[kernel-sec-discuss] r717 - active
Dann Frazier
dannf at alioth.debian.org
Tue Mar 20 05:44:33 CET 2007
Author: dannf
Date: 2007-03-20 04:44:33 +0000 (Tue, 20 Mar 2007)
New Revision: 717
Modified:
active/CVE-2006-5701
active/CVE-2006-5753
active/CVE-2007-1000
Log:
status updates and notes
Modified: active/CVE-2006-5701
===================================================================
--- active/CVE-2006-5701 2007-03-19 07:24:40 UTC (rev 716)
+++ active/CVE-2006-5701 2007-03-20 04:44:33 UTC (rev 717)
@@ -17,6 +17,12 @@
Ubuntu kernels have squashfs patch; not sure about Debian's.
dannf> Debian's do not, but we do have a kernel-patch-squashfs package
dannf> Marking upstream N/A, because this isn't an upstream feature
+ dannf> Affects squashfs (1:3.1r2-6) which is currently in etch. I've
+ Verified that the patch in RH bugzilla applies and fixes the bug.
+ dannf> kernel-patch-squashfs applied to a 2.4 kernel does not exhibit
+ this problem. I tested by hexediting the reproducer fs to advertise
+ v2 since v3 is not supported in sarge, which may have just masked
+ the problem.
Bugs:
upstream: N/A
linux-2.6:
Modified: active/CVE-2006-5753
===================================================================
--- active/CVE-2006-5753 2007-03-19 07:24:40 UTC (rev 716)
+++ active/CVE-2006-5753 2007-03-20 04:44:33 UTC (rev 717)
@@ -16,8 +16,8 @@
Notes:
Bugs:
upstream: released (2.6.20-rc5)
-linux-2.6:
-2.6.18-etch-security: needed
+linux-2.6:
+2.6.18-etch-security: pending (2.6.18.dfsg.1-11etch1) [bugfix/listxattr-mem-corruption.patch]
2.6.8-sarge-security: needed
2.4.27-sarge-security:
2.6.12-breezy-security: released (2.6.12-10.43)
Modified: active/CVE-2007-1000
===================================================================
--- active/CVE-2007-1000 2007-03-19 07:24:40 UTC (rev 716)
+++ active/CVE-2007-1000 2007-03-20 04:44:33 UTC (rev 717)
@@ -5,11 +5,12 @@
Description:
Ubuntu-Description:
Notes:
+ dannf> function doesn't exist in 2.6.8 - wtarreau says 2.4 isn't vulnerable
Bugs:
-upstream:
+upstream: released (2.6.21-rc4)
linux-2.6:
-2.6.18-etch-security:
-2.6.8-sarge-security:
+2.6.18-etch-security: pending (2.6.18.dfsg.1-11etch1) [bugfix/ipv6_getsockopt_sticky-null-opt.patch]
+2.6.8-sarge-security: N/A
2.4.27-sarge-security: N/A
2.6.12-breezy-security:
2.6.15-dapper-security:
More information about the kernel-sec-discuss
mailing list