[kernel-sec-discuss] r1627 - retired
Michael Gilbert
gilbert-guest at alioth.debian.org
Thu Dec 3 03:15:54 UTC 2009
Author: gilbert-guest
Date: 2009-12-03 03:15:54 +0000 (Thu, 03 Dec 2009)
New Revision: 1627
Modified:
retired/CVE-2004-1191
retired/CVE-2009-3888
Log:
- i was able to track down the patches for CVE-2004-1191
- remark CVE-2009-3888 as unimportant
Modified: retired/CVE-2004-1191
===================================================================
--- retired/CVE-2004-1191 2009-12-02 21:14:39 UTC (rev 1626)
+++ retired/CVE-2004-1191 2009-12-03 03:15:54 UTC (rev 1627)
@@ -6,16 +6,14 @@
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1191
http://www.novell.com/linux/security/advisories/2004_42_kernel.html
- http://xforce.iss.net/xforce/xfdb/18137
+ http://linux.bkbits.net:8080/linux-2.6/?PAGE=cset&REV=416e0015fxUJlgXuh_QC32U-2R9eKw
Notes:
- the secure-testing tracker indicates that this was fixed appropriately in all of the
- linux-2.4 kernels released at the time; however, it also says that linux-2.6 needs
- to be checked, which was never done.
- - retiring based on the assumption that it was fixed in sarge's 2.6.8, and that
- hopefully during that timeframe patches were pushed upstream
-Bugs:
-upstream: ignored "unable to find info about defect"
-linux-2.6: ignored "unable to find info about defect"
-2.6.18-etch-security: ignored "unable to find info about defect"
-2.6.24-etch-security: ignored "unable to find info about defect"
-2.6.26-lenny-security: ignored "unable to find info about defect"
+ - i've found the original bug report and bitkeeper patch (see above link)
+ - i have checked that the bitkeeper patch is indeed present in etch's 2.6.18
+ - as of 2.6.26, pgtable.h has been completely rewritten, so it is not affected
+Bugs: 300163
+upstream: released (sometime before 2.6.18)
+linux-2.6: N/A "pgtable.h completely rewritten"
+2.6.18-etch-security: N/A "fixed before 2.6.18"
+2.6.24-etch-security: N/A "fixed before 2.6.18"
+2.6.26-lenny-security: N/A "pgtable.h completely rewritten"
Modified: retired/CVE-2009-3888
===================================================================
--- retired/CVE-2009-3888 2009-12-02 21:14:39 UTC (rev 1626)
+++ retired/CVE-2009-3888 2009-12-03 03:15:54 UTC (rev 1627)
@@ -20,6 +20,6 @@
upstream: released (2.6.32-rc6) [89a8640279f8bb78aaf778d1fc5c4a6778f18064]
2.6.31-upstream-stable: released (2.6.31.6)
linux-2.6: released (2.6.31-2) [bugfix/all/stable/2.6.31.6.patch]
-2.6.18-etch-security: ignored "needs port, only affects system w/o an mmu"
-2.6.24-etch-security: ignored "needs port, only affects system w/o an mmu"
-2.6.26-lenny-security: ignored "needs port, only affects system w/o an mmu"
+2.6.18-etch-security: ignored "unimportant; only affects system w/o an mmu"
+2.6.24-etch-security: ignored "unimportant; only affects system w/o an mmu"
+2.6.26-lenny-security: ignored "unimportant; only affects system w/o an mmu"
More information about the kernel-sec-discuss
mailing list