[kernel-sec-discuss] r1013 - active
dannf at alioth.debian.org
dannf at alioth.debian.org
Mon Nov 12 21:59:20 UTC 2007
Author: dannf
Date: 2007-11-12 21:59:20 +0000 (Mon, 12 Nov 2007)
New Revision: 1013
Modified:
active/CVE-2004-2731
Log:
update upstream status
Modified: active/CVE-2004-2731
===================================================================
--- active/CVE-2004-2731 2007-11-08 06:17:07 UTC (rev 1012)
+++ active/CVE-2004-2731 2007-11-12 21:59:20 UTC (rev 1013)
@@ -2,6 +2,10 @@
References:
http://www.securityfocus.com/bid/10632
http://securitytracker.com/id?1010617
+ http://git.kernel.org/?p=linux/kernel/git/wtarreau/linux-2.4.git;a=commit;h=996bad4803a2ebfebe7b27a431fbcae591f7d199
+ http://git.kernel.org/?p=linux/kernel/git/wtarreau/linux-2.4.git;a=commit;h=a545dd4118eba7242bb390a76b2a1bb3dce0430e
+ http://git.kernel.org/?p=linux/kernel/git/wtarreau/linux-2.4.git;a=commit;h=6ab2cfa4f0a04c11932af701b5437879dd14d8bb
+ http://git.kernel.org/?p=linux/kernel/git/wtarreau/linux-2.4.git;a=commit;h=090a4d5713b462e039e2896ac8092769c42ea742
Description:
Multiple integer overflows in Sbus PROM driver (drivers/sbus/char/openprom.c)
for the Linux kernel 2.4.x up to 2.4.27, 2.6.x up to 2.6.7, and possibly
@@ -13,8 +17,10 @@
dannf> This appears to have been fixed in 2.5, but 2.4 is still
dannf> vulnerable to the second part. I've sent patches to
dannf> willy/davem for 2.4 consideration
+ dannf>
+ dannf> Patches have been accepted, see References section
Bugs:
-upstream: released (2.5.33)
+upstream: released (2.5.33), pending (2.4.36)
linux-2.6: N/A
2.6.18-etch-security: N/A
2.6.8-sarge-security: N/A
More information about the kernel-sec-discuss
mailing list