Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752104AbcDYXOg (ORCPT <rfc822;w@1wt.eu>);
	Mon, 25 Apr 2016 19:14:36 -0400
Received: from shadbolt.e.decadent.org.uk ([88.96.1.126]:33915 "EHLO
	shadbolt.e.decadent.org.uk" rhost-flags-OK-OK-OK-OK)
	by vger.kernel.org with ESMTP id S1750784AbcDYXOe (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Mon, 25 Apr 2016 19:14:34 -0400
Message-ID: <1461626053.14569.30.camel@decadent.org.uk>
Subject: Re: stable-security kernel updates
From: Ben Hutchings <ben@decadent.org.uk>
To: Willy Tarreau <w@1wt.eu>, Sasha Levin <sasha.levin@oracle.com>
Cc: Jiri Slaby <jslaby@suse.cz>, Greg KH <greg@kroah.com>,
        LKML <linux-kernel@vger.kernel.org>, stable <stable@vger.kernel.org>,
        lwn@lwn.net
Date: Tue, 26 Apr 2016 01:14:13 +0200
In-Reply-To: <20160421143325.GC9930@1wt.eu>
References: <5717DD8A.4000707@oracle.com> <571876AB.2060106@suse.cz>
	 <5718B57D.4000504@oracle.com> <5718C0B8.8010609@suse.cz>
	 <5718C215.7060703@suse.cz> <20160421123918.GA2294@kroah.com>
	 <5718DB7F.2010701@oracle.com> <5718DFF3.8020306@suse.cz>
	 <5718E362.5010402@oracle.com> <20160421143325.GC9930@1wt.eu>
Content-Type: multipart/signed; micalg="pgp-sha512";
	protocol="application/pgp-signature"; boundary="=-9GdOs7X370+VSG1x6E1x"
X-Mailer: Evolution 3.18.5.1-1 
Mime-Version: 1.0
X-SA-Exim-Connect-IP: 2a02:8426:ae4:c500:9cba:69ae:962d:6167
X-SA-Exim-Mail-From: ben@decadent.org.uk
X-SA-Exim-Scanned: No (on shadbolt.decadent.org.uk); SAEximRunCond expanded to false
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 2000
Lines: 55


--=-9GdOs7X370+VSG1x6E1x
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Thu, 2016-04-21 at 16:33 +0200, Willy Tarreau wrote:
> On Thu, Apr 21, 2016 at 10:27:46AM -0400, Sasha Levin wrote:
> >=20
> > This means that missing CVE fixes are quite common with stable
> > trees?
> Until someone reports they are missing :-)

Or they are unfixed upstream (there are a good few of those).

Debian has a public list of all unembargoed kernel security issues that
have CVEs (and a few that don't), with references to any upstream
commits and fixed stable versions - but only for the stable branches
that our stable releases follow.

The mapping of CVE IDs to commits may be useful to other stable
maintainers, even if the rest isn't.

svn co=C2=A0svn://scm.alioth.debian.org/svn/kernel-sec/

Ben.

--=20
Ben Hutchings
The generation of random numbers is too important to be left to chance.
                                                            - Robert Coveyo=
u

--=-9GdOs7X370+VSG1x6E1x
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAABCgAGBQJXHqTFAAoJEOe/yOyVhhEJnAsQAJykhQAyg0DImoJRCldxqQsK
nhsWPNYWB8XoqmQuQWBK3utelPM0QnAJ3aJj2WhViJAQWUdYpV+wktvif2d19wwH
qvQKw+PlJjcEfkh94YaakcQik9JUG0R8QpUyLsIMrLrVw4fIgyYEj6qraoaemFrX
XVhnOMCIa93iqkp2GH1WgXo9WjeV0hMB6qTA2+uNAB5JNdhPQds4je3c4JCBovR9
pXcb6NirV86GvVKAAv+VAkjikBojaDRc7OI0ApAMpI30v+npmr1NWexm5oFYK4TI
Byv0iDTXFuE32Rig3KQjYrWj3KSuLpqMm2j9abat8wCC7gMJR3JquEFirluaUyFJ
e4QdIyvs7bAS5IFkgCGJrl4Q1lP6GhwChUwxLlhFcXYDArFoAPovlBEkKNkfSum2
PXj1G0LpDfS61QWW2LWQjpX9R5e+GksD2vkqYcZpVIOqH43MNBN6wc5NY7mnz/SD
U5DhGD7v/oWqxoeBk1vC4e0pNulkfSxMUWENOZnxh0SDfImDmycX9DINM0PsWeOv
ni5T97XK7eB1fPDEDnEDQK4iEvq/19l6x79MlbxY75Fsi3CBjUww/4/VC4nVIyIx
CEn12W/h7G7UTonBQ40jzUzDNdzMw1cCjjXepUiAFgT96bBtuQh/qTJDsw9o3jNV
cIiuqZP9nwFYruZ/BXg1
=seqn
-----END PGP SIGNATURE-----

--=-9GdOs7X370+VSG1x6E1x--