diff options
author | Ben Hutchings <ben@decadent.org.uk> | 2022-06-27 02:56:51 +0200 |
---|---|---|
committer | Ben Hutchings <ben@decadent.org.uk> | 2022-06-27 02:56:51 +0200 |
commit | efa451524c9f99c6abb5cc5ed8bbe8efff0efba6 (patch) | |
tree | c0ecdfb9d8f7fb546b4365b6c67ad103f9795c0b /active/CVE-2018-1108 | |
parent | 4cafbc97de5ca77a3ae71f2c11a52c31e0300635 (diff) |
Reactivate CVE-2018-1108 as it can now be fixed for stretch
4.9.320 includes a backport of the random driver, and this avoids the
regression that led to our reverting the fix for this issue.
Diffstat (limited to 'active/CVE-2018-1108')
-rw-r--r-- | active/CVE-2018-1108 | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/active/CVE-2018-1108 b/active/CVE-2018-1108 new file mode 100644 index 00000000..5d52bb5a --- /dev/null +++ b/active/CVE-2018-1108 @@ -0,0 +1,24 @@ +Description: random: fix crng_ready() test +References: + https://bugs.chromium.org/p/project-zero/issues/detail?id=1559 +Notes: + carnil> Commit message mentions as fixing commit for CVE-2018-1108 + carnil> 43838a23a05fbd13e47d750d3dfd77001536dd33, and related commits + carnil> dc12baacb95f205948f64dc936a47d89ee110117 (needed for 4.13+) + carnil> and 8ef35c866f8862df074a49a93b0309725812dea8 (needed for 4.8+) + carnil> CVE-2018-1108 itself has "Cc: stable@kernel.org # 4.8+" + carnil> 4.9.88-1+deb9u1 reverts the fix due to various reported regressions. + bwh> This is finally being fixed for 4.9 through a backport of the + bwh> random driver that includes improvements to entropy gathering and + bwh> so avoids the regression. +Bugs: +upstream: released (4.17-rc2) [43838a23a05fbd13e47d750d3dfd77001536dd33] +4.19-upstream-stable: N/A "Fixed before branch point" +4.9-upstream-stable: released (4.9.96) [4dfb3442bb7e1fb80515df4a199ca5a7a8edf900] +3.16-upstream-stable: N/A "Vulnerable code not present" +3.2-upstream-stable: N/A "Vulnerable code not present" +sid: released (4.16.5-1) +4.19-buster-security: N/A "Fixed before branching point" +4.9-stretch-security: needed +3.16-jessie-security: N/A "Vulnerable code not present" +3.2-wheezy-security: N/A "Vulnerable code not present" |