Re: working for wheezy-security until wheezy-lts starts

To: Moritz Muehlenhoff <jmm@inutil.org>
Cc: Guido Günther <agx@sigxcpu.org>, Mike Gabriel <sunweaver@debian.org>, debian-lts@lists.debian.org, team@security.debian.org
Subject: Re: working for wheezy-security until wheezy-lts starts
From: Brian May <bam@debian.org>
Date: Tue, 22 Mar 2016 10:16:24 +1100
Message-id: <[🔎] 871t73o20n.fsf@prune.linuxpenguins.xyz>
In-reply-to: <[🔎] 874mbzo3i2.fsf@prune.linuxpenguins.xyz>
References: <20160229152546.Horde.bUTfXxHSPmDu0AWwU5x1bGj@mail.das-netzwerkteam.de> <[🔎] 20160303175559.GA22478@pisco.westfalen.local> <[🔎] 87y49n9qvo.fsf@prune.linuxpenguins.xyz> <[🔎] 20160313115209.GA6851@bogon.m.sigxcpu.org> <[🔎] 87fuvrw19o.fsf@prune.linuxpenguins.xyz> <[🔎] 20160316074449.GB30392@inutil.org> <[🔎] 8760wmx36x.fsf@prune.linuxpenguins.xyz> <[🔎] 874mbzo3i2.fsf@prune.linuxpenguins.xyz>

Brian May <bam@debian.org> writes:

>> Wonder how many of the CVEs the Ubuntu version fixes.
>
> Will have a look at this now.

Comparing the changelog with our security tracker (by hand; not sure if
anybody has written a tool to automate this, if not might be a good
idea):

Not fixed in backported Ubuntu precise version 4.1.6.1-0ubuntu0.12.04.10:
    - CVE-2014-5146 (marked No DSA)
    - CVE-2014-5149 (marked No DSA)
    - CVE-2014-8104 (marked vulnerable; description says "Linux kernel
    through 4.2.6" not sure if this means it is fixed or broken by 4.2.6)
    - CVE-2014-8341 (marked No DSA)

Fixed in backported Ubuntu precise version 4.1.6.1-0ubuntu0.12.04.10:
    - CVE-2015-2152 / XSA-119
    - CVE-2015-2752 / XSA-125
    - CVE-2015-2756 / XSA-126
    - CVE-2015-3259 / XSA-137
    - CVE-2015-5165 / XSA-140
    - CVE-2015-5307 / XSA-156
    - CVE-2015-7504 / XSA-162 (not in Debian security tracker)
    - CVE-2015-7969 / XSA-149
    - CVE-2015-7970 / XSA-150
    - CVE-2015-7971 / XSA-152
    - CVE-2015-7972 / XSA-153
    - CVE-2015-8339, CVE-2015-8340 / XSA-159
    - CVE-2015-8550 / XSA-155
    - CVE-2015-8554 / XSA-164
    - CVE-2015-8555 / XSA-165
    - TEMP-0000000-CE3B44 / XSA-166                          
    - CVE-2016-1570 / XSA-167
    - CVE-2016-1571 / XSA-168
    - CVE-2016-2270 / XSA-154
    - CVE-2016-2271 / XSA-170
-- 
Brian May <bam@debian.org>

Reply to:

Follow-Ups:
- Re: working for wheezy-security until wheezy-lts starts
  - From: Antoine Beaupré <anarcat@orangeseeds.org>

References:
- Re: working for wheezy-security until wheezy-lts starts
  - From: Moritz Mühlenhoff <jmm@inutil.org>
- Re: working for wheezy-security until wheezy-lts starts
  - From: Brian May <bam@debian.org>
- Re: working for wheezy-security until wheezy-lts starts
  - From: Guido Günther <agx@sigxcpu.org>
- Re: working for wheezy-security until wheezy-lts starts
  - From: Brian May <bam@debian.org>
- Re: working for wheezy-security until wheezy-lts starts
  - From: Moritz Muehlenhoff <jmm@inutil.org>
- Re: working for wheezy-security until wheezy-lts starts
  - From: Brian May <bam@debian.org>
- Re: working for wheezy-security until wheezy-lts starts
  - From: Brian May <bam@debian.org>

Prev by Date: Re: working for wheezy-security until wheezy-lts starts
Next by Date: Re: tracking security issues without CVEs
Previous by thread: Re: working for wheezy-security until wheezy-lts starts
Next by thread: Re: working for wheezy-security until wheezy-lts starts
Index(es):
- Date
- Thread