[kernel-sec-discuss] r1210 - active
dannf at alioth.debian.org
dannf at alioth.debian.org
Wed Aug 27 07:40:07 UTC 2008
Author: dannf
Date: 2008-08-27 07:40:07 +0000 (Wed, 27 Aug 2008)
New Revision: 1210
Modified:
active/CVE-2006-6921
active/CVE-2006-7051
active/CVE-2007-2480
active/CVE-2007-3719
active/CVE-2007-3843
active/CVE-2007-6282
active/CVE-2007-6514
active/CVE-2008-0598
active/CVE-2008-1673
active/CVE-2008-2136
active/CVE-2008-2137
active/CVE-2008-2148
active/CVE-2008-2358
active/CVE-2008-2365
active/CVE-2008-2372
active/CVE-2008-2729
active/CVE-2008-2750
active/CVE-2008-2812
active/CVE-2008-2826
active/CVE-2008-2931
active/CVE-2008-2944
active/CVE-2008-3077
active/CVE-2008-3247
active/CVE-2008-3272
active/CVE-2008-3276
active/CVE-2008-3526
active/CVE-2008-3535
active/CVE-2008-3792
Log:
debian updates
Modified: active/CVE-2006-6921
===================================================================
--- active/CVE-2006-6921 2008-08-26 21:48:20 UTC (rev 1209)
+++ active/CVE-2006-6921 2008-08-27 07:40:07 UTC (rev 1210)
@@ -16,6 +16,7 @@
linux-2.6: needed
2.6.18-etch-security: ignored (2.6.18.dfsg.1-13etch6) "no upstream fix"
2.6.24-etchnhalf-security: ignored "no upstream fix"
+2.6.26-lenny-security: ignored
2.6.8-sarge-security: ignored (2.6.8-16sarge7)
2.4.27-sarge-security: N/A
2.6.15-dapper-security: ignored
Modified: active/CVE-2006-7051
===================================================================
--- active/CVE-2006-7051 2008-08-26 21:48:20 UTC (rev 1209)
+++ active/CVE-2006-7051 2008-08-27 07:40:07 UTC (rev 1210)
@@ -25,6 +25,7 @@
linux-2.6: released (2.6.23-1)
2.6.18-etch-security: ignored (2.6.18.dfsg.1-13etch6) "no upstream patch"
2.6.24-etchnhalf-security: ignored "no upstream patch"
+2.6.26-lenny-security: ignored "no upstream patch"
2.6.8-sarge-security: ignored (2.6.8-17sarge1) "no upstream patch"
2.4.27-sarge-security: N/A "No posix-timers.c"
2.6.15-dapper-security: ignore (no upstream patch)
Modified: active/CVE-2007-2480
===================================================================
--- active/CVE-2007-2480 2008-08-26 21:48:20 UTC (rev 1209)
+++ active/CVE-2007-2480 2008-08-27 07:40:07 UTC (rev 1210)
@@ -15,6 +15,7 @@
linux-2.6: released (2.6.22-1)
2.6.18-etch-security: ignored (2.6.18.dfsg.1-13etch6) "needs backport"
2.6.24-etchnhalf-security: N/A
+2.6.26-lenny-security: N/A
2.6.8-sarge-security: ignored (2.6.8-17sarge1) "needs backport"
2.4.27-sarge-security: ignored (2.4.27-10sarge6) "needs backport if affected"
2.6.15-dapper-security: N/A
Modified: active/CVE-2007-3719
===================================================================
--- active/CVE-2007-3719 2008-08-26 21:48:20 UTC (rev 1209)
+++ active/CVE-2007-3719 2008-08-27 07:40:07 UTC (rev 1210)
@@ -13,6 +13,7 @@
linux-2.6:
2.6.18-etch-security: ignored (2.6.18.dfsg.1-13etch6) "no upstream fix"
2.6.24-etchnhalf-security: ignored "low priority/no upstream fix"
+2.6.26-lenny-security: ignored "low priority/no upstream fix"
2.6.8-sarge-security: ignored (2.6.8-17sarge1) "no upstream fix"
2.4.27-sarge-security: ignored (2.4.27-10sarge6) "no upstream fix"
2.6.15-dapper-security: ignored (low priority, no obvious upstream fix)
Modified: active/CVE-2007-3843
===================================================================
--- active/CVE-2007-3843 2008-08-26 21:48:20 UTC (rev 1209)
+++ active/CVE-2007-3843 2008-08-27 07:40:07 UTC (rev 1210)
@@ -15,6 +15,8 @@
upstream: released (2.6.23-rc1)
linux-2.6: released (2.6.23-1)
2.6.18-etch-security: released (2.6.18.dfsg.1-13etch2) [bugfix/cifs-fix-sign-settings.patch]
+2.6.24-etchnhalf-security: N/A
+2.6.26-lenny-security: N/A
2.6.8-sarge-security: ignore (2.6.8-17sarge1) "code looks substantially different"
2.4.27-sarge-security: N/A "No cifs in 2.4.27"
2.6.15-dapper-security: ignored (code looks substantially different)
Modified: active/CVE-2007-6282
===================================================================
--- active/CVE-2007-6282 2008-08-26 21:48:20 UTC (rev 1209)
+++ active/CVE-2007-6282 2008-08-27 07:40:07 UTC (rev 1210)
@@ -10,8 +10,9 @@
Bugs:
upstream:
linux-2.6:
-2.6.18-etch-security: pending (2.6.18.dfsg.1-22etch1) [bugfix/esp-iv-in-linear-part-of-skb.patch]
-2.6.24-etchnhalf-security: pending (2.6.24-6~etchnhalf.4) [bugfix/esp-iv-in-linear-part-of-skb.patch]
+2.6.18-etch-security: released (2.6.18.dfsg.1-22etch1) [bugfix/esp-iv-in-linear-part-of-skb.patch]
+2.6.24-etchnhalf-security: released (2.6.24-6~etchnhalf.4) [bugfix/esp-iv-in-linear-part-of-skb.patch]
+2.6.26-lenny-security: N/A
2.6.15-dapper-security: pending
2.6.20-feisty-security: pending
2.6.22-gutsy-security: pending
Modified: active/CVE-2007-6514
===================================================================
--- active/CVE-2007-6514 2008-08-26 21:48:20 UTC (rev 1209)
+++ active/CVE-2007-6514 2008-08-27 07:40:07 UTC (rev 1210)
@@ -9,6 +9,7 @@
linux-2.6:
2.6.18-etch-security: ignored "no upstream fix"
2.6.24-etchnhalf-security: ignored "no upstream fix"
+2.6.26-lenny-security: ignored "no upstream fix"
2.6.15-dapper-security:
2.6.17-edgy-security: ignored (EOL)
2.6.20-feisty-security:
Modified: active/CVE-2008-0598
===================================================================
--- active/CVE-2008-0598 2008-08-26 21:48:20 UTC (rev 1209)
+++ active/CVE-2008-0598 2008-08-27 07:40:07 UTC (rev 1210)
@@ -8,7 +8,7 @@
Notes:
Bugs: 490910
upstream: pending (2.6.27-rc1)
-linux-2.6: needed
+linux-2.6: pending (2.6.26-4) [bugfix/x86-add-copy_user_handle_tail.patch, bugfix/x86-fix-copy_user.patch]
2.6.18-etch-security: released (2.6.18.dfsg.1-22etch2) [bugfix/x86-add-copy_user_handle_tail.patch, bugfix/x86-fix-copy_user.patch, bugfix/x86-wrong-register-was-used-in-align-macro.patch]
2.6.24-etchnhalf-security: pending (2.6.24-6~etchnhalf.5) [bugfix/x86-add-copy_user_handle_tail.patch, bugfix/x86-fix-copy_user.patch, bugfix/x86-wrong-register-was-used-in-align-macro.patch]
2.6.26-lenny-security: needed
Modified: active/CVE-2008-1673
===================================================================
--- active/CVE-2008-1673 2008-08-26 21:48:20 UTC (rev 1209)
+++ active/CVE-2008-1673 2008-08-27 07:40:07 UTC (rev 1210)
@@ -17,6 +17,7 @@
linux-2.6:
2.6.18-etch-security: released (2.6.18.dfsg.1-22etch2) [bugfix/asn1-ber-decoding-checks.patch, bugfix/cifs-fix-compiler-warning.patch, bugfix/netfilter-nf_nat_snmp_basic-fix-range-check.patch]
2.6.24-etchnhalf-security: needed (2.6.24-6~etchnhalf.5) [bugfix/asn1-ber-decoding-checks.patch, bugfix/cifs-fix-compiler-warning.patch, bugfix/netfilter-nf_nat_snmp_basic-fix-range-check.patch]
+2.6.26-lenny-security: N/A
2.6.15-dapper-security: pending
2.6.20-feisty-security: pending
2.6.22-gutsy-security: pending
Modified: active/CVE-2008-2136
===================================================================
--- active/CVE-2008-2136 2008-08-26 21:48:20 UTC (rev 1209)
+++ active/CVE-2008-2136 2008-08-27 07:40:07 UTC (rev 1210)
@@ -9,6 +9,7 @@
linux-2.6:
2.6.18-etch-security: released (2.6.18.dfsg.1-18etch5) [bugfix/sit-missing-kfree_skb-on-pskb_may_pull.patch]
2.6.24-etchnhalf-security: released (2.6.24-6~etchnhalf.3) [bugfix/sit-missing-kfree_skb-on-pskb_may_pull.patch]
+2.6.26-lenny-security: N/A
2.6.15-dapper-security: pending
2.6.20-feisty-security: pending
2.6.22-gutsy-security: pending
Modified: active/CVE-2008-2137
===================================================================
--- active/CVE-2008-2137 2008-08-26 21:48:20 UTC (rev 1209)
+++ active/CVE-2008-2137 2008-08-27 07:40:07 UTC (rev 1210)
@@ -8,6 +8,7 @@
linux-2.6:
2.6.18-etch-security: released (2.6.18.dfsg.1-18etch5) [bugfix/sparc-fix-mmap-va-span-checking.patch, bugfix/sparc-fix-mremap-addr-range-validation.patch]
2.6.24-etchnhalf-security: released (2.6.24-6~etchnhalf.3) [bugfix/sparc-fix-mmap-va-span-checking.patch, bugfix/sparc-fix-mremap-addr-range-validation.patch]
+2.6.26-lenny-security: N/A
2.6.15-dapper-security: pending
2.6.20-feisty-security: pending
2.6.22-gutsy-security: pending
Modified: active/CVE-2008-2148
===================================================================
--- active/CVE-2008-2148 2008-08-26 21:48:20 UTC (rev 1209)
+++ active/CVE-2008-2148 2008-08-27 07:40:07 UTC (rev 1210)
@@ -9,6 +9,7 @@
linux-2.6:
2.6.18-etch-security: N/A
2.6.24-etchnhalf-security: released (2.6.24-6~etchnhalf.3) [bugfix/vfs-fix-permission-checking-in-sys_utimensat.patch]
+2.6.26-lenny-security: N/A
2.6.15-dapper-security: N/A
2.6.20-feisty-security: N/A
2.6.22-gutsy-security: pending
Modified: active/CVE-2008-2358
===================================================================
--- active/CVE-2008-2358 2008-08-26 21:48:20 UTC (rev 1209)
+++ active/CVE-2008-2358 2008-08-27 07:40:07 UTC (rev 1210)
@@ -13,6 +13,7 @@
linux-2.6:
2.6.18-etch-security: released (2.6.18.dfsg.1-18etch6) [bugfix/dccp-feature-length-check.patch]
2.6.24-etchnhalf-security: N/A
+2.6.26-lenny-security: N/A
2.6.15-dapper-security: N/A
2.6.20-feisty-security: pending
2.6.22-gutsy-security: pending
Modified: active/CVE-2008-2365
===================================================================
--- active/CVE-2008-2365 2008-08-26 21:48:20 UTC (rev 1209)
+++ active/CVE-2008-2365 2008-08-27 07:40:07 UTC (rev 1210)
@@ -13,6 +13,7 @@
linux-2.6: N/A
2.6.18-etch-security: N/A
2.6.24-etchnhalf-security: N/A
+2.6.26-lenny-security: N/A
2.6.15-dapper-security:
2.6.20-feisty-security:
2.6.22-gutsy-security:
Modified: active/CVE-2008-2372
===================================================================
--- active/CVE-2008-2372 2008-08-26 21:48:20 UTC (rev 1209)
+++ active/CVE-2008-2372 2008-08-27 07:40:07 UTC (rev 1210)
@@ -9,6 +9,7 @@
linux-2.6:
2.6.18-etch-security: needed "Maybe... 2.6.18 is before zero page was removed"
2.6.24-etchnhalf-security: pending (2.6.24-6~etchnhalf.4) [bugfix/reinstate-zero_page-optimization-in-get_user_pages-and-fix-xip.patch]
+2.6.26-lenny-security: N/A
2.6.15-dapper-security:
2.6.20-feisty-security:
2.6.22-gutsy-security:
Modified: active/CVE-2008-2729
===================================================================
--- active/CVE-2008-2729 2008-08-26 21:48:20 UTC (rev 1209)
+++ active/CVE-2008-2729 2008-08-27 07:40:07 UTC (rev 1210)
@@ -9,6 +9,7 @@
linux-2.6: N/A
2.6.18-etch-security: pending (2.6.18.dfsg.1-22etch1) [bugfix/amd64-fix-zeroing-on-exception-in-copy_user.patch]
2.6.24-etchnhalf-security: N/A "Fixed upstream before 2.6.24"
+2.6.26-lenny-security: N/A
2.6.15-dapper-security:
2.6.20-feisty-security:
2.6.22-gutsy-security:
Modified: active/CVE-2008-2750
===================================================================
--- active/CVE-2008-2750 2008-08-26 21:48:20 UTC (rev 1209)
+++ active/CVE-2008-2750 2008-08-27 07:40:07 UTC (rev 1210)
@@ -11,9 +11,10 @@
kees> linux-2.6: 6b6707a50c7598a83820077393f8823ab791abf8
Bugs:
upstream: released (2.6.26-rc6)
-linux-2.6: released (2.6.26-rc6)
+linux-2.6: released (2.6.26-1)
2.6.18-etch-security: N/A "code added after 2.6.18"
2.6.24-etchnhalf-security: pending (2.6.24-6~etchnhalf.4) "bugfix/l2tp-pppol2tp_recvmsg-corruption.patch"
+2.6.26-lenny-security: N/A
2.6.15-dapper-security: N/A
2.6.20-feisty-security: N/A
2.6.22-gutsy-security: N/A
Modified: active/CVE-2008-2812
===================================================================
--- active/CVE-2008-2812 2008-08-26 21:48:20 UTC (rev 1209)
+++ active/CVE-2008-2812 2008-08-27 07:40:07 UTC (rev 1210)
@@ -6,8 +6,9 @@
Bugs:
upstream: released (2.6.25.10)
linux-2.6: released (2.6.25-7) [bugfix/all/stable/2.6.25.10.patch]
-2.6.18-etch-security: pending (2.6.18.dfsg.1-22etch1) [bugfix/tty-fix-for-tty-operations-bugs.patch]
-2.6.24-etchnhalf-security: pending (2.6.24-6~etchnhalf.4) [bugfix/tty-fix-for-tty-operations-bugs.patch]
+2.6.18-etch-security: released (2.6.18.dfsg.1-22etch1) [bugfix/tty-fix-for-tty-operations-bugs.patch]
+2.6.24-etchnhalf-security: released (2.6.24-6~etchnhalf.4) [bugfix/tty-fix-for-tty-operations-bugs.patch]
+2.6.26-lenny-security: N/A
2.6.15-dapper-security:
2.6.20-feisty-security:
2.6.22-gutsy-security:
Modified: active/CVE-2008-2826
===================================================================
--- active/CVE-2008-2826 2008-08-26 21:48:20 UTC (rev 1209)
+++ active/CVE-2008-2826 2008-08-27 07:40:07 UTC (rev 1210)
@@ -7,8 +7,9 @@
Bugs:
upstream:
linux-2.6:
-2.6.18-etch-security: pending (2.6.18.dfsg.1-22etch1) [bugfix/sctp-make-sure-n-sizeof-does-not-overflow.patch]
-2.6.24-etchnhalf-security: pending (2.6.24-6~etchnhalf.4) [bugfix/sctp-make-sure-n-sizeof-does-not-overflow.patch]
+2.6.18-etch-security: released (2.6.18.dfsg.1-22etch1) [bugfix/sctp-make-sure-n-sizeof-does-not-overflow.patch]
+2.6.24-etchnhalf-security: released (2.6.24-6~etchnhalf.4) [bugfix/sctp-make-sure-n-sizeof-does-not-overflow.patch]
+2.6.26-lenny-security: N/A
2.6.15-dapper-security:
2.6.20-feisty-security:
2.6.22-gutsy-security:
Modified: active/CVE-2008-2931
===================================================================
--- active/CVE-2008-2931 2008-08-26 21:48:20 UTC (rev 1209)
+++ active/CVE-2008-2931 2008-08-27 07:40:07 UTC (rev 1210)
@@ -8,8 +8,9 @@
Bugs:
upstream: released (2.6.21)
linux-2.6: N/A
-2.6.18-etch-security: pending (2.6.18.dfsg.1-22etch1) [bugfix/check-privileges-before-setting-mount-propagation.patch]
+2.6.18-etch-security: released (2.6.18.dfsg.1-22etch1) [bugfix/check-privileges-before-setting-mount-propagation.patch]
2.6.24-etchnhalf-security: N/A
+2.6.26-lenny-security: N/A
2.6.15-dapper-security:
2.6.20-feisty-security:
2.6.22-gutsy-security:
Modified: active/CVE-2008-2944
===================================================================
--- active/CVE-2008-2944 2008-08-26 21:48:20 UTC (rev 1209)
+++ active/CVE-2008-2944 2008-08-27 07:40:07 UTC (rev 1210)
@@ -2,11 +2,11 @@
Description:
References:
Ubuntu-Description:
-Notes:
+Notes:
Bugs:
upstream:
-linux-2.6:
-2.6.18-etch-security:
+linux-2.6:
+2.6.18-etch-security:
2.6.24-etchnhalf-security:
2.6.26-lenny-security:
2.6.15-dapper-security:
Modified: active/CVE-2008-3077
===================================================================
--- active/CVE-2008-3077 2008-08-26 21:48:20 UTC (rev 1209)
+++ active/CVE-2008-3077 2008-08-27 07:40:07 UTC (rev 1210)
@@ -3,12 +3,14 @@
References:
http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git;a=commitdiff;h=1e9a615bfce7996ea4d815d45d364b47ac6a74e8
Ubuntu-Description:
-Notes:
+Notes:
+ dannf> 2.6.25-specific
Bugs:
upstream: released (2.6.25.10, 2.6.26)
-linux-2.6:
+linux-2.6: N/A
2.6.18-etch-security: N/A
2.6.24-etchnhalf-security: N/A
+2.6.26-lenny-security: N/A
2.6.15-dapper-security:
2.6.20-feisty-security:
2.6.22-gutsy-security:
Modified: active/CVE-2008-3247
===================================================================
--- active/CVE-2008-3247 2008-08-26 21:48:20 UTC (rev 1209)
+++ active/CVE-2008-3247 2008-08-27 07:40:07 UTC (rev 1210)
@@ -8,6 +8,7 @@
linux-2.6: released (2.6.25-7)
2.6.18-etch-security: N/A
2.6.24-etchnhalf-security: N/A
+2.6.26-lenny-security: N/A
2.6.15-dapper-security:
2.6.20-feisty-security:
2.6.22-gutsy-security:
Modified: active/CVE-2008-3272
===================================================================
--- active/CVE-2008-3272 2008-08-26 21:48:20 UTC (rev 1209)
+++ active/CVE-2008-3272 2008-08-27 07:40:07 UTC (rev 1210)
@@ -5,10 +5,10 @@
Notes:
Bugs:
upstream: released (2.6.25.15, 2.6.26.2, 2.6.27-rc2)
-linux-2.6: released (2.6.26-2)
+linux-2.6: released (2.6.26-2) [bugfix/all/stable/2.6.26.2.patch]
2.6.18-etch-security: released (2.6.18.dfsg.1-22etch2) [bugfix/sound-ensure-device-number-is-valid-in-snd_seq_oss_synth_make_info.patch]
2.6.24-etchnhalf-security: pending (2.6.24-6~etchnhalf.5) [bugfix/sound-ensure-device-number-is-valid-in-snd_seq_oss_synth_make_info.patch]
-2.6.26-lenny-security:
+2.6.26-lenny-security: released (2.6.26-2) [bugfix/all/stable/2.6.26.2.patch]
2.6.15-dapper-security:
2.6.20-feisty-security:
2.6.22-gutsy-security:
Modified: active/CVE-2008-3276
===================================================================
--- active/CVE-2008-3276 2008-08-26 21:48:20 UTC (rev 1209)
+++ active/CVE-2008-3276 2008-08-27 07:40:07 UTC (rev 1210)
@@ -5,11 +5,11 @@
Ubuntu-Description:
Notes:
Bugs:
-upstream:
-linux-2.6:
-2.6.18-etch-security:
-2.6.24-etchnhalf-security:
-2.6.26-lenny-security:
+upstream: released (2.6.26.3)
+linux-2.6: pending (2.6.26-4)
+2.6.18-etch-security: pending (2.6.18.dfsg.1-22etch3) [bugfix/dccp-change-l-r-must-have-at-least-one-byte-in-the-dccpsf_val-field.patch]
+2.6.24-etchnhalf-security: pending (2.6.24-6~etchnhalf.5) [bugfix/dccp-change-l-r-must-have-at-least-one-byte-in-the-dccpsf_val-field.patch]
+2.6.26-lenny-security: pending (2.6.26.4) [bugfix/all/stable/2.6.26.3.patch]
2.6.15-dapper-security:
2.6.20-feisty-security:
2.6.22-gutsy-security:
Modified: active/CVE-2008-3526
===================================================================
--- active/CVE-2008-3526 2008-08-26 21:48:20 UTC (rev 1209)
+++ active/CVE-2008-3526 2008-08-27 07:40:07 UTC (rev 1210)
@@ -5,11 +5,11 @@
Ubuntu-Description:
Notes:
Bugs:
-upstream:
-linux-2.6:
-2.6.18-etch-security:
+upstream: pending
+linux-2.6: pending (2.6.26-4) [bugfix/sctp-auth-key-length-check.patch]
+2.6.18-etch-security: N/A "code not present"
2.6.24-etchnhalf-security:
-2.6.26-lenny-security:
+2.6.26-lenny-security: pending (2.6.26-4) [bugfix/sctp-auth-key-length-check.patch]
2.6.15-dapper-security:
2.6.20-feisty-security:
2.6.22-gutsy-security:
Modified: active/CVE-2008-3535
===================================================================
--- active/CVE-2008-3535 2008-08-26 21:48:20 UTC (rev 1209)
+++ active/CVE-2008-3535 2008-08-27 07:40:07 UTC (rev 1210)
@@ -5,10 +5,10 @@
Notes:
Bugs:
upstream: released (2.6.25.14, 2.6.26.1)
-linux-2.6: released (2.6.26-2)
+linux-2.6: released (2.6.26-2) [bugfix/all/stable/2.6.26.1.patch]
2.6.18-etch-security: N/A "code not present"
2.6.24-etchnhalf-security:
-2.6.26-lenny-security:
+2.6.26-lenny-security: released (2.6.26-2) [bugfix/all/stable/2.6.26.1.patch]
2.6.15-dapper-security:
2.6.20-feisty-security:
2.6.22-gutsy-security:
Modified: active/CVE-2008-3792
===================================================================
--- active/CVE-2008-3792 2008-08-26 21:48:20 UTC (rev 1209)
+++ active/CVE-2008-3792 2008-08-27 07:40:07 UTC (rev 1210)
@@ -5,11 +5,11 @@
Ubuntu-Description:
Notes:
Bugs:
-upstream:
-linux-2.6:
-2.6.18-etch-security:
+upstream: pending
+linux-2.6: pending (2.6.26-4) [bugfix/sctp-auth-panics.patch]
+2.6.18-etch-security:
2.6.24-etchnhalf-security:
-2.6.26-lenny-security:
+2.6.26-lenny-security: pending (2.6.26-4) [bugfix/sctp-auth-panics.patch]
2.6.15-dapper-security:
2.6.20-feisty-security:
2.6.22-gutsy-security:
More information about the kernel-sec-discuss
mailing list