[kernel-sec-discuss] r1028 - active

dannf at alioth.debian.org dannf at alioth.debian.org
Thu Nov 22 19:19:34 UTC 2007 

Author: dannf
Date: 2007-11-22 19:19:34 +0000 (Thu, 22 Nov 2007)
New Revision: 1028

Modified:
   active/CVE-2006-6128
   active/CVE-2006-6921
   active/CVE-2006-7051
   active/CVE-2007-2480
   active/CVE-2007-2878
   active/CVE-2007-3719
   active/CVE-2007-4311
   active/CVE-2007-4571
Log:
debian/upstream statuses

Modified: active/CVE-2006-6128
===================================================================
--- active/CVE-2006-6128	2007-11-22 18:27:30 UTC (rev 1027)
+++ active/CVE-2006-6128	2007-11-22 19:19:34 UTC (rev 1028)
@@ -19,7 +19,7 @@
 Bugs: 
 upstream: 
 linux-2.6: ignored 
-2.6.18-etch-security: ignored (2.6.18.dfsg.1-12etch1)
+2.6.18-etch-security: ignored (2.6.18.dfsg.1-13etch5)
 2.6.8-sarge-security: ignored (2.6.8-16sarge7)
 2.4.27-sarge-security: ignored (2.4.27-10sarge6)
 2.6.15-dapper-security: ignored

Modified: active/CVE-2006-6921
===================================================================
--- active/CVE-2006-6921	2007-11-22 18:27:30 UTC (rev 1027)
+++ active/CVE-2006-6921	2007-11-22 19:19:34 UTC (rev 1028)
@@ -14,7 +14,7 @@
 Bugs: 
 upstream: 
 linux-2.6: needed
-2.6.18-etch-security: ignored (2.6.18.dfsg.1-12etch1)
+2.6.18-etch-security: ignored (2.6.18.dfsg.1-13etch5)
 2.6.8-sarge-security: ignored (2.6.8-16sarge7)
 2.4.27-sarge-security: N/A
 2.6.15-dapper-security: ignored

Modified: active/CVE-2006-7051
===================================================================
--- active/CVE-2006-7051	2007-11-22 18:27:30 UTC (rev 1027)
+++ active/CVE-2006-7051	2007-11-22 19:19:34 UTC (rev 1028)
@@ -20,7 +20,7 @@
 Bugs: 
 upstream: 
 linux-2.6: 
-2.6.18-etch-security: ignored (2.6.18.dfsg.1-13etch1) "no upstream patch"
+2.6.18-etch-security: ignored (2.6.18.dfsg.1-13etch5) "no upstream patch"
 2.6.8-sarge-security: 
 2.4.27-sarge-security: 
 2.6.15-dapper-security: ignore (no upstream patch)

Modified: active/CVE-2007-2480
===================================================================
--- active/CVE-2007-2480	2007-11-22 18:27:30 UTC (rev 1027)
+++ active/CVE-2007-2480	2007-11-22 19:19:34 UTC (rev 1028)
@@ -13,7 +13,7 @@
 Bugs: 
 upstream: released (2.6.22)
 linux-2.6: released (2.6.22-1)
-2.6.18-etch-security: ignored (2.6.18.dfsg.1-13etch1) "needs backport"
+2.6.18-etch-security: ignored (2.6.18.dfsg.1-13etch5) "needs backport"
 2.6.8-sarge-security: 
 2.4.27-sarge-security: 
 2.6.15-dapper-security: needed (needs backporting)

Modified: active/CVE-2007-2878
===================================================================
--- active/CVE-2007-2878	2007-11-22 18:27:30 UTC (rev 1027)
+++ active/CVE-2007-2878	2007-11-22 19:19:34 UTC (rev 1028)
@@ -21,7 +21,7 @@
 Bugs: 
 upstream: released (2.6.21.2)
 linux-2.6: released (2.6.21-3)
-2.6.18-etch-security: ignored (2.6.18.dfsg.1-13etch1) "ABI breaker"
+2.6.18-etch-security: ignored (2.6.18.dfsg.1-13etch5) "ABI breaker"
 2.6.8-sarge-security: N/A
 2.4.27-sarge-security: N/A
 2.6.15-dapper-security: released (2.6.15-28.57)

Modified: active/CVE-2007-3719
===================================================================
--- active/CVE-2007-3719	2007-11-22 18:27:30 UTC (rev 1027)
+++ active/CVE-2007-3719	2007-11-22 19:19:34 UTC (rev 1028)
@@ -10,7 +10,7 @@
 Bugs: 
 upstream: 
 linux-2.6: 
-2.6.18-etch-security: ignored (2.6.18.dfsg.1-13etch1) "no upstream fix"
+2.6.18-etch-security: ignored (2.6.18.dfsg.1-13etch5) "no upstream fix"
 2.6.8-sarge-security: 
 2.4.27-sarge-security: 
 2.6.15-dapper-security: ignore (low priority, no obvious upstream fix)

Modified: active/CVE-2007-4311
===================================================================
--- active/CVE-2007-4311	2007-11-22 18:27:30 UTC (rev 1027)
+++ active/CVE-2007-4311	2007-11-22 19:19:34 UTC (rev 1028)
@@ -4,11 +4,15 @@
 Description: 
 Ubuntu-Description: 
 Notes: 
+ dannf> The reporter noted that this is fixed in current 2.6's. It does
+ dannf> appear that way in Debian's 2.6.8 and 2.6.18, but the code that
+ dannf> solves it is quite a bit different in both. I wouldn't necessarily
+ dannf> assume that kernels between 2.6.8 & 2.6.18 are invulnerable.
 Bugs: 
-upstream: 
-linux-2.6: 
-2.6.18-etch-security: 
-2.6.8-sarge-security: 
+upstream: released (2.4.35-rc1)
+linux-2.6: N/A
+2.6.18-etch-security: N/A
+2.6.8-sarge-security: N/A
 2.4.27-sarge-security: pending (2.4.27-10sarge6) [248_random-reseed-sizeof-fix.diff]
 2.6.15-dapper-security: N/A
 2.6.17-edgy-security: N/A

Modified: active/CVE-2007-4571
===================================================================
--- active/CVE-2007-4571	2007-11-22 18:27:30 UTC (rev 1027)
+++ active/CVE-2007-4571	2007-11-22 19:19:34 UTC (rev 1028)
@@ -11,7 +11,7 @@
 Bugs: 
 upstream: released (2.6.22.8)
 linux-2.6: released (2.6.22-5)
-2.6.18-etch-security: ignored (2.6.18.dfsg.1-13etch3)
+2.6.18-etch-security: ignored (2.6.18.dfsg.1-13etch5) "ABI Changer"
 2.6.8-sarge-security: 
 2.4.27-sarge-security: 
 2.6.15-dapper-security: deferred

More information about the kernel-sec-discuss mailing list