From 7811bf54c3fa03d431c7825d00b939213fa07553 Mon Sep 17 00:00:00 2001
From: Ben Hutchings <ben@decadent.org.uk>
Date: Sun, 13 Dec 2020 23:34:31 +0100
Subject: Fill in status for several issues

---
 active/CVE-2020-16120 | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

(limited to 'active/CVE-2020-16120')

diff --git a/active/CVE-2020-16120 b/active/CVE-2020-16120
index fbf03408..fb8cd0f8 100644
--- a/active/CVE-2020-16120
+++ b/active/CVE-2020-16120
@@ -11,11 +11,13 @@ Notes:
  carnil> Only exploitable when unprivileged user namespaces are enabled.
  bwh> I think it's only exploitable when unprivileged user namespace
  bwh> are enabled, *and* mounting of overlayfs is permitted in all
- bwh> user namespaces.
+ bwh> user namespaces.  This is not possible in the upstream or stable
+ bwh> kernels, or in a default Debian configuration, but we do provide
+ bwh> run-time configuration knobs to enable these.
 Bugs:
 upstream: released (5.8-rc1) [48bd024b8a40d73ad6b086de2615738da0c7004f, 56230d956739b9cb1cbde439d76227d77979a04d, 05acefb4872dae89e772729efb194af754c877e8]
-4.19-upstream-stable:
-4.9-upstream-stable:
+4.19-upstream-stable: N/A "Vulnerable configuration not possible"
+4.9-upstream-stable: N/A "Vulnerable configuration not possible"
 sid: released (5.8.7-1)
-4.19-buster-security:
-4.9-stretch-security:
+4.19-buster-security: needed
+4.9-stretch-security: N/A "Vulnerable configuration not possible"
-- 
cgit v1.2.3