On Tue, Apr 25, 2017 at 06:07:38PM +0100, Ben Hutchings wrote: > Greg, > > I've found a number of CVEs fixed in upstream a while ago but still > affecting stable branches. The following commits should fix most of > those for 4.4: > > d29216842a85c7970c536108e093963f02714498 (CVE-2016-6213) [backported] > 8dfbcc4351a0b6d2f2d77f367552f48ffefafe18 (CVE-2016-7913) > c58d6c93680f28ac58984af61d0a7ebf4319c241 (CVE-2016-7917) > 3de81b758853f0b29c61e246679d20b513c4cfec (CVE-2016-8632) [backported] > 05692d7005a364add85c6e25a6c4447ce08f913a (CVE-2016-9083, CVE-2016-9084) > 9590232bb4f4cc824f3425a6e1349afbe6d6d2b7 (CVE-2016-9120) > 43a6684519ab0a6c52024b5e25322476cabad893 (CVE-2017-2671) > 321027c1fe77f892f4ea07846aeae08cefbbb290 (CVE-2017-6001) [backported] > 8f8d28e4d6d815a391285e121c3a53a0b6cb9e7b (CVE-2017-7308) > bcc5364bdcfe131e6379363f089e7b4108d35b70 (CVE-2017-7308) > > I've attached patches for those that needed work to backport. > > CVE-2017-7308 isn't yet fixed in 4.9 or 4.10, but David Miller has the > patches queued up. > > I should be able to provide you with a (much longer) list for 3.18 > later. Very nice, thank you so much for this! I'll queue them up for the next 4.4 release after this one gets released in a few days. How did you happen to find these? Where am I not looking that I should have seen these? For 4.4, I hope I'm paying attention :) thanks, greg k-h