[kernel-sec-discuss] r940 - active retired
jmm at alioth.debian.org
jmm at alioth.debian.org
Fri Aug 31 20:11:58 UTC 2007
Author: jmm
Date: 2007-08-31 20:11:58 +0000 (Fri, 31 Aug 2007)
New Revision: 940
Modified:
active/CVE-2006-6128
active/CVE-2006-6535
active/CVE-2007-3380
retired/CVE-2007-3851
Log:
updates
Modified: active/CVE-2006-6128
===================================================================
--- active/CVE-2006-6128 2007-08-31 18:18:07 UTC (rev 939)
+++ active/CVE-2006-6128 2007-08-31 20:11:58 UTC (rev 940)
@@ -14,9 +14,11 @@
Ubuntu-Description:
Notes:
dannf> low impact - ignoring for sarge for now
+ jmm> ignored, only exploitable with manipulated fs images, for which mount
+ jmm> privs are needed
Bugs:
upstream:
-linux-2.6:
+linux-2.6: ignored
2.6.18-etch-security: ignored (2.6.18.dfsg.1-12etch1)
2.6.8-sarge-security: ignored (2.6.8-16sarge7)
2.4.27-sarge-security: ignored (2.4.27-10sarge6)
Modified: active/CVE-2006-6535
===================================================================
--- active/CVE-2006-6535 2007-08-31 18:18:07 UTC (rev 939)
+++ active/CVE-2006-6535 2007-08-31 20:11:58 UTC (rev 940)
@@ -8,7 +8,7 @@
Notes:
Bugs:
upstream: released (2.6.10)
-linux-2.6:
+linux-2.6: N/A
2.6.18-etch-security: N/A
2.6.8-sarge-security: released (2.6.8-16sarge7) [dev_queue_xmit-error-path.dpatch]
2.4.27-sarge-security:
Modified: active/CVE-2007-3380
===================================================================
--- active/CVE-2007-3380 2007-08-31 18:18:07 UTC (rev 939)
+++ active/CVE-2007-3380 2007-08-31 20:11:58 UTC (rev 940)
@@ -8,10 +8,12 @@
Notes:
dannf> Debian's 2.6.18 isn't affected, but the redhat-cluster package
may be.
+ jmm> redhat-cluster doesn't appear affected neither, TCP connection code
+ not present. Fixed in git on 2007-07-09, marking 2.6.23 as fixed
Bugs:
-upstream:
-linux-2.6:
-2.6.18-etch-security: ignored (2.6.18.dfsg.1-13etch1) "not in linux-2.6"
+upstream: pending (2.6.23)
+linux-2.6: pending (2.6.23-1)
+2.6.18-etch-security: N/A
2.6.8-sarge-security: N/A
2.4.27-sarge-security: N/A
2.6.15-dapper-security: released (2.6.15-28.57)
Modified: retired/CVE-2007-3851
===================================================================
--- retired/CVE-2007-3851 2007-08-31 18:18:07 UTC (rev 939)
+++ retired/CVE-2007-3851 2007-08-31 20:11:58 UTC (rev 940)
@@ -14,7 +14,7 @@
jmm> Code was introduced after 2.6.18, but backported to Etch
Bugs:
upstream: released (2.6.22.2)
-linux-2.6:
+linux-2.6: released (2.6.22-4)
2.6.18-etch-security: released (2.6.18.dfsg.1-13etch1) [bugfix/i965-secure-batchbuffer.patch]
2.6.8-sarge-security: N/A
2.4.27-sarge-security: N/A
More information about the kernel-sec-discuss
mailing list