@@ -11,6 +12,11 @@ reporters:
introduced-by:
mainline: [2b0a576d15e0e14751f00f9c87e46bad27f217e7]
fixed-by:
+ linux-4.14.y: [26bee6ef0d72193d58a085610fe49169d23baa83]
+ linux-4.19.y: [b993a66d8ddc1c26da0d9aa3471789cc170b28ee]
+ linux-4.4.y: [e67fd28f9ed887d0c8124bda96b66dab87823eac]
+ linux-4.9.y: [08ee34d86c9c6a9b93c0986d7fc6e272690e8d24]
+ linux-5.2.y: [8716e8d122e12799eff9e92c05fdabba31d47b2f]
mainline: [f16d80b75a096c52354c6e0a574993f3b0dfbdfe]
ignore:
linux-4.19.y-cip: No members are using powerpc
=====================================
issues/CVE-2019-14283.yml
=====================================
@@ -1,6 +1,14 @@
description: 'floppy: fix out-of-bounds read in copy_buffer'
+references:
+- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14283
+- https://git.kernel.org/linus/da99466ac243f15fbba65bd261bfc75ffa1532b6
+introduced-by:
+ mainline: [1da177e4c3f41524e886b7f1b8a0c1fc7321cac2]
fixed-by:
+ linux-4.14.y: [80637a906eded08e04ed8a6fbbdd2b8112eaa387]
linux-4.19.y: [ff54c44f103825a426e46d08b5d3d76e44791a87]
+ linux-4.4.y: [d105eaf5fb67a193df8fe72e64690c43e343a560]
+ linux-4.9.y: [1fdefbb5bc70ff20ea49083c6984aae86e3ecf93]
linux-5.2.y: [d39c2e97277229970fe2ae56dcbf67a535e14873]
mainline: [da99466ac243f15fbba65bd261bfc75ffa1532b6]
ignore:
=====================================
issues/CVE-2019-14284.yml
=====================================
@@ -1,6 +1,14 @@
description: 'floppy: fix div-by-zero in setup_format_params'
+references:
+- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14284
+- https://git.kernel.org/linus/f3554aeb991214cbfafd17d55e2bfddb50282e32
+introduced-by:
+ mainline: [1da177e4c3f41524e886b7f1b8a0c1fc7321cac2]
fixed-by:
+ linux-4.14.y: [a904a690ea0317fcd88c5b9dfef40ef0f98d9530]
linux-4.19.y: [6e34fd07484a0622a17b40e0ca89ed451260ef45]
+ linux-4.4.y: [26d6284d5d392bd96c414f745bcbf3620e93c8fd]
+ linux-4.9.y: [604206cde7a6c1907f6f03d90c37505a45ef1b62]
linux-5.2.y: [697c0af7468a941522c1e26345aa5128fa2a4815]
mainline: [f3554aeb991214cbfafd17d55e2bfddb50282e32]
ignore:
=====================================
issues/CVE-2019-3900.yml
=====================================
@@ -12,5 +12,7 @@ introduced-by:
fixed-by:
linux-4.14.y: [ae446749492d8bd23f1d0b81adba16e5739dc740, 46c7fce709dccb4b0e4a5a06bfacdf2bb1a4fc43,
011942d12cc28c58fdeb2ca77e745c4c370fc250]
+ linux-4.19.y: [3af3b843aee41ed22343b011a4cf3812a80d2f38, 239910101c4ebf91a00e6f4a81ac3144b121f0c4,
+ 02cdc166128cf9cb2be4786b997eebbc0b976bfa]
mainline: [e2412c07f8f3040593dfb88207865a3cd58680c0, e79b431fb901ba1106670bcc80b9b617b25def7d,
c1ea02f15ab5efb3e93fc3144d895410bf79fcf2]
View it on GitLab: https://gitlab.com/cip-project/cip-kernel/cip-kernel-sec/compare/9ff7bd4ee1ec373015f0e2d2c9921f68f384635d...58c5886331a7cf41190f22eeaaa1ee7a03f3eb44
--
View it on GitLab: https://gitlab.com/cip-project/cip-kernel/cip-kernel-sec/compare/9ff7bd4ee1ec373015f0e2d2c9921f68f384635d...58c5886331a7cf41190f22eeaaa1ee7a03f3eb44
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cip-project.org/pipermail/cip-dev/attachments/20190814/cd5ac875/attachment-0001.html>
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2019-08-14 18:23 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-02-11 22:05 [cip-dev] [Git][cip-project/cip-kernel/cip-kernel-sec][master] 3 commits: Import more data Ben Hutchings
2019-08-14 18:23 Ben Hutchings
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).