Activity log for bug #1648662

Date Who What changed Old value New value Message
2016-12-09 00:45:21 Steve Beattie bug added bug
2016-12-09 00:45:56 Steve Beattie nominated for series Ubuntu Yakkety
2016-12-09 00:45:56 Steve Beattie bug task added linux (Ubuntu Yakkety)
2016-12-09 02:36:17 Steve Beattie description The yakkety master-next tree tagged Ubuntu-4.8.0-31.33 contains git commit 13119e8d911cd268a57012717874f8ab0f42c252 (upstream commit http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5d41ce29e3b91ef305f88d23f72b3359de329cec ). This is considered to have introduced CVE-2016-9919 (see http://www.openwall.com/lists/oss-security/2016/12/08/16 ), a remote denial of service for hosts that use ipv6. Upstream commit http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=79dc7e3f1cd323be4c81aa1a94faa1b3ed987fb2 addresses the issue. Since the issue only affects the yakkety-proposed kernel, we should not release this kernel with this vulnerability intact. The yakkety master-next tree tagged Ubuntu-4.8.0-31.33 contains git commit 13119e8d911cd268a57012717874f8ab0f42c252 (upstream commit http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5d41ce29e3b91ef305f88d23f72b3359de329cec, linux-stable commit http://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?h=linux-4.8.y&id=92fd1c1f2fd27a352b91ad1f874775618aa1865a ). This is considered to have introduced CVE-2016-9919 (see http://www.openwall.com/lists/oss-security/2016/12/08/16 ), a remote denial of service for hosts that use ipv6. Upstream commit http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=79dc7e3f1cd323be4c81aa1a94faa1b3ed987fb2 addresses the issue. Since the issue only affects the yakkety-proposed kernel, we should not release this kernel with this vulnerability intact.
2016-12-09 02:36:24 Steve Beattie summary Vulnerability picked up from 4.8.11 stable kernel Vulnerability picked up from 4.8.10 stable kernel
2016-12-09 02:41:46 Steve Beattie information type Private Security Public Security
2016-12-09 02:41:51 Steve Beattie linux (Ubuntu Yakkety): status New Confirmed
2016-12-09 03:00:15 Brad Figg linux (Ubuntu): status New Incomplete
2016-12-09 03:06:37 Seth Arnold linux (Ubuntu): status Incomplete Confirmed
2016-12-12 14:51:10 Luis Henriques linux (Ubuntu Yakkety): assignee Luis Henriques (henrix)
2016-12-12 14:51:20 Luis Henriques linux (Ubuntu Yakkety): assignee Luis Henriques (henrix) Thadeu Lima de Souza Cascardo (cascardo)
2016-12-12 14:55:26 Luis Henriques bug added subscriber Luis Henriques
2016-12-13 11:50:34 Luis Henriques linux (Ubuntu Yakkety): status Confirmed Fix Committed
2016-12-20 18:54:31 Launchpad Janitor linux (Ubuntu Yakkety): status Fix Committed Fix Released
2016-12-20 18:54:31 Launchpad Janitor cve linked 2016-6213
2016-12-20 18:54:31 Launchpad Janitor cve linked 2016-7039
2016-12-20 18:54:31 Launchpad Janitor cve linked 2016-8630
2016-12-20 18:54:31 Launchpad Janitor cve linked 2016-8666
2019-10-03 08:35:49 Po-Hsu Lin linux (Ubuntu): status Confirmed Invalid