[kernel-sec-discuss] r940 - active retired

jmm at alioth.debian.org jmm at alioth.debian.org
Fri Aug 31 20:11:58 UTC 2007 

Author: jmm
Date: 2007-08-31 20:11:58 +0000 (Fri, 31 Aug 2007)
New Revision: 940

Modified:
   active/CVE-2006-6128
   active/CVE-2006-6535
   active/CVE-2007-3380
   retired/CVE-2007-3851
Log:
updates


Modified: active/CVE-2006-6128
===================================================================
--- active/CVE-2006-6128	2007-08-31 18:18:07 UTC (rev 939)
+++ active/CVE-2006-6128	2007-08-31 20:11:58 UTC (rev 940)
@@ -14,9 +14,11 @@
 Ubuntu-Description: 
 Notes: 
  dannf> low impact - ignoring for sarge for now
+ jmm> ignored, only exploitable with manipulated fs images, for which mount
+ jmm> privs are needed
 Bugs: 
 upstream: 
-linux-2.6: 
+linux-2.6: ignored 
 2.6.18-etch-security: ignored (2.6.18.dfsg.1-12etch1)
 2.6.8-sarge-security: ignored (2.6.8-16sarge7)
 2.4.27-sarge-security: ignored (2.4.27-10sarge6)

Modified: active/CVE-2006-6535
===================================================================
--- active/CVE-2006-6535	2007-08-31 18:18:07 UTC (rev 939)
+++ active/CVE-2006-6535	2007-08-31 20:11:58 UTC (rev 940)
@@ -8,7 +8,7 @@
 Notes: 
 Bugs: 
 upstream: released (2.6.10)
-linux-2.6: 
+linux-2.6: N/A
 2.6.18-etch-security: N/A
 2.6.8-sarge-security: released (2.6.8-16sarge7) [dev_queue_xmit-error-path.dpatch]
 2.4.27-sarge-security: 

Modified: active/CVE-2007-3380
===================================================================
--- active/CVE-2007-3380	2007-08-31 18:18:07 UTC (rev 939)
+++ active/CVE-2007-3380	2007-08-31 20:11:58 UTC (rev 940)
@@ -8,10 +8,12 @@
 Notes: 
  dannf> Debian's 2.6.18 isn't affected, but the redhat-cluster package
         may be.
+ jmm> redhat-cluster doesn't appear affected neither, TCP connection code
+      not present. Fixed in git on 2007-07-09, marking 2.6.23 as fixed
 Bugs: 
-upstream: 
-linux-2.6: 
-2.6.18-etch-security: ignored (2.6.18.dfsg.1-13etch1) "not in linux-2.6"
+upstream: pending (2.6.23)
+linux-2.6: pending (2.6.23-1)
+2.6.18-etch-security: N/A
 2.6.8-sarge-security: N/A
 2.4.27-sarge-security: N/A
 2.6.15-dapper-security: released (2.6.15-28.57)

Modified: retired/CVE-2007-3851
===================================================================
--- retired/CVE-2007-3851	2007-08-31 18:18:07 UTC (rev 939)
+++ retired/CVE-2007-3851	2007-08-31 20:11:58 UTC (rev 940)
@@ -14,7 +14,7 @@
  jmm> Code was introduced after 2.6.18, but backported to Etch
 Bugs: 
 upstream: released (2.6.22.2)
-linux-2.6: 
+linux-2.6: released (2.6.22-4)
 2.6.18-etch-security: released (2.6.18.dfsg.1-13etch1) [bugfix/i965-secure-batchbuffer.patch]
 2.6.8-sarge-security: N/A
 2.4.27-sarge-security: N/A

More information about the kernel-sec-discuss mailing list