Hi Jan, On Wed, Oct 05, 2016 at 09:49:28AM +0200, Jan Lühr wrote: > Hello, > > > Am 10/05/2016 um 06:52 AM schrieb Salvatore Bonaccorso: > > On Tue, Oct 04, 2016 at 11:54:12PM +0200, Jan Lühr wrote: > >> Hello, > >> Am 10/04/2016 um 07:57 PM schrieb Nicholas Luedtke: > >>> On 10/04/2016 11:40 AM, Felix Knecht wrote: > >>> > >>>> On 10/04/2016 06:38 PM, Jan Lühr wrote: > >>>>> CVE-2016-7117 was patched in Android today.I don't see much information > >>>>> right now. The title is rather frightening - the issue appears to be > >>>>> urgent. > >>>> The following upstream kernel commit is referenced in the security > >>>> bulletin: > >>>> > >>>> https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=34b88a68f26a75e4fded796f1a49c40f82234b7d > >>>> > >>>> No idea if this is fixed in Debian though. > >>>> > >>>> Felix > >>>> > >>> Looks like it was picked up when Debian rolled to 3.16.36-1. > > I updated the security-tracker information for CVE-2016-7117: > > > > https://security-tracker.debian.org/tracker/CVE-2016-7117 . The fix is > > as well included in 3.16.36-1. > > Thanks for the info! > Updating dsa-3659 may help confused people like me ;-).
I'm a bit against it doing any further change to the text for DSA-3659. The DSA was for the CVEs included in the 3.16.36-1+deb8u1, 3.16.36-1 was back then already accepted for the next point release and the fix is in the 3.16.36-1 part of the upload, not in the 3.16.36-1+deb8u1 upload for DSA-3659. I hope though the direct link to the CVE, as https://security-tracker.debian.org/tracker/CVE-2016-7117 is helpfull enough. Thanks though for the comment! Regards, Salvatore
