[kernel-sec-discuss] r1120 - active
dannf at alioth.debian.org
dannf at alioth.debian.org
Mon Feb 4 17:33:37 UTC 2008
Author: dannf
Date: 2008-02-04 17:33:37 +0000 (Mon, 04 Feb 2008)
New Revision: 1120
Modified:
active/CVE-2005-0977
active/CVE-2005-1265
active/CVE-2006-0558
active/CVE-2007-2480
active/CVE-2007-3719
Log:
ignore a number of 2.4 issues
Modified: active/CVE-2005-0977
===================================================================
--- active/CVE-2005-0977 2008-02-04 17:31:48 UTC (rev 1119)
+++ active/CVE-2005-0977 2008-02-04 17:33:37 UTC (rev 1120)
@@ -17,6 +17,6 @@
upstream: released (2.6.11)
linux-2.6: N/A
2.6.8-sarge-security: released (2.6.8-16) [mm-shmem-truncate.dpatch]
-2.4.27-sarge-security: ignored (2.4.27-10sarge3)
+2.4.27-sarge-security: ignored (2.4.27-10sarge6) "need porting help"
2.6.18-etch-security: N/A
Modified: active/CVE-2005-1265
===================================================================
--- active/CVE-2005-1265 2008-02-04 17:31:48 UTC (rev 1119)
+++ active/CVE-2005-1265 2008-02-04 17:33:37 UTC (rev 1120)
@@ -6,10 +6,9 @@
to cause a denial of service (kernel crash)
Notes:
jmm> I've pulled the patch by Linus from the above-mentioned Ubuntu advisory
- dannf> Code is very different in 2.4; dunno if its vulnerable
Bugs:
upstream: released (2.6.12)
linux-2.6: N/A
2.6.8-sarge-security: released (2.6.8-16sarge1) [mm-mmap-range-test.dpatch]
-2.4.27-sarge-security: ignored (2.4.27-10sarge4)
+2.4.27-sarge-security: ignored (2.4.27-10sarge6) "not sure if it affects 2.4 - code is very different; need porting help"
2.6.18-etch-security: N/A
Modified: active/CVE-2006-0558
===================================================================
--- active/CVE-2006-0558 2008-02-04 17:31:48 UTC (rev 1119)
+++ active/CVE-2006-0558 2008-02-04 17:33:37 UTC (rev 1120)
@@ -20,6 +20,6 @@
Bugs: 365375
upstream: released (2.6.16)
linux-2.6: released (2.6.16-1)
-2.6.8-sarge-security: released (2.6.8-16sarge3)
-2.4.27-sarge-security: ignored (2.4.27-10sarge4)
+2.6.8-sarge-security: released (2.6.8-16sarge3) [perfmon-exit-race.dpatch]
+2.4.27-sarge-security: ignored (2.4.27-10sarge6) "need porting help"
2.6.18-etch-security: N/A
Modified: active/CVE-2007-2480
===================================================================
--- active/CVE-2007-2480 2008-02-04 17:31:48 UTC (rev 1119)
+++ active/CVE-2007-2480 2008-02-04 17:33:37 UTC (rev 1120)
@@ -15,7 +15,7 @@
linux-2.6: released (2.6.22-1)
2.6.18-etch-security: ignored (2.6.18.dfsg.1-13etch6) "needs backport"
2.6.8-sarge-security:
-2.4.27-sarge-security:
+2.4.27-sarge-security: ignored (2.4.27-10sarge6) "needs backport if affected"
2.6.15-dapper-security: needed (needs backporting)
2.6.17-edgy-security: needed (needs backporting)
2.6.20-feisty-security: needed
Modified: active/CVE-2007-3719
===================================================================
--- active/CVE-2007-3719 2008-02-04 17:31:48 UTC (rev 1119)
+++ active/CVE-2007-3719 2008-02-04 17:33:37 UTC (rev 1120)
@@ -13,7 +13,7 @@
linux-2.6:
2.6.18-etch-security: ignored (2.6.18.dfsg.1-13etch6) "no upstream fix"
2.6.8-sarge-security:
-2.4.27-sarge-security:
+2.4.27-sarge-security: ignored (2.4.27-10sarge6) "no upstream fix"
2.6.15-dapper-security: ignore (low priority, no obvious upstream fix)
2.6.17-edgy-security: ignore (low priority, no obvious upstream fix)
2.6.20-feisty-security: ignore (low priority, no obvious upstream fix)
More information about the kernel-sec-discuss
mailing list