This is the most recent e-mail. (Still no update in sight.) Thank you, Christian
---------- Forwarded message ---------- From: <[email protected]> Date: 2016-05-09 2:00 GMT+02:00 Subject: Debian security status of crabtree To: [email protected] Security report based on the jessie release *** Available security updates CVE-2013-4312 The Linux kernel before 4.4.1 allows local users to... <http://security-tracker.debian.org/tracker/CVE-2013-4312> - linux-image-3.16.0-4-amd64 (medium urgency) CVE-2013-7446 Use-after-free vulnerability in net/unix/af_unix.c in... <http://security-tracker.debian.org/tracker/CVE-2013-7446> - linux-image-3.16.0-4-amd64 (medium urgency) CVE-2015-1333 Memory leak in the __key_link_end function in... <http://security-tracker.debian.org/tracker/CVE-2015-1333> - linux-image-3.16.0-4-amd64 (medium urgency) CVE-2015-1339 Memory leak in the cuse_channel_release function in... <http://security-tracker.debian.org/tracker/CVE-2015-1339> - linux-image-3.16.0-4-amd64 (medium urgency) CVE-2015-2925 The prepend_path function in fs/dcache.c in the Linux... <http://security-tracker.debian.org/tracker/CVE-2015-2925> - linux-image-3.16.0-4-amd64 (medium urgency) CVE-2015-3212 Race condition in net/sctp/socket.c in the Linux... <http://security-tracker.debian.org/tracker/CVE-2015-3212> - linux-image-3.16.0-4-amd64 (medium urgency) CVE-2015-3288 zero page memory arbitrary modification <http://security-tracker.debian.org/tracker/CVE-2015-3288> - linux-image-3.16.0-4-amd64 CVE-2015-3290 arch/x86/entry/entry_64.S in the Linux kernel before... <http://security-tracker.debian.org/tracker/CVE-2015-3290> - linux-image-3.16.0-4-amd64 (high urgency) CVE-2015-3291 arch/x86/entry/entry_64.S in the Linux kernel before... <http://security-tracker.debian.org/tracker/CVE-2015-3291> - linux-image-3.16.0-4-amd64 (low urgency) CVE-2015-3636 The ping_unhash function in net/ipv4/ping.c in the... <http://security-tracker.debian.org/tracker/CVE-2015-3636> - linux-image-3.16.0-4-amd64 (medium urgency) CVE-2015-4167 The udf_read_inode function in fs/udf/inode.c in the... <http://security-tracker.debian.org/tracker/CVE-2015-4167> - linux-image-3.16.0-4-amd64 (medium urgency) CVE-2015-4692 The kvm_apic_has_events function in... <http://security-tracker.debian.org/tracker/CVE-2015-4692> - linux-image-3.16.0-4-amd64 (medium urgency) CVE-2015-4700 The bpf_int_jit_compile function in... <http://security-tracker.debian.org/tracker/CVE-2015-4700> - linux-image-3.16.0-4-amd64 (medium urgency) CVE-2015-5156 The virtnet_probe function in... <http://security-tracker.debian.org/tracker/CVE-2015-5156> - linux-image-3.16.0-4-amd64 (remotely exploitable, medium urgency) CVE-2015-5157 arch/x86/entry/entry_64.S in the Linux kernel before... <http://security-tracker.debian.org/tracker/CVE-2015-5157> - linux-image-3.16.0-4-amd64 (high urgency) CVE-2015-5257 drivers/usb/serial/whiteheat.c in the Linux kernel... <http://security-tracker.debian.org/tracker/CVE-2015-5257> - linux-image-3.16.0-4-amd64 (medium urgency) CVE-2015-5283 The sctp_init function in net/sctp/protocol.c in the... <http://security-tracker.debian.org/tracker/CVE-2015-5283> - linux-image-3.16.0-4-amd64 (medium urgency) CVE-2015-5307 The KVM subsystem in the Linux kernel through 4.2.6,... <http://security-tracker.debian.org/tracker/CVE-2015-5307> - linux-image-3.16.0-4-amd64 (medium urgency) CVE-2015-5364 The (1) udp_recvmsg and (2) udpv6_recvmsg functions... <http://security-tracker.debian.org/tracker/CVE-2015-5364> - linux-image-3.16.0-4-amd64 (remotely exploitable, high urgency) CVE-2015-5366 The (1) udp_recvmsg and (2) udpv6_recvmsg functions... <http://security-tracker.debian.org/tracker/CVE-2015-5366> - linux-image-3.16.0-4-amd64 (remotely exploitable, medium urgency) CVE-2015-5697 The get_bitmap_file function in drivers/md/md.c in... <http://security-tracker.debian.org/tracker/CVE-2015-5697> - linux-image-3.16.0-4-amd64 (low urgency) CVE-2015-5706 Use-after-free vulnerability in the path_openat... <http://security-tracker.debian.org/tracker/CVE-2015-5706> - linux-image-3.16.0-4-amd64 (medium urgency) CVE-2015-5707 Integer overflow in the sg_start_req function in... <http://security-tracker.debian.org/tracker/CVE-2015-5707> - linux-image-3.16.0-4-amd64 (medium urgency) CVE-2015-6252 The vhost_dev_ioctl function in drivers/vhost/vhost.c... <http://security-tracker.debian.org/tracker/CVE-2015-6252> - linux-image-3.16.0-4-amd64 (low urgency) CVE-2015-6526 The perf_callchain_user_64 function in... <http://security-tracker.debian.org/tracker/CVE-2015-6526> - linux-image-3.16.0-4-amd64 (medium urgency) CVE-2015-6937 The __rds_conn_create function in... <http://security-tracker.debian.org/tracker/CVE-2015-6937> - linux-image-3.16.0-4-amd64 (remotely exploitable, high urgency) CVE-2015-7312 Multiple race conditions in the Advanced Union... <http://security-tracker.debian.org/tracker/CVE-2015-7312> - linux-image-3.16.0-4-amd64 (medium urgency) CVE-2015-7513 arch/x86/kvm/x86.c in the Linux kernel before 4.4... <http://security-tracker.debian.org/tracker/CVE-2015-7513> - linux-image-3.16.0-4-amd64 (medium urgency) CVE-2015-7550 The keyctl_read_key function in... <http://security-tracker.debian.org/tracker/CVE-2015-7550> - linux-image-3.16.0-4-amd64 (medium urgency) CVE-2015-7566 The clie_5_attach function in... <http://security-tracker.debian.org/tracker/CVE-2015-7566> - linux-image-3.16.0-4-amd64 (medium urgency) CVE-2015-7613 Race condition in the IPC object implementation in... <http://security-tracker.debian.org/tracker/CVE-2015-7613> - linux-image-3.16.0-4-amd64 (medium urgency) CVE-2015-7799 The slhc_init function in drivers/net/slip/slhc.c in... <http://security-tracker.debian.org/tracker/CVE-2015-7799> - linux-image-3.16.0-4-amd64 (medium urgency) CVE-2015-7833 The usbvision driver in the Linux kernel package... <http://security-tracker.debian.org/tracker/CVE-2015-7833> - linux-image-3.16.0-4-amd64 (medium urgency) CVE-2015-7872 The key_gc_unused_keys function in security/keys/gc.c... <http://security-tracker.debian.org/tracker/CVE-2015-7872> - linux-image-3.16.0-4-amd64 (low urgency) CVE-2015-7884 The vivid_fb_ioctl function in ... <http://security-tracker.debian.org/tracker/CVE-2015-7884> - linux-image-3.16.0-4-amd64 (low urgency) CVE-2015-7990 Race condition in the rds_sendmsg function in... <http://security-tracker.debian.org/tracker/CVE-2015-7990> - linux-image-3.16.0-4-amd64 (medium urgency) CVE-2015-8104 The KVM subsystem in the Linux kernel through 4.2.6,... <http://security-tracker.debian.org/tracker/CVE-2015-8104> - linux-image-3.16.0-4-amd64 (medium urgency) CVE-2015-8215 net/ipv6/addrconf.c in the IPv6 stack in the Linux... <http://security-tracker.debian.org/tracker/CVE-2015-8215> - linux-image-3.16.0-4-amd64 (remotely exploitable, medium urgency) CVE-2015-8374 fs/btrfs/inode.c in the Linux kernel before 4.3.3... <http://security-tracker.debian.org/tracker/CVE-2015-8374> - linux-image-3.16.0-4-amd64 (low urgency) CVE-2015-8543 The networking implementation in the Linux kernel... <http://security-tracker.debian.org/tracker/CVE-2015-8543> - linux-image-3.16.0-4-amd64 (medium urgency) CVE-2015-8550 Xen, when used on a system providing PV backends,... <http://security-tracker.debian.org/tracker/CVE-2015-8550> - linux-image-3.16.0-4-amd64 (medium urgency) CVE-2015-8551 The PCI backend driver in Xen, when running on an x86... <http://security-tracker.debian.org/tracker/CVE-2015-8551> - linux-image-3.16.0-4-amd64 (medium urgency) CVE-2015-8552 The PCI backend driver in Xen, when running on an x86... <http://security-tracker.debian.org/tracker/CVE-2015-8552> - linux-image-3.16.0-4-amd64 (low urgency) CVE-2015-8569 The (1) pptp_bind and (2) pptp_connect functions in ... <http://security-tracker.debian.org/tracker/CVE-2015-8569> - linux-image-3.16.0-4-amd64 (low urgency) CVE-2015-8575 The sco_sock_bind function in net/bluetooth/sco.c in... <http://security-tracker.debian.org/tracker/CVE-2015-8575> - linux-image-3.16.0-4-amd64 (low urgency) CVE-2015-8660 The ovl_setattr function in fs/overlayfs/inode.c in... <http://security-tracker.debian.org/tracker/CVE-2015-8660> - linux-image-3.16.0-4-amd64 (high urgency) CVE-2015-8709 ** DISPUTED ** kernel/ptrace.c in the Linux kernel... <http://security-tracker.debian.org/tracker/CVE-2015-8709> - linux-image-3.16.0-4-amd64 (medium urgency) CVE-2015-8746 fs/nfs/nfs4proc.c in the NFS client in the Linux... <http://security-tracker.debian.org/tracker/CVE-2015-8746> - linux-image-3.16.0-4-amd64 (remotely exploitable, medium urgency) CVE-2015-8767 net/sctp/sm_sideeffect.c in the Linux kernel before... <http://security-tracker.debian.org/tracker/CVE-2015-8767> - linux-image-3.16.0-4-amd64 (remotely exploitable, medium urgency) CVE-2015-8785 The fuse_fill_write_pages function in fs/fuse/file.c... <http://security-tracker.debian.org/tracker/CVE-2015-8785> - linux-image-3.16.0-4-amd64 (medium urgency) CVE-2015-8787 The nf_nat_redirect_ipv4 function in... <http://security-tracker.debian.org/tracker/CVE-2015-8787> - linux-image-3.16.0-4-amd64 (remotely exploitable, high urgency) CVE-2015-8812 drivers/infiniband/hw/cxgb3/iwch_cm.c in the Linux... <http://security-tracker.debian.org/tracker/CVE-2015-8812> - linux-image-3.16.0-4-amd64 (remotely exploitable, high urgency) CVE-2015-8816 The hub_activate function in drivers/usb/core/hub.c... <http://security-tracker.debian.org/tracker/CVE-2015-8816> - linux-image-3.16.0-4-amd64 (high urgency) CVE-2015-8830 Integer overflow in the aio_setup_single_vector... <http://security-tracker.debian.org/tracker/CVE-2015-8830> - linux-image-3.16.0-4-amd64 (high urgency) CVE-2016-0723 Race condition in the tty_ioctl function in... <http://security-tracker.debian.org/tracker/CVE-2016-0723> - linux-image-3.16.0-4-amd64 (medium urgency) CVE-2016-0728 The join_session_keyring function in... <http://security-tracker.debian.org/tracker/CVE-2016-0728> - linux-image-3.16.0-4-amd64 (high urgency) CVE-2016-0823 The pagemap_open function in fs/proc/task_mmu.c in... <http://security-tracker.debian.org/tracker/CVE-2016-0823> - linux-image-3.16.0-4-amd64 (low urgency) CVE-2016-1575 The overlayfs implementation in the Linux kernel... <http://security-tracker.debian.org/tracker/CVE-2016-1575> - linux-image-3.16.0-4-amd64 (high urgency) CVE-2016-1576 The overlayfs implementation in the Linux kernel... <http://security-tracker.debian.org/tracker/CVE-2016-1576> - linux-image-3.16.0-4-amd64 (high urgency) CVE-2016-2069 Race condition in arch/x86/mm/tlb.c in the Linux... <http://security-tracker.debian.org/tracker/CVE-2016-2069> - linux-image-3.16.0-4-amd64 (medium urgency) CVE-2016-2070 The tcp_cwnd_reduction function in... <http://security-tracker.debian.org/tracker/CVE-2016-2070> - linux-image-3.16.0-4-amd64 (remotely exploitable, high urgency) CVE-2016-2085 The evm_verify_hmac function in... <http://security-tracker.debian.org/tracker/CVE-2016-2085> - linux-image-3.16.0-4-amd64 (low urgency) CVE-2016-2383 The adjust_branches function in kernel/bpf/verifier.c... <http://security-tracker.debian.org/tracker/CVE-2016-2383> - linux-image-3.16.0-4-amd64 (low urgency) CVE-2016-2384 Double free vulnerability in the snd_usbmidi_create... <http://security-tracker.debian.org/tracker/CVE-2016-2384> - linux-image-3.16.0-4-amd64 (medium urgency) CVE-2016-2543 The snd_seq_ioctl_remove_events function in ... <http://security-tracker.debian.org/tracker/CVE-2016-2543> - linux-image-3.16.0-4-amd64 (medium urgency) CVE-2016-2544 Race condition in the queue_delete function in ... <http://security-tracker.debian.org/tracker/CVE-2016-2544> - linux-image-3.16.0-4-amd64 (medium urgency) CVE-2016-2545 The snd_timer_interrupt function in... <http://security-tracker.debian.org/tracker/CVE-2016-2545> - linux-image-3.16.0-4-amd64 (medium urgency) CVE-2016-2546 sound/core/timer.c in the Linux kernel before 4.4.1... <http://security-tracker.debian.org/tracker/CVE-2016-2546> - linux-image-3.16.0-4-amd64 (medium urgency) CVE-2016-2547 sound/core/timer.c in the Linux kernel before 4.4.1... <http://security-tracker.debian.org/tracker/CVE-2016-2547> - linux-image-3.16.0-4-amd64 (medium urgency) CVE-2016-2548 sound/core/timer.c in the Linux kernel before 4.4.1... <http://security-tracker.debian.org/tracker/CVE-2016-2548> - linux-image-3.16.0-4-amd64 (medium urgency) CVE-2016-2549 sound/core/hrtimer.c in the Linux kernel before 4.4.1... <http://security-tracker.debian.org/tracker/CVE-2016-2549> - linux-image-3.16.0-4-amd64 (low urgency) CVE-2016-2550 The Linux kernel before 4.5 allows local users to... <http://security-tracker.debian.org/tracker/CVE-2016-2550> - linux-image-3.16.0-4-amd64 (medium urgency) CVE-2016-2782 The treo_attach function in... <http://security-tracker.debian.org/tracker/CVE-2016-2782> - linux-image-3.16.0-4-amd64 (medium urgency) CVE-2016-2847 fs/pipe.c in the Linux kernel before 4.5 does not... <http://security-tracker.debian.org/tracker/CVE-2016-2847> - linux-image-3.16.0-4-amd64 (medium urgency) *** New vulnerabilities CVE-2015-8842 tmpfiles.d/systemd.conf in systemd before 229 uses... <http://security-tracker.debian.org/tracker/CVE-2015-8842> - libudev1, libpam-systemd, systemd-sysv, libsystemd0, udev, systemd (low urgency) CVE-2016-2053 The asn1_ber_decoder function in lib/asn1_decoder.c... <http://security-tracker.debian.org/tracker/CVE-2016-2053> - linux-image-3.16.0-4-amd64 (remotely exploitable, high urgency) *** Vulnerabilities without updates [...]

