On Tue, Apr 25, 2017 at 06:07:38PM +0100, Ben Hutchings wrote: > Greg, > > I've found a number of CVEs fixed in upstream a while ago but still > affecting stable branches. The following commits should fix most of > those for 4.4: > > d29216842a85c7970c536108e093963f02714498 (CVE-2016-6213) [backported] > 8dfbcc4351a0b6d2f2d77f367552f48ffefafe18 (CVE-2016-7913) > c58d6c93680f28ac58984af61d0a7ebf4319c241 (CVE-2016-7917) > 3de81b758853f0b29c61e246679d20b513c4cfec (CVE-2016-8632) [backported] > 05692d7005a364add85c6e25a6c4447ce08f913a (CVE-2016-9083, CVE-2016-9084) > 9590232bb4f4cc824f3425a6e1349afbe6d6d2b7 (CVE-2016-9120) > 43a6684519ab0a6c52024b5e25322476cabad893 (CVE-2017-2671) > 321027c1fe77f892f4ea07846aeae08cefbbb290 (CVE-2017-6001) [backported] > 8f8d28e4d6d815a391285e121c3a53a0b6cb9e7b (CVE-2017-7308) > bcc5364bdcfe131e6379363f089e7b4108d35b70 (CVE-2017-7308) > > I've attached patches for those that needed work to backport. Many thanks for these, all now queued up. > CVE-2017-7308 isn't yet fixed in 4.9 or 4.10, but David Miller has the > patches queued up. Ok, I'll hold off on those for now. > I should be able to provide you with a (much longer) list for 3.18 > later. I think a few of these worked for 3.18, so I have applied them. But if you have a better list, I'd appreciate it, but don't feel like you have to spend a lot of time on it. thanks, greg k-h