[kernel-sec-discuss] r1135 - active

dannf at alioth.debian.org dannf at alioth.debian.org
Tue Feb 19 07:02:35 UTC 2008 

Author: dannf
Date: 2008-02-19 07:02:35 +0000 (Tue, 19 Feb 2008)
New Revision: 1135

Modified:
   active/CVE-2006-5753
   active/CVE-2007-2172
   active/CVE-2007-2242
   active/CVE-2007-2453
   active/CVE-2007-4308
   active/CVE-2007-5093
   active/CVE-2007-6694
   active/CVE-2008-0007
Log:
sarge status updates

Modified: active/CVE-2006-5753
===================================================================
--- active/CVE-2006-5753	2008-02-19 06:09:25 UTC (rev 1134)
+++ active/CVE-2006-5753	2008-02-19 07:02:35 UTC (rev 1135)
@@ -19,7 +19,7 @@
 linux-2.6: released (2.6.20-1)
 2.6.18-etch-security: released (2.6.18.dfsg.1-13) [bugfix/listxattr-mem-corruption.patch]
 2.6.8-sarge-security: released (2.6.8-16sarge7) [listxattr-mem-corruption.dpatch]
-2.4.27-sarge-security: needed "pending upstream 2.4 acceptance"
+2.4.27-sarge-security: pending (2.4.27-10sarge6) [261_listxattr-mem-corruption.diff]
 2.6.12-breezy-security: released (2.6.12-10.43)
 2.6.15-dapper-security: released (2.6.15-28.51)
 2.6.17-edgy-security: released (2.6.17.1-11.35)

Modified: active/CVE-2007-2172
===================================================================
--- active/CVE-2007-2172	2008-02-19 06:09:25 UTC (rev 1134)
+++ active/CVE-2007-2172	2008-02-19 07:02:35 UTC (rev 1135)
@@ -20,7 +20,7 @@
 linux-2.6: released (2.6.21-1)
 2.6.18-etch-security: released (2.6.18.dfsg.1-13etch2) [bugfix/dn_fib-out-of-bounds.patch, bugfix/ipv4-fib_props-out-of-bounds.patch]
 2.6.8-sarge-security: pending (2.6.8-17sarge1) [dn_fib-out-of-bounds.dpatch, ipv4-fib_props-out-of-bounds.dpatch]
-2.4.27-sarge-security: needed (2.4.27-10sarge6) [246_dn_fib-out-of-bounds.diff] "linux-2.4 changeset 230c62b9e7000cfb407a079a21ad0f077f164b21"
+2.4.27-sarge-security: pending (2.4.27-10sarge6) [246_dn_fib-out-of-bounds.diff, 266_ipv4-fib_props-out-of-bounds.diff]
 2.6.15-dapper-security: released (2.6.15-28.54)
 2.6.17-edgy-security: released (2.6.17.1-11.38)
 2.6.20-feisty-security: released (2.6.20-16.28)

Modified: active/CVE-2007-2242
===================================================================
--- active/CVE-2007-2242	2008-02-19 06:09:25 UTC (rev 1134)
+++ active/CVE-2007-2242	2008-02-19 07:02:35 UTC (rev 1135)
@@ -21,12 +21,13 @@
  <vlad> dannf: although for the purposes of 2.6.18, the second one might be a no-op and the first one might need to be modified a bit.
  jmm> Contacted Willy
  dannf> functions are different, but 2.4 code looks similar
+ dannf> My 2.4 backport attempt causes a crash at boot time, ignoring for now
 Bugs: 421595
 upstream: released (2.6.21)
 linux-2.6: released (2.6.21-1)
 2.6.18-etch-security: released (2.6.18.dfsg.1-13etch1) [bugfix/ipv6-disallow-RH0-by-default.patch]
 2.6.8-sarge-security: needed
-2.4.27-sarge-security: needed
+2.4.27-sarge-security: ignored (2.4.27-10sarge6) "needs port"
 2.6.15-dapper-security: released (2.6.15-29.58)
 2.6.17-edgy-security: released (2.6.17.1-11.39) [fee89820efa8e3479b39149dcfb2b1bccdaadedc]
 2.6.20-feisty-security: released (2.6.20-16.28)

Modified: active/CVE-2007-2453
===================================================================
--- active/CVE-2007-2453	2008-02-19 06:09:25 UTC (rev 1134)
+++ active/CVE-2007-2453	2008-02-19 07:02:35 UTC (rev 1135)
@@ -20,7 +20,7 @@
 upstream: released (2.6.21.4)
 linux-2.6: released (2.6.21-5)
 2.6.18-etch-security: released (2.6.18.dfsg.1-13etch1) [bugfix/random-fix-seeding-with-zero-entropy.patch, bugfix/random-fix-error-in-entropy-extraction.patch]
-2.6.8-sarge-security: N/A "2.6.8 uses HASH_TRANSFORM, so I think its N/A"
+2.6.8-sarge-security: pending (2.6.8-17sarge1) [random-fix-seeding-with-zero-entropy.dpatch] "2.6.8 uses HASH_TRANSFORM, so I think its N/A for the hasning issue, but still needs the zero-entropy fix"
 2.4.27-sarge-security: N/A "Matt Mackall says these don't affect 2.4 (though 2.4 has a number of other issues)"
 2.6.15-dapper-security: released (2.6.15-28.57)
 2.6.17-edgy-security: released (2.6.17.1-11.39)

Modified: active/CVE-2007-4308
===================================================================
--- active/CVE-2007-4308	2008-02-19 06:09:25 UTC (rev 1134)
+++ active/CVE-2007-4308	2008-02-19 07:02:35 UTC (rev 1135)
@@ -19,7 +19,7 @@
 linux-2.6: released (2.6.22-4)
 2.6.18-etch-security: released (2.6.18.dfsg.1-13etch2) [bugfix/aacraid-ioctl-perm-check.patch]
 2.6.8-sarge-security: pending (2.6.8-17sarge1) [aacraid-ioctl-perm-check.dpatch]
-2.4.27-sarge-security: needed "backport sent to upstream 2008.02.03"
+2.4.27-sarge-security: pending (2.4.27-10sarge6) [262_aacraid-ioctl-perm-check.diff]
 2.6.15-dapper-security: released (2.6.15-29.58)
 2.6.17-edgy-security: released (2.6.17.1-12.40)
 2.6.20-feisty-security: released (2.6.20-16.31)

Modified: active/CVE-2007-5093
===================================================================
--- active/CVE-2007-5093	2008-02-19 06:09:25 UTC (rev 1134)
+++ active/CVE-2007-5093	2008-02-19 07:02:35 UTC (rev 1135)
@@ -28,7 +28,7 @@
 linux-2.6: released (2.6.23-1)
 2.6.18-etch-security: released (2.6.18.dfsg.1-13etch4) [bugfix/usb-pwc-disconnect-block.patch]
 2.6.8-sarge-security: pending (2.6.8-17sarge1) [usb-pwc-disconnect-block.dpatch]
-2.4.27-sarge-security: needed (2.4.17-10sarge6) [258_usb-pwc-disconnect-block.diff] "backport sent to upstream (Willy Tarreau) on 2008.02.06"
+2.4.27-sarge-security: pending (2.4.17-10sarge6) [263_usb-pwc-disconnect-block.diff]
 2.6.15-dapper-security: pending (2.6.15-29.61)
 2.6.17-edgy-security: released (2.6.17.1-12.42)
 2.6.20-feisty-security: released (2.6.20-16.33)

Modified: active/CVE-2007-6694
===================================================================
--- active/CVE-2007-6694	2008-02-19 06:09:25 UTC (rev 1134)
+++ active/CVE-2007-6694	2008-02-19 07:02:35 UTC (rev 1135)
@@ -16,7 +16,7 @@
 linux-2.6: 
 2.6.18-etch-security: pending (2.6.18.dfsg.1-18etch2) [bugfix/powerpc-chrp-null-deref.patch]
 2.6.8-sarge-security: pending (2.6.8-17sarge2) [powerpc-chrp-null-deref.dpatch]
-2.4.27-sarge-security: needed "forwarded to Willy Tarreau on 2008.02.06"
+2.4.27-sarge-security: pending (2.4.27-10sarge6) [265_powerpc-chrp-null-deref.diff]
 2.6.15-dapper-security: 
 2.6.17-edgy-security: 
 2.6.20-feisty-security: 

Modified: active/CVE-2008-0007
===================================================================
--- active/CVE-2008-0007	2008-02-19 06:09:25 UTC (rev 1134)
+++ active/CVE-2008-0007	2008-02-19 07:02:35 UTC (rev 1135)
@@ -9,7 +9,7 @@
 2.6.18-etch-security: pending (2.6.18.dfsg.1-18etch2) [bugfix/mmap-VM_DONTEXPAND.patch]
 2.6.24-etchnhalf-security: needed
 2.6.8-sarge-security: 
-2.4.27-sarge-security: 
+2.4.27-sarge-security: pending (2.4.27-10sarge6) [264_mmap-VM_DONTEXPAND.diff]
 2.6.15-dapper-security: 
 2.6.17-edgy-security: 
 2.6.20-feisty-security:

More information about the kernel-sec-discuss mailing list