blob: 5190a9cc86276db503255eb0c1c97aac78194a5e (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
Description: perf: Tighten (and fix) the grouping condition
References:
https://source.android.com/security/bulletin/2017-05-01
Notes:
carnil> According to upstream commit it should fix
carnil> 9fc81d87420d ("perf: Fix events installation
carnil> during moving group"), which is in 3.19-rc1.
carnil> so might actually be not affecting any other
carnil> release, but needs check
nsl> 9fc81d87420d was backported to 3.16 in 3.16.35
nsl> along with the fix. 3.16 was likely never
nsl> vulnerable, but nonetheless has the fix.
carnil> 9fc81d87420d backported to 3.16.7-ckt4
carnil> c3c87e770458 backported to 3.16.7-ckt6
carnil> the fix for 3.16 is as well in 3.16.35 thus
canril> no release in 3.16-upstream-stable contained
carnil> the vulnerability.
carnil> So the issue was introduced and fixed in two
carnil> different releases still while beeing maintained
carnil> by the Ubuntu Kernel team and before "upstreamed"
carnil> back.
Bugs:
upstream: released (3.19-rc7) [c3c87e770458aa004bd7ed3f29945ff436fd6511]
4.9-upstream-stable: N/A "Fixed before branching point"
3.16-upstream-stable: released (3.16.35) [08446eea4a583919b979915f4dec2fa94ac6186c]
3.2-upstream-stable: N/A "Vulnerable code not present"
sid: released (3.16.7-ckt7-1)
3.16-jessie-security: N/A "Fixed before branching point for jessie"
3.2-wheezy-security: N/A "Vulnerable code not present"
|
