Deliberately skipping "Revert "module: Add retpoline tag to VERMAGIC"" because we decided we actually are fine with flagging things that way.
Skipping because already applied:
* Slow system response time due to a monitor bug (bug 1606147)
- x86/cpu/intel: Introduce macros for Intel family numbers
* CVE-2017-1000364
- mm/mmap.c: do not blow on PROT_NONE MAP_FIXED holes in the stack
* CVE-2017-17448
- netfilter: nfnetlink_cthelper: Add missing permission checks
* CVE-2017-17450
- netfilter: xt_osf: Add missing permission checks
We backported the following set for (bug 16407868):
* netfilter: x_tables: pass xt_counters struct instead of packet
counter
* netfilter: x_tables: pass xt_counters struct to counter allocator
* netfilter: x_tables: pack percpu counter allocations
this caused the following stable patch to be not needed in Xenial:
* netfilter: fix IS_ERR_VALUE usage
Skipped until later decision (Spectre v2 upstream):
* x86/retpoline: Fill RSB on context switch for affected CPUs
-> re-defines the SPEC_CTRL bit with a different name and does
some STUFF_RSB related things
Deliberately skipping "Revert "module: Add retpoline tag to VERMAGIC"" because we decided we actually are fine with flagging things that way.
Skipping because already applied:
* Slow system response time due to a monitor bug (bug 1606147)
- x86/cpu/intel: Introduce macros for Intel family numbers
* CVE-2017-1000364
- mm/mmap.c: do not blow on PROT_NONE MAP_FIXED holes in the stack
* CVE-2017-17448
- netfilter: nfnetlink_cthelper: Add missing permission checks
* CVE-2017-17450
- netfilter: xt_osf: Add missing permission checks
We backported the following set for (bug 16407868):
* netfilter: x_tables: pass xt_counters struct instead of packet
counter
* netfilter: x_tables: pass xt_counters struct to counter allocator
* netfilter: x_tables: pack percpu counter allocations
this caused the following stable patch to be not needed in Xenial:
* netfilter: fix IS_ERR_VALUE usage
Skipped until later decision (Spectre v2 upstream):
* x86/retpoline: Fill RSB on context switch for affected CPUs
-> re-defines the SPEC_CTRL bit with a different name and does
some STUFF_RSB related things