Only list CVEs fixed by 4.12.4-4.12.6

As this will already be a major version update for unstable there's little
point in listing the additional changes in stable updates.

1 files changed, 0 insertions, 349 deletions

diff --git a/debian/changelog b/debian/changelog
index 80f4e926badb..af2fa549a4e8 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -8,361 +8,12 @@ linux (4.12.6-1) UNRELEASED; urgency=medium
     - [sparc64] sed regex in Makefile.build requires line break between
       exported symbols
     https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.4
-    - disable new gcc-7.1.1 warnings for now
-    - ir-core: fix gcc-7 warning on bool arithmetic
-    - s5p-jpeg: don't return a random width/height
-    - thermal: max77620: fix device-node reference imbalance
-    - thermal: cpu_cooling: Avoid accessing potentially freed structures
-    - ath9k: fix tx99 use after free
-    - ath9k: fix tx99 bus error
-    - ath9k: fix an invalid pointer dereference in ath9k_rng_stop()
-    - iwlwifi: mvm: fix the recovery flow while connecting
-    - NFC: fix broken device allocation
-    - NFC: nfcmrvl_uart: add missing tty-device sanity check
-    - NFC: nfcmrvl: do not use device-managed resources
-    - NFC: nfcmrvl: use nfc-device for firmware download
-    - NFC: nfcmrvl: fix firmware-management initialisation
-    - nfc: Ensure presence of required attributes in the activate_target
-      handler
-    - nfc: Fix the sockaddr length sanitization in llcp_sock_connect
-    - NFC: Add sockaddr length checks before accessing sa_family in bind
-      handlers
-    - perf intel-pt: Move decoder error setting into one condition
-    - perf intel-pt: Improve sample timestamp
-    - perf intel-pt: Fix missing stack clear
-    - perf intel-pt: Ensure IP is zero when state is INTEL_PT_STATE_NO_IP
-    - perf intel-pt: Fix last_ip usage
-    - perf intel-pt: Ensure never to set 'last_ip' when packet 'count' is zero
-    - perf intel-pt: Use FUP always when scanning for an IP
-    - perf intel-pt: Clear FUP flag on error
-    - Bluetooth: use constant time memory comparison for secret values
-    - wlcore: fix 64K page support
-    - pstore: Don't warn if data is uncompressed and type is not
-      PSTORE_TYPE_DMESG
-    - mwifiex: fixup error cases in mwifiex_add_virtual_intf()
-    - Btrfs: fix invalid extent maps due to hole punching
-    - btrfs: Don't clear SGID when inheriting ACLs
-    - Btrfs: incremental send, fix invalid memory access
-    - igb: Explicitly select page 0 at initialization
-    - spi: atmel: fix corrupted data issue on SAM9 family SoCs
-    - ASoC: zx-i2s: flip I2S master/slave mode
-    - ASoC: compress: Derive substream from stream based on direction
-    - ASoC: atmel: tse850: fix off-by-one in the "ANA" enumeration count
-    - PM / Domains: Fix unsafe iteration over modified list of device links
-    - PM / Domains: Fix unsafe iteration over modified list of domain
-      providers
-    - PM / Domains: Fix unsafe iteration over modified list of domains
-    - scsi: ses: do not add a device to an enclosure if enclosure_add_links()
-      fails.
-    - scsi: virtio_scsi: let host do exception handling
-    - scsi: qla2xxx: Allow ABTS, PURX, RIDA on ATIOQ for ISP83XX/27XX
-    - scsi: Add STARGET_CREATED_REMOVE state to scsi_target_state
-    - scsi: Avoid that scsi_exit_rq() triggers a use-after-free
-    - iscsi-target: Add login_keys_workaround attribute for non RFC initiators
-    - xen/scsiback: Fix a TMR related use-after-free
-    - scsi: virtio_scsi: always read VPD pages for multiqueue too
-    - powerpc/mm/radix: Only add X for pages overlapping kernel text
-    - powerpc/pseries: Fix passing of pp0 in updatepp() and updateboltedpp()
-    - powerpc/mm/radix: Fix execute permissions for interrupt_vectors
-    - powerpc/64: Fix atomic64_inc_not_zero() to return an int
-    - powerpc: Fix emulation of mcrf in emulate_step()
-    - powerpc: Fix emulation of mfocrf in emulate_step()
-    - powerpc/asm: Mark cr0 as clobbered in mftb()
-    - powerpc/mm/radix: Properly clear process table entry
-    - powerpc/perf: Fix SDAR_MODE value for continous sampling on Power9
-    - xen/x86: fix cpu hotplug
-    - PCI: vmd: Move SRCU cleanup after bus, child device removal
-    - PCI: Work around poweroff & suspend-to-RAM issue on Macbook Pro 11
-    - PCI: rockchip: Use normal register bank for config accessors
-    - PCI/PM: Restore the status of PCI devices across hibernation
-    - PCI/MSI: Ignore affinity if pre/post vector count is more than min_vecs
-    - usb: xhci: fix spinlock recursion for USB2 test mode
-    - xhci: fix memleak in xhci_run()
-    - xhci: fix 20000ms port resume timeout
-    - xhci: Fix NULL pointer dereference when cleaning up streams for removed
-      host
-    - xhci: Bad Ethernet performance plugged in ASM1042A host
-    - mxl111sf: Fix driver to use heap allocate buffers for USB messages
-    - usb: storage: return on error to avoid a null pointer dereference
-    - USB: cdc-acm: add device-id for quirky printer
-    - usb: renesas_usbhs: fix usbhsc_resume() for !USBHSF_RUNTIME_PWCTRL
-    - usb: renesas_usbhs: gadget: disable all eps when the driver stops
-    - HID: multitouch: do not blindly set EV_KEY or EV_ABS bits
-    - md: don't use flush_signals in userspace processes
-    - md: fix deadlock between mddev_suspend() and md_write_start()
-    - x86/xen: allow userspace access during hypercalls
-    - cx88: Fix regression in initial video standard setting
-    - rc-core: fix input repeat handling
-    - tools/testing/nvdimm: fix nfit_test buffer overflow
-    - libnvdimm, btt: fix btt_rw_page not returning errors
-    - libnvdimm: fix the clear-error check in nsio_rw_bytes
-    - libnvdimm: fix badblock range handling of ARS range
-    - ext2: Don't clear SGID when inheriting ACLs
-    - dm raid: stop using BUG() in __rdev_sectors()
-    - Raid5 should update rdev->sectors after reshape
-    - s390/syscalls: Fix out of bounds arguments access
-    - drm/amdgpu/gfx8: drop per-APU CU limits
-    - drm/amdgpu: fix vblank_time when displays are off
-    - drm/amdgpu/cgs: always set reference clock in mode_info
-    - drm/amd/amdgpu: Return error if initiating read out of range on vram
-    - drm/amdgpu: fix the memory corruption on S3
-    - drm/amdgpu: Don't call amd_powerplay_destroy() if we don't have
-      powerplay
-    - drm/radeon/ci: disable mclk switching for high refresh rates (v2)
-    - drm/radeon: Fix eDP for single-display iMac10,1 (v2)
-    - drm/ttm: Fix use-after-free in ttm_bo_clean_mm
-    - drm/etnaviv: Expose our reservation object when exporting a dmabuf.
-    - ipmi: use rcu lock around call to intf->handlers->sender()
-    - ipmi:ssif: Add missing unlock in error branch
-    - xfs: Don't clear SGID when inheriting ACLs
-    - CIFS: Reconnect expired SMB sessions
-    - f2fs: load inode's flag from disk
-    - f2fs: wake up all waiters in f2fs_submit_discard_endio
     - f2fs: sanity check checkpoint segno and blkoff (CVE-2017-10663)
-    - f2fs: try to freeze in gc and discard threads
-    - f2fs: Do not issue small discards in LFS mode
-    - f2fs: sanity check size of nat and sit cache
-    - f2fs: use spin_{,un}lock_irq{save,restore}
-    - f2fs: Don't clear SGID when inheriting ACLs
-    - serial: st-asc: Potential error pointer dereference
-    - serial: sh-sci: Uninitialized variables in sysfs files
-    - ovl: mark parent impure on ovl_link()
-    - ovl: fix random return value on mount
-    - drm/amd/powerplay: fix memory leak in cz_hwmgr backend
-    - drm/i915: Disable MSI for all pre-gen5
-    - vfio: Fix group release deadlock
-    - vfio: New external user group/file match
-    - vfio: Remove unnecessary uses of vfio_container.group_lock
-    - nvme-rdma: remove race conditions from IB signalling
-    - ftrace: Fix uninitialized variable in match_records()
-    - iommu/arm-smmu: Plumb in new ACPI identifiers
-    - drm/i915/gvt: Fix inconsistent locks holding sequence
-    - drm/atomic: Add missing drm_atomic_state_clear to atomic_remove_fb
-    - MIPS: Fix mips_atomic_set() retry condition
-    - MIPS: Fix mips_atomic_set() with EVA
-    - MIPS: Negate error syscall return in trace
-    - mtd: nand: tango: Fix incorrect use of SEQIN command
-    - ubifs: Correctly evict xattr inodes
-    - ubifs: Don't leak kernel memory to the MTD
-    - ubifs: Don't encrypt special files on creation
-    - ubifs: Set double hash cookie also for RENAME_EXCHANGE
-    - ACPI / EC: Drop EC noirq hooks to fix a regression
-    - Revert "ACPI / EC: Enable event freeze mode..." to fix a regression
-    - x86/acpi: Prevent out of bound access caused by broken ACPI tables
-    - x86/ioapic: Pass the correct data to unmask_ioapic_irq()
-    - MIPS: Fix MIPS I ISA /proc/cpuinfo reporting
-    - MIPS: Save static registers before sysmips
-    - MIPS: Actually decode JALX in `__compute_return_epc_for_insn'
-    - MIPS: Fix unaligned PC interpretation in `compute_return_epc'
-    - MIPS: math-emu: Prevent wrong ISA mode instruction emulation
-    - MIPS: Send SIGILL for BPOSGE32 in `__compute_return_epc_for_insn'
-    - MIPS: Rename `sigill_r6' to `sigill_r2r6' in
-      `__compute_return_epc_for_insn'
-    - MIPS: Send SIGILL for linked branches in `__compute_return_epc_for_insn'
-    - MIPS: Send SIGILL for R6 branches in `__compute_return_epc_for_insn'
-    - MIPS: Fix a typo: s/preset/present/ in r2-to-r6 emulation error message
-    - Input: i8042 - fix crash at boot time
-    - IB/iser: Fix connection teardown race condition
-    - IB/core: Namespace is mandatory input for address resolution
-    - sunrpc: use constant time memory comparison for mac
-    - net/sunrpc/xprt_sock: fix regression in connection error reporting.
-    - NFS: Fix initialization of nfs_page_array->npages
-    - PNFS fix EACCESS on commit to DS handling
-    - NFS: only invalidate dentrys that are clearly invalid.
-    - udf: Fix races with i_size changes during readpage
-    - udf: Fix deadlock between writeback and udf_setsize()
-    - target: Fix COMPARE_AND_WRITE caw_sem leak during se_cmd quiesce
-    - iser-target: Avoid isert_conn->cm_id dereference in isert_login_recv_done
-    - perf annotate: Fix broken arrow at row 0 connecting jmp instruction to
-      its target
-    - perf/core: Fix scheduling regression of pinned groups
-    - Revert "perf/core: Drop kernel samples even though :u is specified"
-    - staging: rtl8188eu: add TL-WN722N v2 support
-    - staging: comedi: ni_mio_common: fix AO timer off-by-one regression
-    - staging: sm750fb: avoid conflicting vesafb
-    - staging: lustre: ko2iblnd: check copy_from_iter/copy_to_iter return code
-    - ceph: fix race in concurrent readdir
-    - RDMA/uverbs: Fix the check for port number
-    - RDMA/core: Initialize port_num in qp_attr
-    - drm/mst: Fix error handling during MST sideband message reception
-    - drm/mst: Avoid dereferencing a NULL mstb in drm_dp_mst_handle_up_req()
-    - drm/mst: Avoid processing partially received up/down message
-      transactions
-    - drm/i915: Make DP-MST connector info work
-    - mlx5: Avoid that mlx5_ib_sg_to_klms() overflows the klms[] array
-    - hfsplus: Don't clear SGID when inheriting ACLs
-    - vtime, sched/cputime: Remove vtime_account_user()
-    - sched/cputime: Always set tsk->vtime_snap_whence after accounting vtime
-    - sched/cputime: Rename vtime fields
-    - sched/cputime: Move the vtime task fields to their own struct
-    - sched/cputime: Accumulate vtime on top of nsec clocksource
-    - sched/fair: Fix load_balance() affinity redo path
-    - percpu_counter: Rename __percpu_counter_add to percpu_counter_add_batch
-    - writeback: rework wb_[dec|inc]_stat family of functions
-    - kernel/fork.c: virtually mapped stacks: do not disable interrupts
-    - acpi/nfit: Fix memory corruption/Unregister mce decoder on failure
-    - vmbus: re-enable channel tasklet
-    - cpufreq: intel_pstate: Correct the busy calculation for KNL
-    - spmi: Include OF based modalias in device uevent
-    - reiserfs: Don't clear SGID when inheriting ACLs
-    - device-dax: fix sysfs duplicate warnings
-    - drm/imx: parallel-display: Accept drm_of_find_panel_or_bridge failure
-    - PM / Domains: defer dev_pm_domain_set() until genpd->attach_dev succeeds
-      if present
-    - tracing: Fix kmemleak in instance_rmdir
-    - drm/i915/fbdev: Check for existence of ifbdev->vma before operations
-    - drm/i915: Hold RPM wakelock while initializing OA buffer
-    - drm/i915: reintroduce VLV/CHV PFI programming power domain workaround
-    - smp/hotplug: Move unparking of percpu threads to the control CPU
-    - smp/hotplug: Replace BUG_ON and react useful
-    - alarmtimer: don't rate limit one-shot timers
-    - sched/cputime: Don't use smp_processor_id() in preemptible context
     https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.5
-    - jfs: Don't clear SGID when inheriting ACLs
-    - ALSA: fm801: Initialize chip after IRQ handler is registered
-    - ALSA: hda - Add missing NVIDIA GPU codec IDs to patch table
-    - ALSA: hda - Add mute led support for HP ProBook 440 G4
-    - parisc: Prevent TLB speculation on flushed pages on CPUs that only
-      support equivalent aliases
-    - parisc: Extend disabled preemption in copy_user_page
-    - parisc: Suspend lockup detectors before system halt
-    - powerpc/pseries: Fix of_node_put() underflow during reconfig remove
-    - mmc: sunxi: Keep default timing phase settings for new timing mode
-    - NFS: invalidate file size when taking a lock.
-    - NFSv4.1: Fix a race where CB_NOTIFY_LOCK fails to wake a waiter
-    - scripts/dtc: dtx_diff - update include dts paths to match build
-    - crypto: brcm - Fix SHA3-512 algorithm failure
-    - crypto: brcm - remove BCM_PDC_MBOX dependency in Kconfig
-    - crypto: authencesn - Fix digest_null crash
-    - KVM: PPC: Book3S HV: Enable TM before accessing TM registers
-    - KVM: PPC: Book3S HV: Fix host crash on changing HPT size
-    - dm integrity: fix inefficient allocation of journal space
-    - dm integrity: test for corrupted disk format during table load
-    - md: remove 'idx' from 'struct resync_pages'
-    - md/raid1: fix writebehind bio clone
-    - md/raid5: add thread_group worker async_tx_issue_pending_all
-    - drm/vmwgfx: Fix gcc-7.1.1 warning
-    - drm/vmwgfx: Limit max desktop dimensions to 8Kx8K
-    - drm/nouveau/disp/nv50-: bump max chans to 21
-    - drm/nouveau/bar/gf100: fix access to upper half of BAR2
-    - drm/i915: Fix scaler init during CRTC HW state readout
-    - isdn/i4l: fix buffer overflow
-    - ipmi/watchdog: fix watchdog timeout set on reboot
     - dentry name snapshots (CVE-2017-7533)
-    - mmc: tmio-mmc: fix bad pointer math
     https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.6
-    - [hppa/parisc] Increase thread and stack size to 32kb
-    - [hppa/parisc] Handle vma's whose context is not current in
-      flush_cache_range
-    - scsi: lpfc: fix linking against modular NVMe support
-    - ACPI / LPSS: Only call pwm_add_table() for the first PWM controller
-    - cgroup: don't call migration methods if there are no tasks to migrate
-    - cgroup: create dfl_root files on subsys registration
-    - cgroup: fix error return value from cgroup_subtree_control()
-    - libata: array underflow in ata_find_dev()
-    - workqueue: restore WQ_UNBOUND/max_active==1 to be ordered
-    - iwlwifi: dvm: prevent an out of bounds access
-    - brcmfmac: fix memleak due to calling brcmf_sdiod_sgtable_alloc() twice
-    - NFSv4: Fix EXCHANGE_ID corrupt verifier issue
-    - mmc: sdhci-of-at91: force card detect value for non removable devices
-    - mmc: core: Use device_property_read instead of of_property_read
-    - mmc: dw_mmc: Use device_property_read instead of of_property_read
-    - mm, mprotect: flush TLB if potentially racing with a parallel reclaim
-      leaving stale TLB entries
-    - mm/hugetlb.c: __get_user_pages ignores certain follow_hugetlb_page
-      errors
-    - userfaultfd: non-cooperative: notify about unmap of destination during
-      mremap
-    - userfaultfd_zeropage: return -ENOSPC in case mm has gone
-    - userfaultfd: non-cooperative: flush event_wqh at release time
-    - cpuset: fix a deadlock due to incomplete patching of cpusets_enabled()
-    - ocfs2: don't clear SGID when inheriting ACLs
-    - ALSA: hda - Fix speaker output from VAIO VPCL14M1R
-    - [x86] drm/amdgpu: fix header on gfx9 clear state
-    - [x86] drm/amdgpu: Fix undue fallthroughs in golden registers
-      initialization
-    - ASoC: fix pcm-creation regression
-    - ASoC: ux500: Restore platform DAI assignments
-    - ASoC: do not close shared backend dailink
-    - KVM: arm/arm64: Handle hva aging while destroying the vm
-    - KVM: async_pf: make rcu irq exit if not triggered from idle task
-    - timers: Fix overflow in get_next_timer_interrupt
-    - [powerpc*] tm: Fix saving of TM SPRs in core dump
-    - [powerpc/powerpc64] Fix __check_irq_replay missing decrementer interrupt
-    - iommu/amd: Enable ga_log_intr when enabling guest_mode
-    - [arm64] dts: marvell: armada-37xx: Fix the number of GPIO on south bridge
-    - gpiolib: skip unwanted events, don't convert them to opposite edge
-    - ext4: fix SEEK_HOLE/SEEK_DATA for blocksize < pagesize
-    - ext4: fix overflow caused by missing cast in ext4_resize_fs()
-    - [mips*] ralink: Fix build error due to missing header
-    - clk: sunxi-ng: sun5i: Add clk_set_rate_parent to the CPU clock
-    - ARM: mvebu: use __pa_symbol in the mv98dx3236 platform SMP code
-    - ARM: dts: armada-38x: Fix irq type for pca955
-    - ARM: dts: tango4: Request RGMII RX and TX clock delays
-    - media: pulse8-cec: persistent_config should be off by default
-    - media: lirc: LIRC_GET_REC_RESOLUTION should return microseconds
-    - media: platform: davinci: return -EINVAL for VPFE_CMD_S_CCDC_RAW_PARAMS
-      ioctl
-    - ir-spi: Fix issues with lirc API
-    - tcmu: Fix flushing cmd entry dcache page
-    - tcmu: Fix possbile memory leak / OOPs when recalculating cmd base size
-    - ext4: preserve i_mode if __ext4_set_acl() fails
-    - ext4: Don't clear SGID when inheriting ACLs
-    - Btrfs: fix early ENOSPC due to delalloc
-    - blk-mq: Include all present CPUs in the default queue mapping
-    - blk-mq: Create hctx for each present CPU
-    - block: disable runtime-pm for blk-mq
     - saa7164: fix double fetch PCIe access condition (CVE-2017-8831)
-    - sctp: fix an array overflow when all ext chunks are set
-    - tcp_bbr: cut pacing rate only if filled pipe
-    - tcp_bbr: introduce bbr_bw_to_pacing_rate() helper
-    - tcp_bbr: introduce bbr_init_pacing_rate_from_rtt() helper
-    - tcp_bbr: remove sk_pacing_rate=0 transient during init
-    - tcp_bbr: init pacing rate on first RTT sample
-    - ipv4: ipv6: initialize treq->txhash in cookie_v[46]_check()
-    - wireless: wext: terminate ifr name coming from userspace
-    - net: Zero terminate ifr_name in dev_ifname().
-    - net: dsa: mv88e6xxx: Enable CMODE config support for 6390X
-    - Revert "rtnetlink: Do not generate notifications for CHANGEADDR event"
     - ipv6: avoid overflow of offset in ip6_find_1stfragopt (CVE-2017-7542)
-    - net: dsa: b53: Add missing ARL entries for BCM53125
-    - ipv4: initialize fib_trie prior to register_netdev_notifier call.
-    - rtnetlink: allocate more memory for dev_set_mac_address()
-    - net: bonding: Fix transmit load balancing in balance-alb mode
-    - mcs7780: Fix initialization when CONFIG_VMAP_STACK is enabled
-    - openvswitch: fix potential out of bound access in parse_ct
-    - packet: fix use-after-free in prb_retire_rx_blk_timer_expired()
-    - ipv6: Don't increase IPSTATS_MIB_FRAGFAILS twice in ip6_fragment()
-    - net: ethernet: nb8800: Handle all 4 RGMII modes identically
-    - bonding: commit link status change after propose
-    - dccp: fix a memleak that dccp_ipv6 doesn't put reqsk properly
-    - dccp: fix a memleak that dccp_ipv4 doesn't put reqsk properly
-    - dccp: fix a memleak for dccp_feat_init err process
-    - net/mlx5: Consider tx_enabled in all modes on remap
-    - net/mlx5: Fix command completion after timeout access invalid structure
-    - net/mlx5: Fix command bad flow on command entry allocation failure
-    - sctp: don't dereference ptr before leaving _sctp_walk_{params, errors}()
-    - sctp: fix the check for _sctp_walk_params and _sctp_walk_errors
-    - net/mlx5e: IPoIB, Modify add/remove underlay QPN flows
-    - net/mlx5e: Fix outer_header_zero() check size
-    - net/mlx5: Fix mlx5_ifc_mtpps_reg_bits structure size
-    - net/mlx5e: Add field select to MTPPS register
-    - net/mlx5e: Fix broken disable 1PPS flow
-    - net/mlx5e: Change 1PPS out scheme
-    - net/mlx5e: Add missing support for PTP_CLK_REQ_PPS request
-    - net/mlx5e: Fix wrong delay calculation for overflow check scheduling
-    - net/mlx5e: Schedule overflow check work to mlx5e workqueue
-    - net/mlx5: Fix mlx5_add_flow_rules call with correct num of dests
-    - udp6: fix socket leak on early demux
-    - net: phy: Correctly process PHY_HALTED in phy_stop_machine()
-    - workqueue: implicit ordered attribute should be overridable
-    - ipv4: fib: Fix NULL pointer deref during fib_sync_down_dev()
-    - virtio_net: fix truesize for mergeable buffers
-    - [sparc64] Measure receiver forward progress to avoid send mondo timeout
-    - [sparc64] Prevent perf from running during super critical sections
-    - [sparc64] Register hugepages during arch init
-    - [sparc64] Fix exception handling in UltraSPARC-III memcpy.
-    - drm/vmwgfx: Fix cursor hotspot issue with Wayland on Fedora
 
   [ Ben Hutchings ]
   * media: Enable USB_RAINSHADOW_CEC as module (see #868511)