[kernel-sec-discuss] r727 - active

Dann Frazier dannf at alioth.debian.org
Sat Mar 31 22:44:49 UTC 2007 

Author: dannf
Date: 2007-03-31 22:44:49 +0000 (Sat, 31 Mar 2007)
New Revision: 727

Modified:
   active/CVE-2006-5755
   active/CVE-2006-6054
   active/CVE-2006-6056
   active/CVE-2006-6058
   active/CVE-2006-6128
   active/CVE-2007-0005
Log:
debian updates

Modified: active/CVE-2006-5755
===================================================================
--- active/CVE-2006-5755	2007-03-31 21:58:27 UTC (rev 726)
+++ active/CVE-2006-5755	2007-03-31 22:44:49 UTC (rev 727)
@@ -16,12 +16,14 @@
  jmm> 658fdbef66e5e9be79b457edc2cbbb3add840aa9
  jmm> amd64 equivalent of CVE-2006-5173
  jmm> http://www.mail-archive.com/kgdb-bugreport@lists.sourceforge.net/msg00559.html
+ dannf> marking sarge/2.4 N/A since we released no sarge/2.4/amd64 kernel
+ dannf> ignoring for sarge7 because backport is non-trivial
 Bugs: 
 upstream: released (2.6.18)
 linux-2.6: 
 2.6.18-etch-security: N/A
-2.6.8-sarge-security: needed
-2.4.27-sarge-security: needed
+2.6.8-sarge-security: ignored (2.6.8-16sarge7)
+2.4.27-sarge-security: N/A
 2.6.12-breezy-security: released (2.6.12-10.43)
 2.6.15-dapper-security: released (2.6.15-28.51)
 2.6.17-edgy-security: released (2.6.17.1-11.35)

Modified: active/CVE-2006-6054
===================================================================
--- active/CVE-2006-6054	2007-03-31 21:58:27 UTC (rev 726)
+++ active/CVE-2006-6054	2007-03-31 22:44:49 UTC (rev 727)
@@ -14,8 +14,8 @@
 Notes: 
 Bugs: 
 upstream: released (2.6.20-rc5)
-linux-2.6: 
-2.6.18-etch-security: needed
+linux-2.6: released (2.6.18.dfsg.1-10) [bugfix/2.6.18.38]
+2.6.18-etch-security: released (2.6.18.dfsg.1-10) [bugfix/2.6.18.38]
 2.6.8-sarge-security: needed
 2.4.27-sarge-security: 
 2.6.12-breezy-security: released (2.6.12-10.43)

Modified: active/CVE-2006-6056
===================================================================
--- active/CVE-2006-6056	2007-03-31 21:58:27 UTC (rev 726)
+++ active/CVE-2006-6056	2007-03-31 22:44:49 UTC (rev 727)
@@ -13,12 +13,14 @@
  attacker could exploit this to crash the kernel. This only affects
  systems which enable SELinux (Ubuntu disables SELinux by default).
 Notes: 
+ dannf> Though this bug fix applies to 2.4, 2.4 does not include SELinux
+        so it should not be vulnerable to the DoS
 Bugs: 
 upstream: released (2.6.19)
-linux-2.6: 
+linux-2.6: released (2.6.18.dfsg.1-10)
 2.6.18-etch-security: released (2.6.18.dfsg.1-10) [bugfix/2.6.16.38]
-2.6.8-sarge-security: needed
-2.4.27-sarge-security: 
+2.6.8-sarge-security: pending (2.6.8-16sarge7) [hfs-no-root-inode.dpatch]
+2.4.27-sarge-security: N/A
 2.6.12-breezy-security: released (2.6.12-10.43)
 2.6.15-dapper-security: released (2.6.15-28.51)
 2.6.17-edgy-security: released (2.6.17.1-11.35)

Modified: active/CVE-2006-6058
===================================================================
--- active/CVE-2006-6058	2007-03-31 21:58:27 UTC (rev 726)
+++ active/CVE-2006-6058	2007-03-31 22:44:49 UTC (rev 727)
@@ -13,12 +13,14 @@
  error.
 Ubuntu-Description: 
 Notes: 
+ dannf> ignored for sarge for now - only applies under very rare circumstances
+        and don't know if there's an upstream fix
 Bugs: 
 upstream: 
 linux-2.6: 
 2.6.18-etch-security: 
-2.6.8-sarge-security: needed
-2.4.27-sarge-security: 
+2.6.8-sarge-security: ignored (2.6.8-16sarge7)
+2.4.27-sarge-security: ignored (2.4.27-10sarge6)
 2.6.12-breezy-security: needed
 2.6.15-dapper-security: needed
 2.6.17-edgy-security: needed

Modified: active/CVE-2006-6128
===================================================================
--- active/CVE-2006-6128	2007-03-31 21:58:27 UTC (rev 726)
+++ active/CVE-2006-6128	2007-03-31 22:44:49 UTC (rev 727)
@@ -13,12 +13,13 @@
  ReiserFS file system that triggers memory corruption when a sync is performed.
 Ubuntu-Description: 
 Notes: 
+ dannf> low impact - ignoring for sarge for now
 Bugs: 
 upstream: 
 linux-2.6: 
 2.6.18-etch-security: 
-2.6.8-sarge-security: 
-2.4.27-sarge-security: 
+2.6.8-sarge-security: ignored (2.6.8-16sarge7)
+2.4.27-sarge-security: ignored (2.4.27-10sarge6)
 2.6.12-breezy-security: needed
 2.6.15-dapper-security: needed
 2.6.17-edgy-security: needed

Modified: active/CVE-2007-0005
===================================================================
--- active/CVE-2007-0005	2007-03-31 21:58:27 UTC (rev 726)
+++ active/CVE-2007-0005	2007-03-31 22:44:49 UTC (rev 727)
@@ -4,12 +4,13 @@
  Buffer Overflow in Omnikey CardMan 4040 cmx driver
 Ubuntu-Description: 
 Notes: 
+ dannf> Driver wasn't in sarge
 Bugs: 
 upstream: 
 linux-2.6: 
 2.6.18-etch-security: 
-2.6.8-sarge-security: 
-2.4.27-sarge-security: 
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
 2.6.12-breezy-security: 
 2.6.15-dapper-security: 
 2.6.17-edgy-security:

More information about the kernel-sec-discuss mailing list