[kernel-sec-discuss] r1325 - active

Dann Frazier dannf at alioth.debian.org
Mon Apr 6 06:50:57 UTC 2009 

Author: dannf
Date: 2009-04-06 06:50:57 +0000 (Mon, 06 Apr 2009)
New Revision: 1325

Modified:
   active/CVE-2008-6107
   active/CVE-2009-0028
   active/CVE-2009-0029
   active/CVE-2009-0675
   active/CVE-2009-0676
   active/CVE-2009-0745
   active/CVE-2009-0746
   active/CVE-2009-0747
   active/CVE-2009-0748
   active/CVE-2009-0787
   active/CVE-2009-0834
   active/CVE-2009-0859
   active/CVE-2009-1046
   active/CVE-2009-1072
Log:
debian updates

Modified: active/CVE-2008-6107
===================================================================
--- active/CVE-2008-6107	2009-04-04 21:42:32 UTC (rev 1324)
+++ active/CVE-2008-6107	2009-04-06 06:50:57 UTC (rev 1325)
@@ -16,8 +16,8 @@
 Bugs:
 upstream: released (2.6.25.4, 2.6.26)
 linux-2.6: released (2.6.25-4)
-2.6.18-etch-security:
-2.6.24-etch-security:
+2.6.18-etch-security: released (2.6.18.dfsg.1-18etch5) [bugfix/sparc-fix-mremap-addr-range-validation.patch]
+2.6.24-etch-security: released (2.6.24-6~etchnhalf.3) [bugfix/sparc-fix-mremap-addr-range-validation.patch]
 2.6.26-lenny-security: N/A
 2.6.15-dapper-security:
 2.6.22-gutsy-security:

Modified: active/CVE-2009-0028
===================================================================
--- active/CVE-2009-0028	2009-04-04 21:42:32 UTC (rev 1324)
+++ active/CVE-2009-0028	2009-04-06 06:50:57 UTC (rev 1325)
@@ -16,7 +16,7 @@
 upstream: released (2.6.29-rc8)
 linux-2.6: released (2.6.29-1)
 2.6.18-etch-security: needed
-2.6.24-etch-security: needed
+2.6.24-etch-security: pending (2.6.24-6~etchnhalf.8etch1) [bugfix/all/copy_process-fix-CLONE_PARENT-and-parent_exec_id-interaction.patch]
 2.6.26-lenny-security: pending (2.6.26-15lenny1) [bugfix/all/copy_process-fix-CLONE_PARENT-and-parent_exec_id-interaction.patch]
 2.6.15-dapper-security:
 2.6.22-gutsy-security:

Modified: active/CVE-2009-0029
===================================================================
--- active/CVE-2009-0029	2009-04-04 21:42:32 UTC (rev 1324)
+++ active/CVE-2009-0029	2009-04-06 06:50:57 UTC (rev 1325)
@@ -7,7 +7,7 @@
 upstream: released (2.6.29) "needs regression fix d6c178e9694e7e0c7ffe0289cf4389a498cac735, which came after 2.6.29"
 linux-2.6: released (2.6.29-1) "d6c178e9694e7e0c7ffe0289cf4389a498cac735 is queued for 2.6.29-2"
 2.6.18-etch-security: needed
-2.6.24-etch-security: needed
+2.6.24-etch-security: pending (2.6.24-6~etchnhalf.8etch1) [bugfix/all/CVE-2009-0029/0001-Move-compat-system-call-declarations.patch, bugfix/all/CVE-2009-0029/0002-Convert-all-system-calls-to-return-a.patch, bugfix/all/CVE-2009-0029/0003-Rename-old_readdir-to-sys_old_readdi.patch, bugfix/all/CVE-2009-0029/0004pre1-ia64-kill-sys32_pipe.patch, bugfix/all/CVE-2009-0029/0004pre2-unify-sys_pipe.patch, bugfix/all/CVE-2009-0029/0004-Remove-__attribute__-weak-from-sy.patch, bugfix/all/CVE-2009-0029/0005-Make-sys_pselect7-static.patch, bugfix/all/CVE-2009-0029/0006-Make-sys_syslog-a-conditional-system.patch, bugfix/all/CVE-2009-0029/0007pre1-create-arch-kconfig.patch, bugfix/all/CVE-2009-0029/0007-System-call-wrapper-infrastructure.patch, bugfix/all/CVE-2009-0029/0008-powerpc-Enable-syscall-wrappers-for.patch, bugfix/all/CVE-2009-0029/0009-s390-enable-system-call-wrappers.patch, bugfix/all/CVE-2009-0029/0010-System-call-wrapper-special-cases.patch, bugfix/all/CVE-2009-0029/0011-System-call-wrappers-part-01.patch, bugfix/all/CVE-2009-0029/0012-System-call-wrappers-part-02.patch, bugfix/all/CVE-2009-0029/0013-System-call-wrappers-part-03.patch, bugfix/all/CVE-2009-0029/0014-System-call-wrappers-part-04.patch, bugfix/all/CVE-2009-0029/0015-System-call-wrappers-part-05.patch, bugfix/all/CVE-2009-0029/0016-System-call-wrappers-part-06.patch, bugfix/all/CVE-2009-0029/0017-System-call-wrappers-part-07.patch, bugfix/all/CVE-2009-0029/0018-System-call-wrappers-part-08.patch, bugfix/all/CVE-2009-0029/0019pre1-missing-include.patch, bugfix/all/CVE-2009-0029/0019-System-call-wrappers-part-09.patch, bugfix/all/CVE-2009-0029/0020-System-call-wrappers-part-10.patch, bugfix/all/CVE-2009-0029/0021-System-call-wrappers-part-11.patch, bugfix/all/CVE-2009-0029/0022-System-call-wrappers-part-12.patch, bugfix/all/CVE-2009-0029/0023-System-call-wrappers-part-13.patch, bugfix/all/CVE-2009-0029/0024-System-call-wrappers-part-14.patch, bugfix/all/CVE-2009-0029/0025-System-call-wrappers-part-15.patch, bugfix/all/CVE-2009-0029/0026-System-call-wrappers-part-16.patch, bugfix/all/CVE-2009-0029/0027-System-call-wrappers-part-17.patch, bugfix/all/CVE-2009-0029/0028-System-call-wrappers-part-18.patch, bugfix/all/CVE-2009-0029/0029-System-call-wrappers-part-19.patch, bugfix/all/CVE-2009-0029/0030-System-call-wrappers-part-20.patch, bugfix/all/CVE-2009-0029/0031-System-call-wrappers-part-21.patch, bugfix/all/CVE-2009-0029/0032-System-call-wrappers-part-22.patch, bugfix/all/CVE-2009-0029/0033-System-call-wrappers-part-23.patch, bugfix/all/CVE-2009-0029/0034-System-call-wrappers-part-24.patch, bugfix/all/CVE-2009-0029/0035-System-call-wrappers-part-25.patch, bugfix/all/CVE-2009-0029/0036-System-call-wrappers-part-26.patch, bugfix/all/CVE-2009-0029/0037pre1-missing-include.patch, bugfix/all/CVE-2009-0029/0037-System-call-wrappers-part-27.patch, bugfix/all/CVE-2009-0029/0038pre1-missing-include.patch, bugfix/all/CVE-2009-0029/0038-System-call-wrappers-part-28.patch, bugfix/all/CVE-2009-0029/0039-System-call-wrappers-part-29.patch, bugfix/all/CVE-2009-0029/0040-System-call-wrappers-part-30.patch, bugfix/all/CVE-2009-0029/0041pre1-missing-include.patch, bugfix/all/CVE-2009-0029/0041-System-call-wrappers-part-31.patch, bugfix/all/CVE-2009-0029/0042pre1-missing-include.patch, bugfix/all/CVE-2009-0029/0042-System-call-wrappers-part-32.patch, bugfix/all/CVE-2009-0029/0043pre1-missing-include.patch, bugfix/all/CVE-2009-0029/0043-System-call-wrappers-part-33.patch, bugfix/all/CVE-2009-0029/0044-s390-specific-system-call-wrappers.patch, bugfix/all/CVE-2009-0029/mips-rename-sys_pipe.patch, bugfix/all/CVE-2009-0029/alpha-use-syscall-wrappers.patch, bugfix/all/CVE-2009-0029/sparc64-use-syscall-wrappers.patch, bugfix/all/CVE-2009-0029/mips-enable-syscall-wrappers.patch, bugfix/all/CVE-2009-0029/mips-enable-syscall-wrappers-no-abi-change.patch, bugfix/all/CVE-2009-0029/sparc64-wrap-arch-specific-syscalls.patch, bugfix/all/CVE-2009-0029/fix-uml-compile.patch, bugfix/all/CVE-2009-0029/compat-zero-upper-32bits-of-offset_high-and-offset_low.patch]
 2.6.26-lenny-security: released (2.6.26-13lenny2) [bugfix/all/CVE-2009-0029/0001-Move-compat-system-call-declarations.patch, bugfix/all/CVE-2009-0029/0002-Convert-all-system-calls-to-return-a.patch, bugfix/all/CVE-2009-0029/0003-Rename-old_readdir-to-sys_old_readdi.patch, bugfix/all/CVE-2009-0029/0004pre1-ia64-kill-sys32_pipe.patch, bugfix/all/CVE-2009-0029/0004-Remove-__attribute__-weak-from-sy.patch, bugfix/all/CVE-2009-0029/0005-Make-sys_pselect7-static.patch, bugfix/all/CVE-2009-0029/0006-Make-sys_syslog-a-conditional-system.patch, bugfix/all/CVE-2009-0029/0007-System-call-wrapper-infrastructure.patch, bugfix/all/CVE-2009-0029/0008-powerpc-Enable-syscall-wrappers-for.patch, bugfix/all/CVE-2009-0029/0009-s390-enable-system-call-wrappers.patch, bugfix/all/CVE-2009-0029/0010-System-call-wrapper-special-cases.patch, bugfix/all/CVE-2009-0029/0011-System-call-wrappers-part-01.patch, bugfix/all/CVE-2009-0029/0012-System-call-wrappers-part-02.patch, bugfix/all/CVE-2009-0029/0013-System-call-wrappers-part-03.patch, bugfix/all/CVE-2009-0029/0014-System-call-wrappers-part-04.patch, bugfix/all/CVE-2009-0029/0015-System-call-wrappers-part-05.patch, bugfix/all/CVE-2009-0029/0016-System-call-wrappers-part-06.patch, bugfix/all/CVE-2009-0029/0017-System-call-wrappers-part-07.patch, bugfix/all/CVE-2009-0029/0018-System-call-wrappers-part-08.patch, bugfix/all/CVE-2009-0029/0019-System-call-wrappers-part-09.patch, bugfix/all/CVE-2009-0029/0020-System-call-wrappers-part-10.patch, bugfix/all/CVE-2009-0029/0021-System-call-wrappers-part-11.patch, bugfix/all/CVE-2009-0029/0022-System-call-wrappers-part-12.patch, bugfix/all/CVE-2009-0029/0023-System-call-wrappers-part-13.patch, bugfix/all/CVE-2009-0029/0024-System-call-wrappers-part-14.patch, bugfix/all/CVE-2009-0029/0025-System-call-wrappers-part-15.patch, bugfix/all/CVE-2009-0029/0026-System-call-wrappers-part-16.patch, bugfix/all/CVE-2009-0029/0027-System-call-wrappers-part-17.patch, bugfix/all/CVE-2009-0029/0028-System-call-wrappers-part-18.patch, bugfix/all/CVE-2009-0029/0029-System-call-wrappers-part-19.patch, bugfix/all/CVE-2009-0029/0030-System-call-wrappers-part-20.patch, bugfix/all/CVE-2009-0029/0031-System-call-wrappers-part-21.patch, bugfix/all/CVE-2009-0029/0032-System-call-wrappers-part-22.patch, bugfix/all/CVE-2009-0029/0033-System-call-wrappers-part-23.patch, bugfix/all/CVE-2009-0029/0034-System-call-wrappers-part-24.patch, bugfix/all/CVE-2009-0029/0035-System-call-wrappers-part-25.patch, bugfix/all/CVE-2009-0029/0036-System-call-wrappers-part-26.patch, bugfix/all/CVE-2009-0029/0037-System-call-wrappers-part-27.patch, bugfix/all/CVE-2009-0029/0038pre1-missing-include.patch, bugfix/all/CVE-2009-0029/0038-System-call-wrappers-part-28.patch, bugfix/all/CVE-2009-0029/0039-System-call-wrappers-part-29.patch, bugfix/all/CVE-2009-0029/0040-System-call-wrappers-part-30.patch, bugfix/all/CVE-2009-0029/0041-System-call-wrappers-part-31.patch, bugfix/all/CVE-2009-0029/0042-System-call-wrappers-part-32.patch, bugfix/all/CVE-2009-0029/0043-System-call-wrappers-part-33.patch, bugfix/all/CVE-2009-0029/0044-s390-specific-system-call-wrappers.patch, bugfix/all/CVE-2009-0029/mips-rename-sys_pipe.patch, bugfix/all/CVE-2009-0029/mips-enable-syscall-wrappers.patch, bugfix/all/CVE-2009-0029/sparc64-use-syscall-wrappers.patch, bugfix/all/CVE-2009-0029/sparc64-wrap-arch-specific-syscalls.patch, bugfix/all/CVE-2009-0029/alpha-use-syscall-wrappers.patch, bugfix/all/CVE-2009-0029/mips-enable-syscall-wrappers-no-abi-change.patch, bugfix/all/CVE-2009-0029/fix-uml-compile.patch bugfix/mips/fix-llseek-sign-extend-issue.patch]
 2.6.15-dapper-security:
 2.6.22-gutsy-security:

Modified: active/CVE-2009-0675
===================================================================
--- active/CVE-2009-0675	2009-04-04 21:42:32 UTC (rev 1324)
+++ active/CVE-2009-0675	2009-04-06 06:50:57 UTC (rev 1325)
@@ -21,7 +21,7 @@
 upstream: released (2.6.28.6, 2.6.29-rc4)
 linux-2.6: released (2.6.29-1)
 2.6.18-etch-security:
-2.6.24-etch-security:
+2.6.24-etch-security: pending (2.6.24-6~etchnhalf.8etch1) [bugfix/all/skfp-fix-inverted-cap-logic.patch]
 2.6.26-lenny-security: released (2.6.26-13lenny2) [bugfix/all/skfp-fix-inverted-cap-logic.patch]
 2.6.15-dapper-security:
 2.6.22-gutsy-security:

Modified: active/CVE-2009-0676
===================================================================
--- active/CVE-2009-0676	2009-04-04 21:42:32 UTC (rev 1324)
+++ active/CVE-2009-0676	2009-04-06 06:50:57 UTC (rev 1325)
@@ -19,7 +19,7 @@
 upstream: released (2.6.28.6, 2.6.29-rc5)
 linux-2.6: released (2.6.29-1)
 2.6.18-etch-security:
-2.6.24-etch-security:
+2.6.24-etch-security: pending (2.6.24-6~etchnhalf.8etch1) [bugfix/all/net-SO_BSDCOMPAT-leak.patch, bugfix/all/net-SO_BSDCOMPAT-leak-2.patch]
 2.6.26-lenny-security: released (2.6.26-13lenny1) [bugfix/all/net-SO_BSDCOMPAT-leak.patch, bugfix/all/net-SO_BSDCOMPAT-leak-2.patch]
 2.6.15-dapper-security:
 2.6.22-gutsy-security:

Modified: active/CVE-2009-0745
===================================================================
--- active/CVE-2009-0745	2009-04-04 21:42:32 UTC (rev 1324)
+++ active/CVE-2009-0745	2009-04-06 06:50:57 UTC (rev 1325)
@@ -23,7 +23,7 @@
 upstream: released (2.6.28.7, 2.6.29-rc4)
 linux-2.6: released (2.6.29-1)
 2.6.18-etch-security: N/A "code not present"
-2.6.24-etch-security:
+2.6.24-etch-security: pending (2.6.24-6~etchnhalf.8etch1) [bugfix/all/ext4-initialize-the-new-group-descriptor-when-resizing-the-filesystem.patch]
 2.6.26-lenny-security: released (2.6.26-13lenny2) [bugfix/all/ext4-initialize-the-new-group-descriptor-when-resizing-the-filesystem.patch]
 2.6.15-dapper-security:
 2.6.22-gutsy-security:

Modified: active/CVE-2009-0746
===================================================================
--- active/CVE-2009-0746	2009-04-04 21:42:32 UTC (rev 1324)
+++ active/CVE-2009-0746	2009-04-06 06:50:57 UTC (rev 1325)
@@ -19,7 +19,7 @@
 upstream: released (2.6.28.7, 2.6.29-rc4)
 linux-2.6: released (2.6.28-1) [bugfix/all/stable/2.6.28.7.patch]
 2.6.18-etch-security: N/A
-2.6.24-etch-security:
+2.6.24-etch-security: pending (2.6.24~6etchnhalf.8etch1) [bugfix/all/ext4-add-sanity-check-to-make_indexed_dir.patch]
 2.6.26-lenny-security: released (2.6.26-13lenny2) [bugfix/all/ext4-add-sanity-check-to-make_indexed_dir.patch]
 2.6.15-dapper-security:
 2.6.22-gutsy-security:

Modified: active/CVE-2009-0747
===================================================================
--- active/CVE-2009-0747	2009-04-04 21:42:32 UTC (rev 1324)
+++ active/CVE-2009-0747	2009-04-06 06:50:57 UTC (rev 1325)
@@ -21,7 +21,7 @@
 upstream: released (2.6.28.7, 2.6.29-rc4)
 linux-2.6: pending (2.6.28-2) [bugfix/all/stable/2.6.28.7.patch]
 2.6.18-etch-security: N/A
-2.6.24-etch-security:
+2.6.24-etch-security: N/A "code not present"
 2.6.26-lenny-security: released (2.6.26-13lenny2) [bugfix/all/ext4-only-use-i_size_high-for-regular-files.patch]
 2.6.15-dapper-security:
 2.6.22-gutsy-security:

Modified: active/CVE-2009-0748
===================================================================
--- active/CVE-2009-0748	2009-04-04 21:42:32 UTC (rev 1324)
+++ active/CVE-2009-0748	2009-04-06 06:50:57 UTC (rev 1325)
@@ -16,7 +16,7 @@
 upstream: released (2.6.28.7, 2.6.29-rc1))
 linux-2.6: released (2.6.29-1)
 2.6.18-etch-security: N/A
-2.6.24-etch-security:
+2.6.24-etch-security: ignored "code has changed - likely vulnerable, but not important enough to port"
 2.6.26-lenny-security: released (2.6.26-13lenny2) [bugfix/all/ext4-add-sanity-checks-for-the-superblock-before-mounting.patch]
 2.6.15-dapper-security:
 2.6.22-gutsy-security:

Modified: active/CVE-2009-0787
===================================================================
--- active/CVE-2009-0787	2009-04-04 21:42:32 UTC (rev 1324)
+++ active/CVE-2009-0787	2009-04-06 06:50:57 UTC (rev 1325)
@@ -10,12 +10,13 @@
  http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.9
 Ubuntu-Description:
 Notes:
+ dannf> Supposedly only affects 2.6.28
 Bugs:
 upstream: released (2.6.28.9, 2.6.29)
 linux-2.6: released (2.6.29-1)
-2.6.18-etch-security:
-2.6.24-etch-security:
-2.6.26-lenny-security: pending (2.6.26-15lenny1) [bugfix/all/ecryptfs-allocate-a-variable-number-of-pages-for-file-headers.patch, bugfix/all/ecryptfs-fix-mem-corruption-when-storing-crypto-info-in-xattrs.patch]
+2.6.18-etch-security: N/A
+2.6.24-etch-security: N/A
+2.6.26-lenny-security: N/A
 2.6.15-dapper-security:
 2.6.22-gutsy-security:
 2.6.24-hardy-security:

Modified: active/CVE-2009-0834
===================================================================
--- active/CVE-2009-0834	2009-04-04 21:42:32 UTC (rev 1324)
+++ active/CVE-2009-0834	2009-04-06 06:50:57 UTC (rev 1325)
@@ -18,7 +18,7 @@
 upstream: released (2.6.27.20, 2.6.28.8, 2.6.29-rc7)
 linux-2.6: released (2.6.29-1)
 2.6.18-etch-security:
-2.6.24-etch-security:
+2.6.24-etch-security: pending (2.6.24-6~etchnhalf.8etch1) [bugfix/syscall-audit-fix-32+64-syscall-hole.patch]
 2.6.26-lenny-security: pending (2.6.26-15lenny1) [bugfix/x86/syscall-audit-fix-32+64-syscall-hole.patch]
 2.6.15-dapper-security:
 2.6.22-gutsy-security:

Modified: active/CVE-2009-0859
===================================================================
--- active/CVE-2009-0859	2009-04-04 21:42:32 UTC (rev 1324)
+++ active/CVE-2009-0859	2009-04-06 06:50:57 UTC (rev 1325)
@@ -23,7 +23,7 @@
 upstream: released (2.6.29-rc4)
 linux-2.6: released (2.6.29-1)
 2.6.18-etch-security:
-2.6.24-etch-security:
+2.6.24-etch-security: pending (2.6.24-6~etchnhalf.8etch1) [bugfix/all/shm-fix-shmctl(SHM_INFO)-lockup-without-CONFIG_SHMEM.patch]
 2.6.26-lenny-security: pending (2.6.26-15lenny1) [bugfix/all/shm-fix-shmctl(SHM_INFO)-lockup-without-CONFIG_SHMEM.patch]
 2.6.15-dapper-security:
 2.6.22-gutsy-security:

Modified: active/CVE-2009-1046
===================================================================
--- active/CVE-2009-1046	2009-04-04 21:42:32 UTC (rev 1324)
+++ active/CVE-2009-1046	2009-04-06 06:50:57 UTC (rev 1325)
@@ -20,7 +20,7 @@
 upstream: released (2.6.28.4, 2.5.29-rc4)
 linux-2.6: released (2.6.29-1)
 2.6.18-etch-security:
-2.6.24-etch-security:
+2.6.24-etch-security: pending (2.6.24-6~etchnhalf.8etch1) [bugfix/all/fix-off-by-2-error-in-console-selection.patch]
 2.6.26-lenny-security: pending (2.6.26-15lenny1) [bugfix/all/fix-off-by-2-error-in-console-selection.patch]
 2.6.15-dapper-security:
 2.6.22-gutsy-security:

Modified: active/CVE-2009-1072
===================================================================
--- active/CVE-2009-1072	2009-04-04 21:42:32 UTC (rev 1324)
+++ active/CVE-2009-1072	2009-04-06 06:50:57 UTC (rev 1325)
@@ -12,11 +12,11 @@
 Ubuntu-Description:
 Notes:
 Bugs:
-upstream: released (2.6.28.9)
+upstream: released (2.6.28.9, 2.6.29)
 linux-2.6: released (2.6.29-1)
-2.6.18-etch-security:
-2.6.24-etch-security:
-2.6.26-lenny-security:
+2.6.18-etch-security: 
+2.6.24-etch-security: "http://www.openwall.com/lists/oss-security/2009/03/25/2 suggests this doesn't effect 2.6.24 or earlier - but it looks like the code may have just moved from fs/nfsd/auth.c?"
+2.6.26-lenny-security: pending (2.6.26-15lenny1) [bugfix/all/nfsd-drop-CAP_MKNOD-for-non-root.patch]
 2.6.15-dapper-security:
 2.6.22-gutsy-security:
 2.6.24-hardy-security:

More information about the kernel-sec-discuss mailing list