diff options
| author | Ben Hutchings <ben@decadent.org.uk> | 2019-11-12 22:04:36 +0000 |
|---|---|---|
| committer | Ben Hutchings <ben@decadent.org.uk> | 2019-11-12 22:04:36 +0000 |
| commit | cc80e1e14dd36e7e8b24e7cf1bac005042a23e4f (patch) | |
| tree | 01e643010c0b0f86c408a999cdef43763c0b06b5 | |
| parent | 01be1555915eea5c107c85ccdd1ee3e6835a1820 (diff) | |
Update two issues that need more work to fix in 3.16
| -rw-r--r-- | active/CVE-2019-17075 | 2 | ||||
| -rw-r--r-- | active/CVE-2019-2213 | 4 |
2 files changed, 5 insertions, 1 deletions
diff --git a/active/CVE-2019-17075 b/active/CVE-2019-17075 index 013addea..6ce8a1cd 100644 --- a/active/CVE-2019-17075 +++ b/active/CVE-2019-17075 @@ -8,7 +8,7 @@ Bugs: upstream: released (5.4-rc3) [3840c5b78803b2b6cc1ff820100a74a092c40cbb] 4.19-upstream-stable: released (4.19.81) [27414f90ff6e1d7f6657e4a820b04a7b2d760272] 4.9-upstream-stable: released (4.9.198) [84f5b67df81a9f333afa81855f6fa3fdcd954463] -3.16-upstream-stable: needed +3.16-upstream-stable: ignored "Not a problem in practice" sid: released (5.3.7-1) [bugfix/all/RDMA-cxgb4-Do-not-dma-memory-off-of-the-stack.patch] 4.19-buster-security: needed 4.9-stretch-security: needed diff --git a/active/CVE-2019-2213 b/active/CVE-2019-2213 index 48e9e9e4..186d2a62 100644 --- a/active/CVE-2019-2213 +++ b/active/CVE-2019-2213 @@ -2,8 +2,12 @@ Description: binder: fix possible UAF when freeing buffer References: https://lore.kernel.org/patchwork/patch/1087916/ Notes: + bwh> For branches older than 4.20, the second hunk should be applied + bwh> to binder_thread_write() instead of binder_free_buf(). bwh> For branches older than 4.14, the first hunk should be applied to bwh> binder_pop_transaction() instead of binder_free_transaction(). + bwh> It's not clear how the locking should be done for branches older + bwh> than 4.14 though. Bugs: upstream: released (5.2-rc6) [a370003cc301d4361bae20c9ef615f89bf8d1e8a] 4.19-upstream-stable: released (4.19.64) [22068d49d09d2b3890e19d7b2048a33340f992da] |