• linux-signed-amd64_5.10.46+5_source.changes ACCEPTED into proposed-upda

    From Debian FTP Masters@21:1/5 to All on Sat Sep 25 11:40:02 2021
    Mapping stable-security to proposed-updates.

    Accepted:

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    Format: 1.8
    Date: Thu, 23 Sep 2021 22:35:21 +0200
    Source: linux-signed-amd64
    Architecture: source
    Version: 5.10.46+5
    Distribution: bullseye-security
    Urgency: high
    Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org>
    Changed-By: Salvatore Bonaccorso <carnil@debian.org>
    Changes:
    linux-signed-amd64 (5.10.46+5) bullseye-security; urgency=high
    .
    * Sign kernel from linux 5.10.46-5
    .
    * virtio_console: Assure used length from device is limited (CVE-2021-38160)
    * NFSv4: Initialise connection to the server in nfs4_alloc_client()
    (CVE-2021-38199)
    * tracing: Fix bug in rb_per_cpu_empty() that might cause deadloop.
    (CVE-2021-3679)
    * [poewrpc*] KVM: PPC: Book3S: Fix H_RTAS rets buffer overflow
    (CVE-2021-37576)
    * ovl: prevent private clone if bind mount is not allowed (CVE-2021-3732)
    * [x86] KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl
    (CVE-2021-3653)
    * [x86] KVM: nSVM: always intercept VMLOAD/VMSAVE when nested (CVE-2021-3656)
    * bpf: Fix integer overflow involving bucket_size (CVE-2021-38166)
    * ath: Use safer key clearing with key cache entries (CVE-2020-3702)
    * ath9k: Clear key cache explicitly on disabling hardware (CVE-2020-3702)
    * ath: Export ath_hw_keysetmac() (CVE-2020-3702)
    * ath: Modify ath_key_delete() to not need full key entry (CVE-2020-3702)
    * ath9k: Postpone key cache entry deletion for TXQ frames reference it
    (CVE-2020-3702)
    * btrfs: fix NULL pointer dereference when deleting device by invalid id
    (CVE-2021-3739)
    * net: qrtr: fix another OOB Read in qrtr_endpoint_post (CVE-2021-3743)
    * vt_kdsetmode: extend console locking (CVE-2021-3753)
    * ext4: fix race writing to an inline_data file while its xattrs are changing
    (CVE-2021-40490)
    * dccp: don't duplicate ccid when cloning dccp sock (CVE-2020-16119)
    * io_uring: ensure symmetry in handling iter types in loop_rw_iter()
    (CVE-2021-41073)
    * netfilter: nftables: avoid potential overflows on 32bit arches
    * netfilter: nf_tables: initialize set before expression setup
    (Closes: #993978)
    * netfilter: nftables: clone set element expression template
    * bnx2x: Fix enabling network interfaces without VFs (Closes: #993948) Checksums-Sha1:
    0eb9229fa7a5960e919a3ea30310d687a4529883 8487 linux-signed-amd64_5.10.46+5.dsc
    f04c2cc8c438f5c98aec08ff7828ebd81409b4ec 2669588 linux-signed-amd64_5.10.46+5.tar.xz
    Checksums-Sha256:
    afd6d13a81f77cbebd06950da2681691b2448c6c786bf62dcbc873be1e17cd15 8487 linux-signed-amd64_5.10.46+5.dsc
    aaae7da86340328c26f91e2d8bf666482c0f849377018de626270a6b8a3e884c 2669588 linux-signed-amd64_5.10.46+5.tar.xz
    Files:
    cb82678b96fe8d437ee2a3000ddb0a69 8487 kernel optional linux-signed-amd64_5.10.46+5.dsc
    9e90d336c87477ea55b21c1ce225dd48 2669588 kernel optional linux-signed-amd64_5.10.46+5.tar.xz

    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEfKFfvHEI+gkU+E+di0FRiLdONzYFAmFNl9MACgkQi0FRiLdO NzZ6PQ//VGWa3t0tB6AanoiOaNtYchz8cy7ydeATBIyk/OfuiQN7RCr31Q3J6o9M ykV4znxgtal1pCEo1mZUZYdNqpDNI/23MUhENL2kAphwQV2c+yRX4sI6Y7TZVuQR WpNU+v3JVwaZXSySIPdfKPxjgJrizL6cmJQHpLJIYLUX6Tp/T+5wSQp9PgWlcO/y OXGbjD9+T2Pu1K5O+1lY2Wduvgu/1p9CoGKvVX5Yv0qVKJiXHGig4znROAxoIsuP q47yCU/B00FGcN7SSd+7AXh2Vil6FXxeWxjnwPjWTSNQsYqTSmd9KplGAbn/iE4m MLb9+gsWe5aIb4zSCtdpXTq89MOkCbvSPqtx9cYP5lfLX7Qg0GZ3WCy8RaFvG+eR TKISGYqvBMeGi1mOrw3qgoOOCfXVpq5GWWz9SDyYBSG7+F2b6d9q29ToPc/6WdmR 9y/je7QNSawaJ/VO1UhIgl70GVNid8VbQTW8sWiSUWLNs8WZYhhdvkCfhPXjUH+n 0yegzrdsKl/I92CDxSdjZovrUc/VcULGzzeM8s7+qauStCnahvLkkHpFGo4/rakj UZfOodOI8xmPg/O+orMkVGPx+0Pe45fTlkNtpIjvur7Vjx/ZNzlR3YyBdTrI4L3R kdYU8ysuPf0pmFa62fip5Vf+JwPT9J3/fLDdVROuVJJASo0soRE=
    =d015
    -----END PGP SIGNATURE-----


    Thank you for your contribution to Debian.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Debian FTP Masters@21:1/5 to All on Sun Sep 26 13:40:02 2021
    Accepted:

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    Format: 1.8
    Date: Thu, 23 Sep 2021 22:35:21 +0200
    Source: linux-signed-amd64
    Architecture: source
    Version: 5.10.46+5
    Distribution: bullseye-security
    Urgency: high
    Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org>
    Changed-By: Salvatore Bonaccorso <carnil@debian.org>
    Changes:
    linux-signed-amd64 (5.10.46+5) bullseye-security; urgency=high
    .
    * Sign kernel from linux 5.10.46-5
    .
    * virtio_console: Assure used length from device is limited (CVE-2021-38160)
    * NFSv4: Initialise connection to the server in nfs4_alloc_client()
    (CVE-2021-38199)
    * tracing: Fix bug in rb_per_cpu_empty() that might cause deadloop.
    (CVE-2021-3679)
    * [poewrpc*] KVM: PPC: Book3S: Fix H_RTAS rets buffer overflow
    (CVE-2021-37576)
    * ovl: prevent private clone if bind mount is not allowed (CVE-2021-3732)
    * [x86] KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl
    (CVE-2021-3653)
    * [x86] KVM: nSVM: always intercept VMLOAD/VMSAVE when nested (CVE-2021-3656)
    * bpf: Fix integer overflow involving bucket_size (CVE-2021-38166)
    * ath: Use safer key clearing with key cache entries (CVE-2020-3702)
    * ath9k: Clear key cache explicitly on disabling hardware (CVE-2020-3702)
    * ath: Export ath_hw_keysetmac() (CVE-2020-3702)
    * ath: Modify ath_key_delete() to not need full key entry (CVE-2020-3702)
    * ath9k: Postpone key cache entry deletion for TXQ frames reference it
    (CVE-2020-3702)
    * btrfs: fix NULL pointer dereference when deleting device by invalid id
    (CVE-2021-3739)
    * net: qrtr: fix another OOB Read in qrtr_endpoint_post (CVE-2021-3743)
    * vt_kdsetmode: extend console locking (CVE-2021-3753)
    * ext4: fix race writing to an inline_data file while its xattrs are changing
    (CVE-2021-40490)
    * dccp: don't duplicate ccid when cloning dccp sock (CVE-2020-16119)
    * io_uring: ensure symmetry in handling iter types in loop_rw_iter()
    (CVE-2021-41073)
    * netfilter: nftables: avoid potential overflows on 32bit arches
    * netfilter: nf_tables: initialize set before expression setup
    (Closes: #993978)
    * netfilter: nftables: clone set element expression template
    * bnx2x: Fix enabling network interfaces without VFs (Closes: #993948) Checksums-Sha1:
    0eb9229fa7a5960e919a3ea30310d687a4529883 8487 linux-signed-amd64_5.10.46+5.dsc
    f04c2cc8c438f5c98aec08ff7828ebd81409b4ec 2669588 linux-signed-amd64_5.10.46+5.tar.xz
    Checksums-Sha256:
    afd6d13a81f77cbebd06950da2681691b2448c6c786bf62dcbc873be1e17cd15 8487 linux-signed-amd64_5.10.46+5.dsc
    aaae7da86340328c26f91e2d8bf666482c0f849377018de626270a6b8a3e884c 2669588 linux-signed-amd64_5.10.46+5.tar.xz
    Files:
    cb82678b96fe8d437ee2a3000ddb0a69 8487 kernel optional linux-signed-amd64_5.10.46+5.dsc
    9e90d336c87477ea55b21c1ce225dd48 2669588 kernel optional linux-signed-amd64_5.10.46+5.tar.xz

    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEfKFfvHEI+gkU+E+di0FRiLdONzYFAmFNl9MACgkQi0FRiLdO NzZ6PQ//VGWa3t0tB6AanoiOaNtYchz8cy7ydeATBIyk/OfuiQN7RCr31Q3J6o9M ykV4znxgtal1pCEo1mZUZYdNqpDNI/23MUhENL2kAphwQV2c+yRX4sI6Y7TZVuQR WpNU+v3JVwaZXSySIPdfKPxjgJrizL6cmJQHpLJIYLUX6Tp/T+5wSQp9PgWlcO/y OXGbjD9+T2Pu1K5O+1lY2Wduvgu/1p9CoGKvVX5Yv0qVKJiXHGig4znROAxoIsuP q47yCU/B00FGcN7SSd+7AXh2Vil6FXxeWxjnwPjWTSNQsYqTSmd9KplGAbn/iE4m MLb9+gsWe5aIb4zSCtdpXTq89MOkCbvSPqtx9cYP5lfLX7Qg0GZ3WCy8RaFvG+eR TKISGYqvBMeGi1mOrw3qgoOOCfXVpq5GWWz9SDyYBSG7+F2b6d9q29ToPc/6WdmR 9y/je7QNSawaJ/VO1UhIgl70GVNid8VbQTW8sWiSUWLNs8WZYhhdvkCfhPXjUH+n 0yegzrdsKl/I92CDxSdjZovrUc/VcULGzzeM8s7+qauStCnahvLkkHpFGo4/rakj UZfOodOI8xmPg/O+orMkVGPx+0Pe45fTlkNtpIjvur7Vjx/ZNzlR3YyBdTrI4L3R kdYU8ysuPf0pmFa62fip5Vf+JwPT9J3/fLDdVROuVJJASo0soRE=
    =d015
    -----END PGP SIGNATURE-----


    Thank you for your contribution to Debian.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)