summaryrefslogtreecommitdiffstats
path: root/retired/CVE-2018-1108
blob: 56547cf4d99657cee678091dcb85e6f8da40ace1 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
Description: random: fix crng_ready() test
References:
 https://bugs.chromium.org/p/project-zero/issues/detail?id=1559
Notes:
 carnil> Commit message mentions as fixing commit for CVE-2018-1108
 carnil> 43838a23a05fbd13e47d750d3dfd77001536dd33, and related commits
 carnil> dc12baacb95f205948f64dc936a47d89ee110117 (needed for 4.13+)
 carnil> and 8ef35c866f8862df074a49a93b0309725812dea8 (needed for 4.8+)
 carnil> CVE-2018-1108 itself has "Cc: stable@kernel.org # 4.8+"
 carnil> 4.9.88-1+deb9u1 reverts the fix due to various reported regressions.
 bwh> This is finally being fixed for 4.9 through a backport of the
 bwh> random driver that includes improvements to entropy gathering and
 bwh> so avoids the regression.
Bugs:
upstream: released (4.17-rc2) [43838a23a05fbd13e47d750d3dfd77001536dd33]
4.19-upstream-stable: N/A "Fixed before branch point"
4.9-upstream-stable: released (4.9.96) [4dfb3442bb7e1fb80515df4a199ca5a7a8edf900]
3.16-upstream-stable: N/A "Vulnerable code not present"
3.2-upstream-stable: N/A "Vulnerable code not present"
sid: released (4.16.5-1)
4.19-buster-security: N/A "Fixed before branching point"
4.9-stretch-security: released (4.9.320-2)
3.16-jessie-security: N/A "Vulnerable code not present"
3.2-wheezy-security: N/A "Vulnerable code not present"

© 2014-2024 Faster IT GmbH | imprint | privacy policy