[kernel-sec-discuss] r885 - active

[jmm at alioth.debian.org]

Author: jmm
Date: 2007-07-05 13:06:54 +0000 (Thu, 05 Jul 2007)
New Revision: 885

Modified:
   active/CVE-2007-2172
   active/CVE-2007-2525
Log:
update some patch stati


Modified: active/CVE-2007-2172
===================================================================
--- active/CVE-2007-2172	2007-07-04 15:16:35 UTC (rev 884)
+++ active/CVE-2007-2172	2007-07-05 13:06:54 UTC (rev 885)
@@ -17,8 +17,8 @@
 upstream: released (2.6.21)
 linux-2.6: released (2.6.21-1)
 2.6.18-etch-security: needed
-2.6.8-sarge-security: 
-2.4.27-sarge-security: 
+2.6.8-sarge-security: needed
+2.4.27-sarge-security: needed
 2.6.15-dapper-security: released (2.6.15-28.54)
 2.6.17-edgy-security: released (2.6.17.1-11.38)
 2.6.20-feisty-security: released (2.6.20-16.28)

Modified: active/CVE-2007-2525
===================================================================
--- active/CVE-2007-2525	2007-07-04 15:16:35 UTC (rev 884)
+++ active/CVE-2007-2525	2007-07-05 13:06:54 UTC (rev 885)
@@ -1,14 +1,19 @@
 Candidate: CVE-2007-2525 
 References: 
 Description: 
+ Memory leak in the PPP over Ethernet (PPPoE) socket implementation in the
+ Linux kernel before 2.6.21-git8 allows local users to cause a denial of
+ service (memory consumption) by creating a socket using connect, and
+ releasing it before the PPPIOCGCHAN ioctl is initialized.
 Ubuntu-Description: 
 Notes: 
+ jmm> 202a03acf9994076055df40ae093a5c5474ad0bd
 Bugs: 
-upstream: 
-linux-2.6: 
-2.6.18-etch-security: 
-2.6.8-sarge-security: 
-2.4.27-sarge-security: 
+upstream: released (2.6.21)
+linux-2.6: released (2.6.21-1)
+2.6.18-etch-security: needed
+2.6.8-sarge-security: needed
+2.4.27-sarge-security: needed
 2.6.15-dapper-security: 
 2.6.17-edgy-security: pending (2.6.17.1-11.39) [123623f9ad4d9bbe55c03b33ce79123e948b107f]
 2.6.20-feisty-security: