lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1461626053.14569.30.camel@decadent.org.uk>
Date:	Tue, 26 Apr 2016 01:14:13 +0200
From:	Ben Hutchings <ben@...adent.org.uk>
To:	Willy Tarreau <w@....eu>, Sasha Levin <sasha.levin@...cle.com>
Cc:	Jiri Slaby <jslaby@...e.cz>, Greg KH <greg@...ah.com>,
	LKML <linux-kernel@...r.kernel.org>,
	stable <stable@...r.kernel.org>, lwn@....net
Subject: Re: stable-security kernel updates

On Thu, 2016-04-21 at 16:33 +0200, Willy Tarreau wrote:
> On Thu, Apr 21, 2016 at 10:27:46AM -0400, Sasha Levin wrote:
> > 
> > This means that missing CVE fixes are quite common with stable
> > trees?
> Until someone reports they are missing :-)

Or they are unfixed upstream (there are a good few of those).

Debian has a public list of all unembargoed kernel security issues that
have CVEs (and a few that don't), with references to any upstream
commits and fixed stable versions - but only for the stable branches
that our stable releases follow.

The mapping of CVE IDs to commits may be useful to other stable
maintainers, even if the rest isn't.

svn co svn://scm.alioth.debian.org/svn/kernel-sec/

Ben.

-- 
Ben Hutchings
The generation of random numbers is too important to be left to chance.
                                                            - Robert Coveyou

Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ