[kernel-sec-discuss] r1133 - active
dannf at alioth.debian.org
dannf at alioth.debian.org
Thu Feb 14 06:33:39 UTC 2008
Author: dannf
Date: 2008-02-14 06:33:38 +0000 (Thu, 14 Feb 2008)
New Revision: 1133
Modified:
active/CVE-2006-6054
active/CVE-2007-2242
active/CVE-2007-2453
active/CVE-2007-2525
active/CVE-2007-3104
active/CVE-2007-3105
active/CVE-2007-3731
active/CVE-2007-3739
active/CVE-2007-3740
active/CVE-2007-3843
active/CVE-2007-4130
active/CVE-2007-4133
active/CVE-2007-4571
active/CVE-2007-4573
active/CVE-2007-5093
active/CVE-2007-5904
active/CVE-2007-6694
active/CVE-2008-0007
Log:
various debian updates
Modified: active/CVE-2006-6054
===================================================================
--- active/CVE-2006-6054 2008-02-13 06:11:31 UTC (rev 1132)
+++ active/CVE-2006-6054 2008-02-14 06:33:38 UTC (rev 1133)
@@ -18,7 +18,7 @@
linux-2.6: released (2.6.18.dfsg.1-10) [bugfix/2.6.18.38]
2.6.18-etch-security: released (2.6.18.dfsg.1-10) [bugfix/2.6.16.38]
2.6.8-sarge-security: pending (2.6.8-17sarge1) [ext2-skip-pages-past-num-blocks.dpatch]
-2.4.27-sarge-security: needed (2.4.27-10sarge6) [255_ext2-skip-pages-past-num-blocks.diff] "pending upstream 2.4 acceptance"
+2.4.27-sarge-security: pending (2.4.27-10sarge6) [258_ext2_readdir-f_pos-fix.diff, 259_ext2_readdir-infinite-loop.diff, 260_ext2-skip-pages-past-num-blocks.diff]
2.6.12-breezy-security: released (2.6.12-10.43)
2.6.15-dapper-security: released (2.6.15-28.51)
2.6.17-edgy-security: released (2.6.17.1-11.35)
Modified: active/CVE-2007-2242
===================================================================
--- active/CVE-2007-2242 2008-02-13 06:11:31 UTC (rev 1132)
+++ active/CVE-2007-2242 2008-02-14 06:33:38 UTC (rev 1133)
@@ -25,8 +25,8 @@
upstream: released (2.6.21)
linux-2.6: released (2.6.21-1)
2.6.18-etch-security: released (2.6.18.dfsg.1-13etch1) [bugfix/ipv6-disallow-RH0-by-default.patch]
-2.6.8-sarge-security:
-2.4.27-sarge-security: needed "backport in tree; needs testing/submittal to netdev/willy"
+2.6.8-sarge-security: needed
+2.4.27-sarge-security: needed
2.6.15-dapper-security: released (2.6.15-29.58)
2.6.17-edgy-security: released (2.6.17.1-11.39) [fee89820efa8e3479b39149dcfb2b1bccdaadedc]
2.6.20-feisty-security: released (2.6.20-16.28)
Modified: active/CVE-2007-2453
===================================================================
--- active/CVE-2007-2453 2008-02-13 06:11:31 UTC (rev 1132)
+++ active/CVE-2007-2453 2008-02-14 06:33:38 UTC (rev 1133)
@@ -20,7 +20,7 @@
upstream: released (2.6.21.4)
linux-2.6: released (2.6.21-5)
2.6.18-etch-security: released (2.6.18.dfsg.1-13etch1) [bugfix/random-fix-seeding-with-zero-entropy.patch, bugfix/random-fix-error-in-entropy-extraction.patch]
-2.6.8-sarge-security:
+2.6.8-sarge-security: N/A "2.6.8 uses HASH_TRANSFORM, so I think its N/A"
2.4.27-sarge-security: N/A "Matt Mackall says these don't affect 2.4 (though 2.4 has a number of other issues)"
2.6.15-dapper-security: released (2.6.15-28.57)
2.6.17-edgy-security: released (2.6.17.1-11.39)
Modified: active/CVE-2007-2525
===================================================================
--- active/CVE-2007-2525 2008-02-13 06:11:31 UTC (rev 1132)
+++ active/CVE-2007-2525 2008-02-14 06:33:38 UTC (rev 1133)
@@ -16,7 +16,7 @@
linux-2.6: released (2.6.21-1)
2.6.18-etch-security: released (2.6.18.dfsg.1-13etch1) [bugfix/pppoe-socket-release-mem-leak.patch]
2.6.8-sarge-security: pending (2.6.8-17sarge1) [pppoe-socket-release-mem-leak.dpatch]
-2.4.27-sarge-security: needed "Backport sent to Willy Tarreau on 2008.01.21"
+2.4.27-sarge-security: pending (2.4.27-10sarge6) [255_pppoe-socket-release-mem-leak.diff]
2.6.15-dapper-security: released (2.6.15-28.57)
2.6.17-edgy-security: released (2.6.17.1-11.39) [123623f9ad4d9bbe55c03b33ce79123e948b107f]
2.6.20-feisty-security: released (2.6.20-16.31) [168038c2da7f984a07fd169270b2cac561e1c90c]
Modified: active/CVE-2007-3104
===================================================================
--- active/CVE-2007-3104 2008-02-13 06:11:31 UTC (rev 1132)
+++ active/CVE-2007-3104 2008-02-14 06:33:38 UTC (rev 1133)
@@ -14,7 +14,7 @@
upstream: released (2.6.22.2)
linux-2.6: released (2.6.22-4)
2.6.18-etch-security: released (2.6.18.dfsg.1-13etch5) [bugfix/sysfs_readdir-NULL-deref-1.patch, bugfix/sysfs_readdir-NULL-deref-2.patch, bugfix/sysfs-fix-condition-check.patch]
-2.6.8-sarge-security:
+2.6.8-sarge-security: needed "code is very different in 2.6.8, if no reproducer, ignore"
2.4.27-sarge-security: N/A
2.6.15-dapper-security: released (2.6.15-29.58)
2.6.17-edgy-security: released (2.6.17.1-12.40) [a8c3f241ea411211c4802098f23a8da309e8bbd1]
Modified: active/CVE-2007-3105
===================================================================
--- active/CVE-2007-3105 2008-02-13 06:11:31 UTC (rev 1132)
+++ active/CVE-2007-3105 2008-02-14 06:33:38 UTC (rev 1133)
@@ -21,7 +21,7 @@
upstream: released (2.6.21, 2.6.22.3)
linux-2.6: released (2.6.21-1)
2.6.18-etch-security: released (2.6.18.dfsg.1-13etch2) [bugfix/random-bound-check-ordering.patch]
-2.6.8-sarge-security:
+2.6.8-sarge-security: pending (2.6.8-17sarge2) [random-bound-check-ordering.dpatch]
2.4.27-sarge-security: N/A
2.6.15-dapper-security: released (2.6.15-29.58)
2.6.17-edgy-security: released (2.6.17.1-12.40) [f22710043b7d89b496f7910e9c87ed62519dff14]
Modified: active/CVE-2007-3731
===================================================================
--- active/CVE-2007-3731 2008-02-13 06:11:31 UTC (rev 1132)
+++ active/CVE-2007-3731 2008-02-14 06:33:38 UTC (rev 1133)
@@ -24,7 +24,7 @@
upstream: released (2.6.23-rc1)
linux-2.6: released (2.6.23-1)
2.6.18-etch-security: released (2.6.18.dfsg.1-13etch3) [bugfix/ptrace-handle-bogus-selector.patch, bugfix/fixup-trace_irq-breakage.patch]
-2.6.8-sarge-security:
+2.6.8-sarge-security: needed "code is quite different; need to test reproducer"
2.4.27-sarge-security: N/A "cannot reproduce in 2.4"
2.6.15-dapper-security: released (2.6.15-29.59)
2.6.17-edgy-security: released (2.6.17.1-12.41 17fc2937158a31e501e7e0aae9e3951b9ca49a0a, cd01b60fda15bb9d76eecf9420c989c3248881f6)
Modified: active/CVE-2007-3739
===================================================================
--- active/CVE-2007-3739 2008-02-13 06:11:31 UTC (rev 1132)
+++ active/CVE-2007-3739 2008-02-14 06:33:38 UTC (rev 1133)
@@ -24,7 +24,7 @@
upstream: released (2.6.20)
linux-2.6: released (2.6.20)
2.6.18-etch-security: released (2.6.18.dfsg.1-13etch3) [bugfix/prevent-stack-growth-into-hugetlb-region.patch]
-2.6.8-sarge-security:
+2.6.8-sarge-security: pending (2.6.8-17sarge1) [prevent-stack-growth-into-hugetlb-region.dpatch]
2.4.27-sarge-security: N/A "files/functions non-existant in 2.4"
2.6.15-dapper-security: released (2.6.15-29.59)
2.6.17-edgy-security: released (2.6.17.1-12.41 ae30f170a8c2988179b2b34c7e562f57eb0556bc)
Modified: active/CVE-2007-3740
===================================================================
--- active/CVE-2007-3740 2008-02-13 06:11:31 UTC (rev 1132)
+++ active/CVE-2007-3740 2008-02-14 06:33:38 UTC (rev 1133)
@@ -18,7 +18,7 @@
upstream: released (2.6.22-rc5) [3ce53fc4c57603d99c330a6ee2fe96d94f2d350f]
linux-2.6: released (2.6.22-1)
2.6.18-etch-security: released (2.6.18.dfsg.1-13etch3) [bugfix/cifs-honor-umask.patch]
-2.6.8-sarge-security:
+2.6.8-sarge-security: pending (2.6.8-17sarge1) [cifs-honor-umask.dpatch]
2.4.27-sarge-security: N/A
2.6.15-dapper-security: released (2.6.15-29.59)
2.6.17-edgy-security: released (2.6.17.1-12.41 79255d92e1277021fc1be8e72897fe6177ab9b67)
Modified: active/CVE-2007-3843
===================================================================
--- active/CVE-2007-3843 2008-02-13 06:11:31 UTC (rev 1132)
+++ active/CVE-2007-3843 2008-02-14 06:33:38 UTC (rev 1133)
@@ -15,7 +15,7 @@
upstream: released (2.6.23-rc1)
linux-2.6: released (2.6.23-1)
2.6.18-etch-security: released (2.6.18.dfsg.1-13etch2) [bugfix/cifs-fix-sign-settings.patch]
-2.6.8-sarge-security:
+2.6.8-sarge-security: ignore (2.6.8-17sarge1) "code looks substantially different"
2.4.27-sarge-security: N/A "No cifs in 2.4.27"
2.6.15-dapper-security: ignore (code looks substantially different)
2.6.17-edgy-security: ignore (code looks substantially different)
Modified: active/CVE-2007-4130
===================================================================
--- active/CVE-2007-4130 2008-02-13 06:11:31 UTC (rev 1132)
+++ active/CVE-2007-4130 2008-02-14 06:33:38 UTC (rev 1133)
@@ -10,9 +10,9 @@
Bugs:
upstream:
linux-2.6:
-2.6.18-etch-security:
-2.6.8-sarge-security:
-2.4.27-sarge-security:
+2.6.18-etch-security: ignored (2.6.18.dfsg.1-18etch2) "no known upstream fix"
+2.6.8-sarge-security: ignored (2.6.8-17sarge2) "no known upstream fix"
+2.4.27-sarge-security: ignored (2.4.27-10sarge6) "no known upstream fix"
2.6.15-dapper-security:
2.6.17-edgy-security:
2.6.20-feisty-security:
Modified: active/CVE-2007-4133
===================================================================
--- active/CVE-2007-4133 2008-02-13 06:11:31 UTC (rev 1132)
+++ active/CVE-2007-4133 2008-02-14 06:33:38 UTC (rev 1133)
@@ -18,7 +18,7 @@
upstream: released (2.6.19)
linux-2.6: released (2.6.20-1)
2.6.18-etch-security: released (2.6.18.dfsg.1-13etch4) [bugfix/hugetlb-prio_tree-unit-fix.patch]
-2.6.8-sarge-security:
+2.6.8-sarge-security: pending (2.6.8-17sarge1) [hugetlb-prio_tree-unit-fix.dpatch]
2.4.27-sarge-security: N/A
2.6.15-dapper-security: pending (2.6.15-29.61)
2.6.17-edgy-security: released (2.6.17.1-12.42)
Modified: active/CVE-2007-4571
===================================================================
--- active/CVE-2007-4571 2008-02-13 06:11:31 UTC (rev 1132)
+++ active/CVE-2007-4571 2008-02-14 06:33:38 UTC (rev 1133)
@@ -17,7 +17,7 @@
upstream: released (2.6.22.8)
linux-2.6: released (2.6.22-5)
2.6.18-etch-security: released (2.6.18.dfsg.1-17etch1) [bugfix/proc-snd-page-alloc-mem-leak.patch]
-2.6.8-sarge-security:
+2.6.8-sarge-security: needed "is it reproducible?"
2.4.27-sarge-security: N/A "not in mainline 2.4, but maybe in out-of-tree modules"
2.6.15-dapper-security: deferred
2.6.17-edgy-security: deferred
Modified: active/CVE-2007-4573
===================================================================
--- active/CVE-2007-4573 2008-02-13 06:11:31 UTC (rev 1132)
+++ active/CVE-2007-4573 2008-02-14 06:33:38 UTC (rev 1133)
@@ -11,8 +11,8 @@
Bugs:
upstream: released (2.6.22.7)
linux-2.6: released (2.6.22-5)
-2.6.18-etch-security: released (2.6.18.dfsg.1-13etch4) [bugfix/amd64-zero-extend-32bit-ptrace.patch]
-2.6.8-sarge-security:
+2.6.18-etch-security: released (2.6.18.dfsg.1-13etch4) [bugfix/amd64-zero-extend-32bit-ptrace.patch, bugfix/amd64-zero-extend-32bit-ptrace-xen.patch]
+2.6.8-sarge-security: pending (2.6.8-17sarge1) [amd64-zero-extend-32bit-ptrace.dpatch]
2.4.27-sarge-security: N/A
2.6.15-dapper-security: released (2.6.15-29.59)
2.6.17-edgy-security: released (2.6.17.1-12.41 bac7adb35e5a3630511249b4f1bbdaff3b574455)
Modified: active/CVE-2007-5093
===================================================================
--- active/CVE-2007-5093 2008-02-13 06:11:31 UTC (rev 1132)
+++ active/CVE-2007-5093 2008-02-14 06:33:38 UTC (rev 1133)
@@ -27,7 +27,7 @@
upstream: released (2.6.22.6)
linux-2.6: released (2.6.23-1)
2.6.18-etch-security: released (2.6.18.dfsg.1-13etch4) [bugfix/usb-pwc-disconnect-block.patch]
-2.6.8-sarge-security:
+2.6.8-sarge-security: pending (2.6.8-17sarge1) [usb-pwc-disconnect-block.dpatch]
2.4.27-sarge-security: needed (2.4.17-10sarge6) [258_usb-pwc-disconnect-block.diff] "backport sent to upstream (Willy Tarreau) on 2008.02.06"
2.6.15-dapper-security: pending (2.6.15-29.61)
2.6.17-edgy-security: released (2.6.17.1-12.42)
Modified: active/CVE-2007-5904
===================================================================
--- active/CVE-2007-5904 2008-02-13 06:11:31 UTC (rev 1132)
+++ active/CVE-2007-5904 2008-02-14 06:33:38 UTC (rev 1133)
@@ -15,7 +15,7 @@
upstream:
linux-2.6:
2.6.18-etch-security: released (2.6.18.dfsg.1-13etch5) [bugfix/cifs-better-failed-mount-errors.patch, bugfix/cifs-corrupt-server-response-overflow.patch]
-2.6.8-sarge-security:
+2.6.8-sarge-security: ignored (2.6.8-17sarge2) "needs port if vulnerable"
2.4.27-sarge-security: N/A "No CIFS"
2.6.15-dapper-security:
2.6.17-edgy-security:
Modified: active/CVE-2007-6694
===================================================================
--- active/CVE-2007-6694 2008-02-13 06:11:31 UTC (rev 1132)
+++ active/CVE-2007-6694 2008-02-14 06:33:38 UTC (rev 1133)
@@ -14,8 +14,8 @@
Bugs:
upstream:
linux-2.6:
-2.6.18-etch-security:
-2.6.8-sarge-security:
+2.6.18-etch-security: pending (2.6.18.dfsg.1-18etch2) [bugfix/powerpc-chrp-null-deref.patch]
+2.6.8-sarge-security: pending (2.6.8-17sarge2) [powerpc-chrp-null-deref.dpatch]
2.4.27-sarge-security: needed "forwarded to Willy Tarreau on 2008.02.06"
2.6.15-dapper-security:
2.6.17-edgy-security:
Modified: active/CVE-2008-0007
===================================================================
--- active/CVE-2008-0007 2008-02-13 06:11:31 UTC (rev 1132)
+++ active/CVE-2008-0007 2008-02-14 06:33:38 UTC (rev 1133)
@@ -6,7 +6,7 @@
Bugs:
upstream: released (2.6.24.1)
linux-2.6: needed
-2.6.18-etch-security:
+2.6.18-etch-security: pending (2.6.18.dfsg.1-18etch2) [bugfix/mmap-VM_DONTEXPAND.patch]
2.6.24-etchnhalf-security: needed
2.6.8-sarge-security:
2.4.27-sarge-security:
More information about the kernel-sec-discuss
mailing list