CVE fixes in kernel-3.16.7-200.fc20
Reindl Harald
h.reindl at thelounge.net
Fri Oct 31 11:36:41 UTC 2014
Am 31.10.2014 um 12:33 schrieb Josh Boyer:
> On Fri, Oct 31, 2014 at 06:09:13AM +0100, Reindl Harald wrote:
>> i wonder if 3.16.7 contains all the 3.16.3 CVE-fixes from
>> https://koji.fedoraproject.org/koji/buildinfo?buildID=587751 and the
>> previous 3.16.6 ones from Fedora because
>> https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.7 dont
>> mention them?
>
> They weren't added upstream, which is why the upstream ChangeLog doesn't
> list them. Sometimes the CVE information for a patch isn't listed there
> anyway. They're still in the Fedora kernel build of the same as
> add-on patches. This happens quite frequently
thanks for feedback
good to know - sadly that the upstream changelog don't start with a
seperate paragraph listing fixed CVE's independent of the commit-log
More information about the kernel
mailing list