Accepted linux-signed-i386 4.19.118+2+deb10u1 (source) into proposed-updates->stable-new, proposed-updates
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 07 Jun 2020 17:42:22 +0200
Source: linux-signed-i386
Architecture: source
Version: 4.19.118+2+deb10u1
Distribution: buster-security
Urgency: high
Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Changes:
linux-signed-i386 (4.19.118+2+deb10u1) buster-security; urgency=high
.
* Sign kernel from linux 4.19.118-2+deb10u1
.
[ Salvatore Bonaccorso ]
* selinux: properly handle multiple messages in selinux_netlink_send()
(CVE-2020-10751)
* fs/namespace.c: fix mountpoint reference counter race (CVE-2020-12114)
* USB: core: Fix free-while-in-use bug in the USB S-Glibrary
(CVE-2020-12464)
* [x86] KVM: SVM: Fix potential memory leak in svm_cpu_init()
(CVE-2020-12768)
* scsi: sg: add sg_remove_request in sg_write (CVE-2020-12770)
* USB: gadget: fix illegal array access in binding with UDC (CVE-2020-13143)
* netlabel: cope with NULL catmap (CVE-2020-10711)
* fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info()
(CVE-2020-10732)
* kernel/relay.c: handle alloc_percpu returning NULL in relay_open
(CVE-2019-19462)
* mm: Fix mremap not considering huge pmd devmap (CVE-2020-10757)
* [x86] KVM: nVMX: Always sync GUEST_BNDCFGS when it comes from vmcs01
* KVM: Introduce a new guest mapping API
* [arm64] kvm: fix compilation on aarch64
* [s390x] kvm: fix compilation on s390
* [s390x] kvm: fix compile on s390 part 2
* KVM: Properly check if "page" is valid in kvm_vcpu_unmap
* [x86] kvm: Introduce kvm_(un)map_gfn() (CVE-2019-3016)
* [x86] kvm: Cache gfn to pfn translation (CVE-2019-3016)
* [x86] KVM: Make sure KVM_VCPU_FLUSH_TLB flag is not missed (CVE-2019-3016)
* [x86] KVM: Clean up host's steal time structure (CVE-2019-3016)
* include/uapi/linux/swab.h: fix userspace breakage, use __BITS_PER_LONG for
swap (Closes: #960271)
.
[ Ben Hutchings ]
* propagate_one(): mnt_set_mountpoint() needs mount_lock
* [x86] Add support for mitigation of Special Register Buffer Data Sampling
(SRBDS) (CVE-2020-0543):
- x86/cpu: Add 'table' argument to cpu_matches()
- x86/speculation: Add Special Register Buffer Data Sampling (SRBDS)
mitigation
- x86/speculation: Add SRBDS vulnerability and mitigation documentation
- x86/speculation: Add Ivy Bridge to affected list
* [x86] speculation: Do not match steppings, to avoid an ABI change
Checksums-Sha1:
be3d67060dd141dcedbede59c09d7602d9da8b85 13356 linux-signed-i386_4.19.118+2+deb10u1.dsc
6977986d969d6ef8a66c5c667792fe18b8feb0f1 3406472 linux-signed-i386_4.19.118+2+deb10u1.tar.xz
Checksums-Sha256:
e897a3c6d46f7541d596731a828276bf13e1a5f6ead711fa6af73c6f8b6d6949 13356 linux-signed-i386_4.19.118+2+deb10u1.dsc
ae10f5dc4b6a9a2e7d1c91875813beebf858e0abf366be9db7f3fdd55c3b7448 3406472 linux-signed-i386_4.19.118+2+deb10u1.tar.xz
Files:
8289f89ef70c5dfe613d403c9bf3139b 13356 kernel optional linux-signed-i386_4.19.118+2+deb10u1.dsc
b180e273230ad0c17debdbb5f03728bd 3406472 kernel optional linux-signed-i386_4.19.118+2+deb10u1.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE8nXL3e4u3Tgu6Vp6qgZoiu+K+NUFAl7eajAACgkQqgZoiu+K
+NV2bA//QHflW3a9ideYAMBJU3Sb0XKL2VbQopxQxJCyzQ4iB9iRzZHwKgQoaV71
BcGJJvtandTdWJ9UQBtGJ5FEmAK/qAxmoMXR7Sb+009OCMulQYjSD/SKsMYCwEN+
Vx7o0GxAArv2wF1xruww1M4FGTtImOmPAsVto/iT9XOrRu23N1p2KNli+dbY02Mg
e9B3ZFELjrXEzfm7ZgY/BCkR66uF4d49P5pbOzbvWXEo19pH3ZY3F+I6nOQVQiEX
m3PE/Bc+HJjROwQ+eiwTBq9ibhu4iG27LNoZuGck6h9dHupLvlREP6Db+nS3PrV7
ctzuSYao4QWJRoL5GmC/ert0yzRD42fUjaFX8D48gII8brgq6P38CPPqAAYV5qob
ccm+myLeQd44b8PBfwqW04/JsqZP6wF6C7mX/et+O/luvXjfXBtYA24/RvnJeeZK
wqzh8LXIqiYto3nXT1axmGW/E31fbjMUZsiMurIkkTOxILifz1/Jft368miRPsXq
ZnvJB3F9fFTxlnjBcOPQ+8JoP9Pna+60bsQm5lHm/iUpHy/H9Rw9ZBVDDAQgl39p
pHL3chK7Qp6lo3AciDaFfMHLzWlxDyOlsh7oePLzgQsqVwfLeCOSdLbGVaOxdhm0
b15ZKcTHlKrHn0a87ixlENr6Uw0eBypVWjZI7OBQs0PveGhCP1s=
=WnUJ
-----END PGP SIGNATURE-----