[kernel-sec-discuss] r541 - patch-tracking
dann frazier
dannf at debian.org
Wed Aug 16 16:30:30 UTC 2006
On Wed, Aug 16, 2006 at 09:41:36AM +0000, Martin Pitt wrote:
> Author: mpitt
> Date: 2006-08-16 09:41:35 +0000 (Wed, 16 Aug 2006)
> New Revision: 541
>
> Modified:
> patch-tracking/CVE-2006-2445
> Log:
> CVE-2006-2445 needs another GIT commit to be fully fixed, update Ubuntu status
>
> Modified: patch-tracking/CVE-2006-2445
> ===================================================================
> --- patch-tracking/CVE-2006-2445 2006-08-14 19:19:27 UTC (rev 540)
> +++ patch-tracking/CVE-2006-2445 2006-08-16 09:41:35 UTC (rev 541)
> @@ -3,6 +3,7 @@
> http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8f17fc20bfb75bcec4cfeda789738979c8338fdc
> http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=30f1e3dd8c72abda343bcf415f7d8894a02b4290
> http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f53ae1dc3429529a58aa538e0a860d713c7079c3
> + http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ca531a0a5e01e5122f67cb6aca8fcbfc70e18e0b
> Description:
> Race condition in run_posix_cpu_timers in Linux kernel before 2.6.16.21
> allows local users to cause a denial of service (BUG_ON crash) by causing one
> @@ -17,3 +18,7 @@
> linux-2.6: released (2.6.16-15)
> 2.6.8-sarge-security:
> 2.4.27-sarge-security: N/A
> +2.6.10-hoary-security: needed (only 4th GIT commit, first three applied in 2.6.10-34.21)
> +2.6.12-breezy-security: needed (only 4th GIT commit, first three applied in 2.6.12-10.35)
hey Martin,
Not that it really matters atm, but note that these fields do not fit
the existing syntax - these fields should be:
kernel: status (version1, version2, ...) [patch1, patch2,...], status...
Of course, we have nothing at the moment that needs to regularly parse
these, and we don't have a way to express a partially fixed issue
(other than text in the Notes: section), so there's really not much of
a point in changing this till your next release.
fwiw, I've dealt with this situation in the past by doing something
like:
Notes:
dannf> We need to apply patch3.patch before its done in sarge
2.6.8-sarge-security: needed [patch1.patch, patch2.patch]
Then later when its complete:
2.6.8-sarge-security: released (ver) [patch1.patch, patch2.patch, patch3.patch]
The fact that patch1.patch and patch2.patch were applied earlier than
"ver" isn't expressed here, but can easily be found by looking at the
package.
> +26.15-dapper-security: needed (only 4th GIT commit, first three
^ typo, fyi
--
dann frazier
More information about the kernel-sec-discuss
mailing list