Brian May <b...@debian.org> writes:
>> Wonder how many of the CVEs the Ubuntu version fixes.
>
> Will have a look at this now.
Comparing the changelog with our security tracker (by hand; not sure if
anybody has written a tool to automate this, if not might be a good
idea):
Not fixed in backported Ubuntu precise version 4.1.6.1-0ubuntu0.12.04.10:
- CVE-2014-5146 (marked No DSA)
- CVE-2014-5149 (marked No DSA)
- CVE-2014-8104 (marked vulnerable; description says "Linux kernel
through 4.2.6" not sure if this means it is fixed or broken by 4.2.6)
- CVE-2014-8341 (marked No DSA)
Fixed in backported Ubuntu precise version 4.1.6.1-0ubuntu0.12.04.10:
- CVE-2015-2152 / XSA-119
- CVE-2015-2752 / XSA-125
- CVE-2015-2756 / XSA-126
- CVE-2015-3259 / XSA-137
- CVE-2015-5165 / XSA-140
- CVE-2015-5307 / XSA-156
- CVE-2015-7504 / XSA-162 (not in Debian security tracker)
- CVE-2015-7969 / XSA-149
- CVE-2015-7970 / XSA-150
- CVE-2015-7971 / XSA-152
- CVE-2015-7972 / XSA-153
- CVE-2015-8339, CVE-2015-8340 / XSA-159
- CVE-2015-8550 / XSA-155
- CVE-2015-8554 / XSA-164
- CVE-2015-8555 / XSA-165
- TEMP-0000000-CE3B44 / XSA-166
- CVE-2016-1570 / XSA-167
- CVE-2016-1571 / XSA-168
- CVE-2016-2270 / XSA-154
- CVE-2016-2271 / XSA-170
--
Brian May <b...@debian.org>
