[kernel-sec-discuss] r771 - active retired
Moritz Muehlenhoff
jmm at alioth.debian.org
Sun Apr 29 20:57:48 UTC 2007
Author: jmm
Date: 2007-04-29 20:57:47 +0000 (Sun, 29 Apr 2007)
New Revision: 771
Added:
retired/CVE-2006-2935
Removed:
active/CVE-2006-2935
Modified:
active/CVE-2005-3044
active/CVE-2006-2275
active/CVE-2006-2446
active/CVE-2006-2448
Log:
retire CVE-2006-2935
more etch updates
Modified: active/CVE-2005-3044
===================================================================
--- active/CVE-2005-3044 2007-04-29 20:54:07 UTC (rev 770)
+++ active/CVE-2005-3044 2007-04-29 20:57:47 UTC (rev 771)
@@ -26,3 +26,4 @@
linux-2.6: released (2.6.12-7, 2.6.13-1) [lost-fput-in-32bit-ioctl-on-x86-64.patch, linux-2.6.13.2.patch]
2.6.8-sarge-security: released (2.6.8-16sarge2) [lost-fput-in-32bit-ioctl-on-x86-64.dpatch, lost-sockfd_put-in-32bit-compat-routing_ioctl.patch]
2.4.27-sarge-security: ignored (2.4.27-10sarge4)
+2.6.18-etch-security: N/A
Modified: active/CVE-2006-2275
===================================================================
--- active/CVE-2006-2275 2007-04-29 20:54:07 UTC (rev 770)
+++ active/CVE-2006-2275 2007-04-29 20:57:47 UTC (rev 771)
@@ -15,3 +15,5 @@
linux-2.6: released (2.6.16-13)
2.6.8-sarge-security: ignored (2.6.8-16sarge4)
2.4.27-sarge-security: ignored (2.4.27-10sarge4)
+2.6.18-etch-security: N/A
+
Modified: active/CVE-2006-2446
===================================================================
--- active/CVE-2006-2446 2007-04-29 20:54:07 UTC (rev 770)
+++ active/CVE-2006-2446 2007-04-29 20:57:47 UTC (rev 771)
@@ -21,3 +21,4 @@
2.6.12-breezy-security: N/A
2.6.15-dapper-security: N/A
2.6.17-edgy: N/A
+2.6.18-etch-security:
Modified: active/CVE-2006-2448
===================================================================
--- active/CVE-2006-2448 2007-04-29 20:54:07 UTC (rev 770)
+++ active/CVE-2006-2448 2007-04-29 20:57:47 UTC (rev 771)
@@ -15,3 +15,5 @@
linux-2.6: released (2.6.16-15)
2.6.8-sarge-security: ignored (2.6.8-16sarge5)
2.4.27-sarge-security: ignored (2.4.27-10sarge4)
+2.6.18-etch-security: N/A
+
Deleted: active/CVE-2006-2935
===================================================================
--- active/CVE-2006-2935 2007-04-29 20:54:07 UTC (rev 770)
+++ active/CVE-2006-2935 2007-04-29 20:57:47 UTC (rev 771)
@@ -1,25 +0,0 @@
-Candidate: CVE-2006-2935
-References:
- http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=454d6fbc48374be8f53b9bafaa86530cf8eb3bc1
-Description:
- The dvd_read_bca function in the DVD handling code in drivers/cdrom/cdrom.c
- in Linux kernel 2.2.16, and later versions, assigns the wrong value to a
- length variable, which allows local users to execute arbitrary code via a
- crafted USB Storage device that triggers a buffer overflow.
-Ubuntu-Description:
- A buffer overflow has been discovered in the dvd_read_bca() function.
- By inserting a specially crafted DVD, USB stick, or similar
- automatically mounted removable device, a local user could crash the
- machine or potentially even execute arbitrary code with full root
- privileges.
-Notes:
- dannf> Submitted to Adrian Bunk for inclusion in 2.6.16.y
-Bugs:
-upstream: released (2.6.17.7)
-linux-2.6: released (2.6.17-5)
-2.6.8-sarge-security: released (2.6.8-16sarge5) [cdrom-bad-cgc.buflen-assign.dpatch]
-2.4.27-sarge-security: released (2.4.27-10sarge4) [224_cdrom-bad-cgc.buflen-assign.diff]
-2.6.10-hoary-security: released (2.6.10-34.23)
-2.6.12-breezy-security: released (2.6.12-10.37)
-2.6.15-dapper-security: released (2.6.15-26.46)
-2.6.17-edgy: released (2.6.17-10.30)
Copied: retired/CVE-2006-2935 (from rev 762, active/CVE-2006-2935)
More information about the kernel-sec-discuss
mailing list