Ubuntu CVE Tracker

Merge ~kees/ubuntu-cve-tracker:linux-cves into ubuntu-cve-tracker:master

  1. Git
  2. lp:~kees/ubuntu-cve-tracker
  3. linux-cves
  4. Merge into master
Proposed by Kees Cook
Status: Merged
Merged at revision: 449c32e2fd6a9cfe5179e5be0a8e9d5cc9fe7792
Proposed branch: ~kees/ubuntu-cve-tracker:linux-cves
Merge into: ubuntu-cve-tracker:master
Diff against target: 243 lines (+22/-23)
18 files modified
active/CVE-2021-27365 (+2/-2)
active/CVE-2021-29154 (+1/-1)
retired/CVE-2011-4594 (+0/-1)
retired/CVE-2014-3610 (+1/-1)
retired/CVE-2014-3611 (+1/-1)
retired/CVE-2014-3645 (+1/-1)
retired/CVE-2014-3646 (+1/-1)
retired/CVE-2014-3647 (+2/-2)
retired/CVE-2014-4943 (+1/-1)
retired/CVE-2014-7826 (+1/-1)
retired/CVE-2014-8134 (+1/-1)
retired/CVE-2015-0239 (+1/-1)
retired/CVE-2015-5307 (+1/-1)
retired/CVE-2016-1575 (+2/-2)
retired/CVE-2016-1576 (+2/-2)
retired/CVE-2017-7184 (+2/-2)
retired/CVE-2019-14895 (+1/-1)
retired/CVE-2019-14901 (+1/-1)
Reviewer Review Type Date Requested Status
Steve Beattie Approve
Review via email: mp+408583@code.launchpad.net

Commit message

Cleaning up some kernel break/fix entries from the distant past and very recent.

To post a comment you must log in.
Revision history for this message
Thadeu Lima de Souza Cascardo (cascardo) wrote :
Download full text (11.9 KiB)

On Tue, Sep 14, 2021 at 04:15:47PM -0000, Kees Cook wrote:
> Kees Cook has proposed merging ~kees/ubuntu-cve-tracker:linux-cves into ubuntu-cve-tracker:master.
>
> Commit message:
> Cleaning up some kernel break/fix entries from the distant past and very recent.
>
> Requested reviews:
> Ubuntu Security Team (ubuntu-security)
>
> For more details, see:
> https://code.launchpad.net/~kees/ubuntu-cve-tracker/+git/ubuntu-cve-tracker/+merge/408583

Hi, Kees.

Thanks a lot for your work on this. Here is my take on some of these.

> --
> Your team Ubuntu Security Team is requested to review the proposed merge of ~kees/ubuntu-cve-tracker:linux-cves into ubuntu-cve-tracker:master.

> diff --git a/active/CVE-2021-27365 b/active/CVE-2021-27365
> index dd06602..1e7aef6 100644
> --- a/active/CVE-2021-27365
> +++ b/active/CVE-2021-27365
> @@ -33,8 +33,8 @@ CVSS:
> nvd: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
>
> Patches_linux:
> - break-fix: - f9dbdf97a5bd92b1a49cee3d591b55b11fd7a6d5
> - break-fix: - ec98ea7070e94cc25a422ec97d1421e28d97b7ee
> + break-fix: 23d6fefbb3f6b1cc29794427588b470ed06ff64e f9dbdf97a5bd92b1a49cee3d591b55b11fd7a6d5

This doesn't make sense. 23d6fefbb3f6 ("scsi: iscsi: Fix in-kernel conn
failure handling") comes after f9dbdf97a5bd ("scsi: iscsi: Verify lengths
on passthrough PDUs"). This looks more like 0896b7523026 ("[SCSI]
open-iscsi/linux-iscsi-5 Initiator: Transport class update for iSCSI)",
from 2005.

> + break-fix: a54a52caad4bd6166cb7fa64e4e93031fa2fda5d ec98ea7070e94cc25a422ec97d1421e28d97b7ee

a54a52caad4b ("[SCSI] iscsi: fixup set/get param functions") is so old that
I wouldn't bother adding it. We only support trusty and newer anyway.
However, we do add 1da177 as a break commit sometimes. I think the most use
of it is stating "the break commit is known". Because anything earlier than
v3.13 will give us the same triage results.

> upstream_linux: released (5.12~rc2)
> precise/esm_linux: ignored (was needs-triage ESM criteria)
> trusty_linux: ignored (out of standard support)
> diff --git a/active/CVE-2021-29154 b/active/CVE-2021-29154
> index ee3abb3..2559949 100644
> --- a/active/CVE-2021-29154
> +++ b/active/CVE-2021-29154
> @@ -29,7 +29,7 @@ CVSS:
> nvd: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
>
> Patches_linux:
> - break-fix: - e4d4d456436bfb2fe412ee2cd489f7658449b098
> + break-fix: 0a14842f5a3c0e88a1e59fac5c3025db39721f74 e4d4d456436bfb2fe412ee2cd489f7658449b098

OK, this is the commit that introduces BPF JIT. Finding a break commit here
would help us determine whether trusty is vulnerable. We know this can be
exploited with eBPF, but no idea if cBPF could be used here. And, then,
would the initial JIT implementation be vulnerable, or would it require
some later commit? I still would rather leave the break commit as "-",
stating that we still need to investigate this.

The remaining changes are retired CVEs. Do you know or expect that any of
the changes would result in a different set of currently supported kernels
being vulnerable when we thought they were not? Otherwise, would this be
consumed for kernels other than Ubuntu ones that would make it worth to
review and merge?

Thanks a lot.
Cas...

Revision history for this message
Steve Beattie (sbeattie) wrote :

Hey Kees,

Cascardo has already commented on the CVEs in the active directory. Most
of the retired CVE changes look fine, the only two that are a problem
are:

> --- a/retired/CVE-2016-1575
> +++ b/retired/CVE-2016-1575
> @@ -39,8 +39,8 @@ CVSS:
> nvd: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
>
> Patches_linux:
> - break-fix: - 1175b6b8d96331676f1d436b089b965807f23b4a
> - break-fix: - local-2016-1575-2
> + break-fix: e9be9d5e76e34872f0c37d72e25bc27fe9e2c54c 1175b6b8d96331676f1d436b089b965807f23b4a
> + break-fix: local-2016-1575-2-break local-2016-1575-2
> upstream_linux: needed
> precise_linux: ignored (reached end-of-life)
> precise/esm_linux: not-affected (no user-namespace mounts)
> diff --git a/retired/CVE-2016-1576 b/retired/CVE-2016-1576
> index a87ae91..0e7bed8 100644
> --- a/retired/CVE-2016-1576
> +++ b/retired/CVE-2016-1576
> @@ -40,8 +40,8 @@ CVSS:
> nvd: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
>
> Patches_linux:
> - break-fix: - local-2016-1576-1
> - break-fix: - local-2016-1576-2
> + break-fix: e9be9d5e76e34872f0c37d72e25bc27fe9e2c54c local-2016-1576-1|e9f57ebcba563e0cd532926cab83c92bb4d79360
> + break-fix: local-2016-1576-2-break local-2016-1576-2
> upstream_linux: needed
> Priority_linux_precise: low
> Priority_linux_precise/esm: low
> diff --git a/retired/CVE-2017-7184 b/retired/CVE-2017-7184
> index 167f349..7dff1d9 100644

Neither added breaks entries, local-2016-1575-2-break or
local-2016-1576-2-break, are defined in active/10autotriage.linux. I
*think* all commits here should have an alternation
between e9be9d5e76e34872f0c37d72e25bc27fe9e2c54c or a
locally defined identifier for the git commit that pulled
back overlayfs into trusty's kernel, which I believe is
https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/trusty/commit/?id=4d83812e9f64ea7a5be1d8c220e9534684ad74bd

I'll try and fix it up tomorrow.

Thanks for trying to get the records straight!

--
Steve Beattie
<email address hidden>

Revision history for this message
Kees Cook (kees) wrote :
Download full text (3.8 KiB)

> On Tue, Sep 14, 2021 at 04:15:47PM -0000, Kees Cook wrote:
> > Kees Cook has proposed merging ~kees/ubuntu-cve-tracker:linux-cves into ubuntu-cve-tracker:master.
>
> Hi, Kees.
>
> Thanks a lot for your work on this. Here is my take on some of these.

Hi! Thanks for the review. :)

> > diff --git a/active/CVE-2021-27365 b/active/CVE-2021-27365
> > index dd06602..1e7aef6 100644
> > --- a/active/CVE-2021-27365
> > +++ b/active/CVE-2021-27365
> > @@ -33,8 +33,8 @@ CVSS:
> > nvd: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
> >
> > Patches_linux:
> > - break-fix: - f9dbdf97a5bd92b1a49cee3d591b55b11fd7a6d5
> > - break-fix: - ec98ea7070e94cc25a422ec97d1421e28d97b7ee
> > + break-fix: 23d6fefbb3f6b1cc29794427588b470ed06ff64e
> f9dbdf97a5bd92b1a49cee3d591b55b11fd7a6d5
>
> This doesn't make sense. 23d6fefbb3f6 ("scsi: iscsi: Fix in-kernel conn
> failure handling") comes after f9dbdf97a5bd ("scsi: iscsi: Verify lengths
> on passthrough PDUs"). This looks more like 0896b7523026 ("[SCSI]
> open-iscsi/linux-iscsi-5 Initiator: Transport class update for iSCSI)",
> from 2005.

Whoops! Yes, this is a mispaste it seems. I agree, 0896b7523026 is best here.

>
> > + break-fix: a54a52caad4bd6166cb7fa64e4e93031fa2fda5d
> ec98ea7070e94cc25a422ec97d1421e28d97b7ee
>
> a54a52caad4b ("[SCSI] iscsi: fixup set/get param functions") is so old that
> I wouldn't bother adding it. We only support trusty and newer anyway.
> However, we do add 1da177 as a break commit sometimes. I think the most use
> of it is stating "the break commit is known". Because anything earlier than
> v3.13 will give us the same triage results.

I regularly do historical CVE flaw lifetime analysis (see the lifetime graph, slide 5, at https://outflux.net/slides/2019/lss/kspp.pdf), so it's worth it to me to have these as correctly triaged as possible. (i.e. it doesn't hurt to have it recorded.)

> > diff --git a/active/CVE-2021-29154 b/active/CVE-2021-29154
> > index ee3abb3..2559949 100644
> > --- a/active/CVE-2021-29154
> > +++ b/active/CVE-2021-29154
> > @@ -29,7 +29,7 @@ CVSS:
> > nvd: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
> >
> > Patches_linux:
> > - break-fix: - e4d4d456436bfb2fe412ee2cd489f7658449b098
> > + break-fix: 0a14842f5a3c0e88a1e59fac5c3025db39721f74
> e4d4d456436bfb2fe412ee2cd489f7658449b098
>
> OK, this is the commit that introduces BPF JIT. Finding a break commit here
> would help us determine whether trusty is vulnerable. We know this can be
> exploited with eBPF, but no idea if cBPF could be used here. And, then,
> would the initial JIT implementation be vulnerable, or would it require
> some later commit? I still would rather leave the break commit as "-",
> stating that we still need to investigate this.

This is correct, though. It was specifically the x86_64 JIT that was broken (and that's what the fix fixes). This correctly maps to the next line, which is for i386:

> break-fix: 03f5781be2c7b7e728d724ac70ba10799cc710d7 26f55a59dc65ff77cd1c4b37991e26497fc68049

See the note at the end of e4d4d456436bfb2fe412ee2cd489f7658449b098, which discusses the split of fixes between x86_64 and i386.

Regardless, as "-" effectively means "beginning of GIT history", the in...

Read more...

Revision history for this message
Kees Cook (kees) wrote :

> Hey Kees,
>
> Cascardo has already commented on the CVEs in the active directory. Most
> of the retired CVE changes look fine, the only two that are a problem
> are:
>
> > --- a/retired/CVE-2016-1575
> > +++ b/retired/CVE-2016-1575
> > @@ -39,8 +39,8 @@ CVSS:
> > nvd: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
> >
> > Patches_linux:
> > - break-fix: - 1175b6b8d96331676f1d436b089b965807f23b4a
> > - break-fix: - local-2016-1575-2
> > + break-fix: e9be9d5e76e34872f0c37d72e25bc27fe9e2c54c
> 1175b6b8d96331676f1d436b089b965807f23b4a
> > + break-fix: local-2016-1575-2-break local-2016-1575-2
> > upstream_linux: needed
> > precise_linux: ignored (reached end-of-life)
> > precise/esm_linux: not-affected (no user-namespace mounts)
> > diff --git a/retired/CVE-2016-1576 b/retired/CVE-2016-1576
> > index a87ae91..0e7bed8 100644
> > --- a/retired/CVE-2016-1576
> > +++ b/retired/CVE-2016-1576
> > @@ -40,8 +40,8 @@ CVSS:
> > nvd: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
> >
> > Patches_linux:
> > - break-fix: - local-2016-1576-1
> > - break-fix: - local-2016-1576-2
> > + break-fix: e9be9d5e76e34872f0c37d72e25bc27fe9e2c54c
> local-2016-1576-1|e9f57ebcba563e0cd532926cab83c92bb4d79360
> > + break-fix: local-2016-1576-2-break local-2016-1576-2
> > upstream_linux: needed
> > Priority_linux_precise: low
> > Priority_linux_precise/esm: low
> > diff --git a/retired/CVE-2017-7184 b/retired/CVE-2017-7184
> > index 167f349..7dff1d9 100644
>
> Neither added breaks entries, local-2016-1575-2-break or
> local-2016-1576-2-break, are defined in active/10autotriage.linux. I
> *think* all commits here should have an alternation
> between e9be9d5e76e34872f0c37d72e25bc27fe9e2c54c or a
> locally defined identifier for the git commit that pulled
> back overlayfs into trusty's kernel, which I believe is
> https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/trusty/comm
> it/?id=4d83812e9f64ea7a5be1d8c220e9534684ad74bd
>
> I'll try and fix it up tomorrow.
>
> Thanks for trying to get the records straight!

Ah-ha! Thanks for the reference -- I wasn't sure where the "local-*" stuff lived, and I wasn't sure it wasn't just a magic value. :) Thanks for finding the backport sha -- that's seems a much better reference. Let me fix that now...

Revision history for this message
Kees Cook (kees) wrote :

Ok, a393fe5f1d52 updated with both review comment threads. Thanks!

Revision history for this message
Steve Beattie (sbeattie) wrote :

Thanks, I touched up the breaks entries and merged your fixes in https://git.launchpad.net/ubuntu-cve-tracker/commit/?id=449c32e2fd6a9cfe5179e5be0a8e9d5cc9fe7792

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/active/CVE-2021-27365 b/active/CVE-2021-27365
2index b1adc58..3b30b1c 100644
3--- a/active/CVE-2021-27365
4+++ b/active/CVE-2021-27365
5@@ -33,8 +33,8 @@ CVSS:
6 nvd: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7
8 Patches_linux:
9- break-fix: - f9dbdf97a5bd92b1a49cee3d591b55b11fd7a6d5
10- break-fix: - ec98ea7070e94cc25a422ec97d1421e28d97b7ee
11+ break-fix: 0896b752302662909b52895bd7f601136001069d f9dbdf97a5bd92b1a49cee3d591b55b11fd7a6d5
12+ break-fix: a54a52caad4bd6166cb7fa64e4e93031fa2fda5d ec98ea7070e94cc25a422ec97d1421e28d97b7ee
13 upstream_linux: released (5.12~rc2)
14 precise/esm_linux: ignored (was needs-triage ESM criteria)
15 trusty_linux: ignored (out of standard support)
16diff --git a/active/CVE-2021-29154 b/active/CVE-2021-29154
17index 7c5910c..45156b9 100644
18--- a/active/CVE-2021-29154
19+++ b/active/CVE-2021-29154
20@@ -29,7 +29,7 @@ CVSS:
21 nvd: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
22
23 Patches_linux:
24- break-fix: - e4d4d456436bfb2fe412ee2cd489f7658449b098
25+ break-fix: 0a14842f5a3c0e88a1e59fac5c3025db39721f74 e4d4d456436bfb2fe412ee2cd489f7658449b098
26 break-fix: 03f5781be2c7b7e728d724ac70ba10799cc710d7 26f55a59dc65ff77cd1c4b37991e26497fc68049
27 upstream_linux: released (5.12~rc7)
28 precise/esm_linux: ignored (end of ESM support, was needs-triage)
29diff --git a/retired/CVE-2011-4594 b/retired/CVE-2011-4594
30index b889018..cdbb29c 100644
31--- a/retired/CVE-2011-4594
32+++ b/retired/CVE-2011-4594
33@@ -26,7 +26,6 @@ CVSS:
34
35 Patches_linux:
36 break-fix: c71d8ebe7a4496fb7231151cb70a6baa0cb56f9a bc909d9ddbf7778371e36a651d6e4194b1cc7d4c
37- break-fix: 5b47b8038f183b44d2d8ff1c7d11a5c1be706b34 bc909d9ddbf7778371e36a651d6e4194b1cc7d4c
38 upstream_linux: released (3.1~rc5)
39 hardy_linux: not-affected
40 lucid_linux: not-affected
41diff --git a/retired/CVE-2014-3610 b/retired/CVE-2014-3610
42index 52e1c0c..e3902fd 100644
43--- a/retired/CVE-2014-3610
44+++ b/retired/CVE-2014-3610
45@@ -56,7 +56,7 @@ CVSS:
46 nvd: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
47
48 Patches_linux:
49- break-fix: - 854e8bb1aa06c578c2c9145fa6bfe3680ef63b23
50+ break-fix: 6aa8b732ca01c3d7a54e93f4d701b8aabbe60fb7 854e8bb1aa06c578c2c9145fa6bfe3680ef63b23
51 upstream_linux: released (3.18~rc2)
52 lucid_linux: released (2.6.32-71.138)
53 precise_linux: released (3.2.0-72.107)
54diff --git a/retired/CVE-2014-3611 b/retired/CVE-2014-3611
55index 9593266..a0baa66 100644
56--- a/retired/CVE-2014-3611
57+++ b/retired/CVE-2014-3611
58@@ -49,7 +49,7 @@ CVSS:
59 nvd: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
60
61 Patches_linux:
62- break-fix: - 2febc839133280d5a5e8e1179c94ea674489dae2
63+ break-fix: 6aa8b732ca01c3d7a54e93f4d701b8aabbe60fb7 2febc839133280d5a5e8e1179c94ea674489dae2
64 upstream_linux: released (3.18~rc2)
65 lucid_linux: released (2.6.32-71.138)
66 precise_linux: released (3.2.0-72.107)
67diff --git a/retired/CVE-2014-3645 b/retired/CVE-2014-3645
68index 9a8e0cc..196feb6 100644
69--- a/retired/CVE-2014-3645
70+++ b/retired/CVE-2014-3645
71@@ -30,7 +30,7 @@ Assigned-to:
72 CVSS:
73
74 Patches_linux:
75- break-fix: - bfd0a56b90005f8c8a004baf407ad90045c2b11e
76+ break-fix: 6aa8b732ca01c3d7a54e93f4d701b8aabbe60fb7 bfd0a56b90005f8c8a004baf407ad90045c2b11e
77 upstream_linux: released (3.12~rc1)
78 lucid_linux: ignored (reached end-of-life)
79 precise_linux: released (3.2.0-72.107)
80diff --git a/retired/CVE-2014-3646 b/retired/CVE-2014-3646
81index 18417af..a616847 100644
82--- a/retired/CVE-2014-3646
83+++ b/retired/CVE-2014-3646
84@@ -47,7 +47,7 @@ CVSS:
85 nvd: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
86
87 Patches_linux:
88- break-fix: - a642fc305053cc1c6e47e4f4df327895747ab485
89+ break-fix: 6aa8b732ca01c3d7a54e93f4d701b8aabbe60fb7 a642fc305053cc1c6e47e4f4df327895747ab485
90 upstream_linux: released (3.18~rc2)
91 lucid_linux: ignored (reached end-of-life)
92 precise_linux: released (3.2.0-72.107)
93diff --git a/retired/CVE-2014-3647 b/retired/CVE-2014-3647
94index 607f12a..f6aa58c 100644
95--- a/retired/CVE-2014-3647
96+++ b/retired/CVE-2014-3647
97@@ -46,8 +46,8 @@ CVSS:
98 nvd: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
99
100 Patches_linux:
101- break-fix: - 234f3ce485d54017f15cf5e0699cff4100121601
102- break-fix: - d1442d85cc30ea75f7d399474ca738e0bc96f715
103+ break-fix: 6aa8b732ca01c3d7a54e93f4d701b8aabbe60fb7 234f3ce485d54017f15cf5e0699cff4100121601
104+ break-fix: 6aa8b732ca01c3d7a54e93f4d701b8aabbe60fb7 d1442d85cc30ea75f7d399474ca738e0bc96f715
105 upstream_linux: released (3.18~rc2)
106 lucid_linux: ignored (reached end-of-life)
107 precise_linux: released (3.2.0-72.107)
108diff --git a/retired/CVE-2014-4943 b/retired/CVE-2014-4943
109index c028d2e..841d099 100644
110--- a/retired/CVE-2014-4943
111+++ b/retired/CVE-2014-4943
112@@ -34,7 +34,7 @@ Assigned-to:
113 CVSS:
114
115 Patches_linux:
116- break-fix: - 3cf521f7dc87c031617fd47e4b7aa2593c2f3daf
117+ break-fix: 3557baabf28088f49bdf72a048fd33ab62e205b1 3cf521f7dc87c031617fd47e4b7aa2593c2f3daf
118 upstream_linux: released (3.16~rc6)
119 lucid_linux: released (2.6.32-64.128)
120 precise_linux: released (3.2.0-67.101)
121diff --git a/retired/CVE-2014-7826 b/retired/CVE-2014-7826
122index cb088e3..d5d53e5 100644
123--- a/retired/CVE-2014-7826
124+++ b/retired/CVE-2014-7826
125@@ -34,7 +34,7 @@ CVSS:
126 nvd: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
127
128 Patches_linux:
129- break-fix: - 086ba77a6db00ed858ff07451bedee197df868c9
130+ break-fix: bed1ffca022cc876fb83161d26670e9b5d3cf36b 086ba77a6db00ed858ff07451bedee197df868c9
131 upstream_linux: released (3.18~rc3)
132 lucid_linux: not-affected (depends on CONFIG_FTRACE_SYSCALLS)
133 precise_linux: released (3.2.0-73.108)
134diff --git a/retired/CVE-2014-8134 b/retired/CVE-2014-8134
135index f5c21f1..faf3faa 100644
136--- a/retired/CVE-2014-8134
137+++ b/retired/CVE-2014-8134
138@@ -37,7 +37,7 @@ CVSS:
139 nvd: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
140
141 Patches_linux:
142- break-fix: - 29fa6825463c97e5157284db80107d1bfac5d77b
143+ break-fix: 6aa8b732ca01c3d7a54e93f4d701b8aabbe60fb7 29fa6825463c97e5157284db80107d1bfac5d77b
144 upstream_linux: released (3.19~rc1)
145 lucid_linux: released (2.6.32-70.137)
146 precise_linux: released (3.2.0-74.109)
147diff --git a/retired/CVE-2015-0239 b/retired/CVE-2015-0239
148index 0cd0947..0170d39 100644
149--- a/retired/CVE-2015-0239
150+++ b/retired/CVE-2015-0239
151@@ -34,7 +34,7 @@ Assigned-to:
152 CVSS:
153
154 Patches_linux:
155- break-fix: - f3747379accba8e95d70cec0eae0582c8c182050
156+ break-fix: 6aa8b732ca01c3d7a54e93f4d701b8aabbe60fb7 f3747379accba8e95d70cec0eae0582c8c182050
157 upstream_linux: released (3.19~rc6)
158 lucid_linux: ignored (reached end-of-life)
159 precise_linux: released (3.2.0-77.112)
160diff --git a/retired/CVE-2015-5307 b/retired/CVE-2015-5307
161index a1ff897..c307ccd 100644
162--- a/retired/CVE-2015-5307
163+++ b/retired/CVE-2015-5307
164@@ -39,7 +39,7 @@ Assigned-to:
165 CVSS:
166
167 Patches_linux:
168- break-fix: - 54a20552e1eae07aa240fa370a0293e006b5faed
169+ break-fix: 6aa8b732ca01c3d7a54e93f4d701b8aabbe60fb7 54a20552e1eae07aa240fa370a0293e006b5faed
170 upstream_linux: released (4.4~rc1)
171 precise_linux: released (3.2.0-94.134)
172 precise/esm_linux: released (3.2.0-94.134)
173diff --git a/retired/CVE-2016-1575 b/retired/CVE-2016-1575
174index ea35449..e5e0219 100644
175--- a/retired/CVE-2016-1575
176+++ b/retired/CVE-2016-1575
177@@ -39,8 +39,8 @@ CVSS:
178 nvd: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
179
180 Patches_linux:
181- break-fix: - 1175b6b8d96331676f1d436b089b965807f23b4a
182- break-fix: - local-2016-1575-2
183+ break-fix: 4d83812e9f64ea7a5be1d8c220e9534684ad74bd|e9be9d5e76e34872f0c37d72e25bc27fe9e2c54c 1175b6b8d96331676f1d436b089b965807f23b4a
184+ break-fix: 4d83812e9f64ea7a5be1d8c220e9534684ad74bd local-2016-1575-2
185 upstream_linux: needed
186 precise_linux: ignored (reached end-of-life)
187 precise/esm_linux: not-affected (no user-namespace mounts)
188diff --git a/retired/CVE-2016-1576 b/retired/CVE-2016-1576
189index a87ae91..612a4f7 100644
190--- a/retired/CVE-2016-1576
191+++ b/retired/CVE-2016-1576
192@@ -40,8 +40,8 @@ CVSS:
193 nvd: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
194
195 Patches_linux:
196- break-fix: - local-2016-1576-1
197- break-fix: - local-2016-1576-2
198+ break-fix: 4d83812e9f64ea7a5be1d8c220e9534684ad74bd|e9be9d5e76e34872f0c37d72e25bc27fe9e2c54c local-2016-1576-1|e9f57ebcba563e0cd532926cab83c92bb4d79360
199+ break-fix: 4d83812e9f64ea7a5be1d8c220e9534684ad74bd local-2016-1576-2
200 upstream_linux: needed
201 Priority_linux_precise: low
202 Priority_linux_precise/esm: low
203diff --git a/retired/CVE-2017-7184 b/retired/CVE-2017-7184
204index 167f349..7dff1d9 100644
205--- a/retired/CVE-2017-7184
206+++ b/retired/CVE-2017-7184
207@@ -42,8 +42,8 @@ CVSS:
208 nvd: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
209
210 Patches_linux:
211- break-fix: - 677e806da4d916052585301785d847c3b3e6186a
212- break-fix: - f843ee6dd019bcece3e74e76ad9df0155655d0df
213+ break-fix: d51d081d65048a7a6f9956a7809c3bb504f3b95d 677e806da4d916052585301785d847c3b3e6186a
214+ break-fix: d51d081d65048a7a6f9956a7809c3bb504f3b95d f843ee6dd019bcece3e74e76ad9df0155655d0df
215 upstream_linux: released (4.11~rc5)
216 precise_linux: released (3.2.0-125.168)
217 precise/esm_linux: released (3.2.0-125.168)
218diff --git a/retired/CVE-2019-14895 b/retired/CVE-2019-14895
219index 7cc738a..9a32611 100644
220--- a/retired/CVE-2019-14895
221+++ b/retired/CVE-2019-14895
222@@ -34,7 +34,7 @@ CVSS:
223 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
224
225 Patches_linux:
226- break-fix: - local-2019-14895-fix
227+ break-fix: - local-2019-14895-fix|3d94a4a8373bf5f45cf5f939e88b8354dbf2311b
228 upstream_linux: needed
229 precise/esm_linux: ignored (was needs-triage ESM criteria)
230 trusty_linux: ignored (out of standard support)
231diff --git a/retired/CVE-2019-14901 b/retired/CVE-2019-14901
232index 55b2aa0..b56ec9d 100644
233--- a/retired/CVE-2019-14901
234+++ b/retired/CVE-2019-14901
235@@ -36,7 +36,7 @@ CVSS:
236 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
237
238 Patches_linux:
239- break-fix: - local-2019-14901-fix
240+ break-fix: - local-2019-14901-fix|1e58252e334dc3f3756f424a157d1b7484464c40
241 upstream_linux: needed
242 precise/esm_linux: ignored (was needs-triage ESM criteria)
243 trusty_linux: ignored (out of standard support)

Subscribers

People subscribed via source and target branches