[kernel-sec-discuss] r1652 - active retired
Michael Gilbert
gilbert-guest at alioth.debian.org
Tue Dec 15 03:59:30 UTC 2009
Author: gilbert-guest
Date: 2009-12-15 03:59:30 +0000 (Tue, 15 Dec 2009)
New Revision: 1652
Added:
retired/CVE-2009-4004
Removed:
active/CVE-2009-4004
Modified:
active/CVE-2009-3080
active/CVE-2009-3620
active/CVE-2009-4005
active/CVE-2009-4021
active/CVE-2009-4031
active/CVE-2009-4131
Log:
2.6.32-1 has been released; and some issues were fixed in the latest stable upstream releases
Modified: active/CVE-2009-3080
===================================================================
--- active/CVE-2009-3080 2009-12-15 03:26:27 UTC (rev 1651)
+++ active/CVE-2009-3080 2009-12-15 03:59:30 UTC (rev 1652)
@@ -6,8 +6,8 @@
Notes:
Bugs:
upstream: released (2.6.32-rc8) [690e7448]
-2.6.31-upstream-stable:
-linux-2.6:
-2.6.18-etch-security:
-2.6.24-etch-security:
+2.6.31-upstream-stable: released (2.6.31.7) [17438898]
+linux-2.6: released (2.6.32-1)
+2.6.18-etch-security: needed
+2.6.24-etch-security: needed
2.6.26-lenny-security: pending (2.6.26-21) [bugfix/all/gdth-prevent-negative-offsets-in-ioctl.patch]
Modified: active/CVE-2009-3620
===================================================================
--- active/CVE-2009-3620 2009-12-15 03:26:27 UTC (rev 1651)
+++ active/CVE-2009-3620 2009-12-15 03:59:30 UTC (rev 1652)
@@ -8,7 +8,7 @@
Notes:
Bugs:
upstream: released (2.6.32-rc1) [7dc482dfeeeefcfd000d4271c4626937406756d7]
-linux-2.6: needed
-2.6.18-etch-security:
+linux-2.6: released (2.6.32-1)
+2.6.18-etch-security: needed
2.6.24-etch-security: released (2.6.24-6~etchnhalf.9etch1) [bugfix/all/drm+r128-Add-test-for-init-to-all-reqd-ioctls.patch]
2.6.26-lenny-security: released (2.6.26-19lenny2) [bugfix/all/drm+r128-Add-test-for-init-to-all-reqd-ioctls.patch]
Deleted: active/CVE-2009-4004
===================================================================
--- active/CVE-2009-4004 2009-12-15 03:26:27 UTC (rev 1651)
+++ active/CVE-2009-4004 2009-12-15 03:59:30 UTC (rev 1652)
@@ -1,15 +0,0 @@
-Candidate: CVE-2009-4004
-Description:
- kernel memory corruption in kvm_vcpu_ioctl_x86_setup_mce
-References:
- http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4004
- http://www.securityfocus.com/bid/37035/info
- http://xorl.wordpress.com/2009/11/17/linux-kernel-kvm-memory-corruption-on-mce-setup/
-Notes:
-Bugs:
-upstream: released (2.6.32-rc7) [a9e38c3e]
-2.6.31-upstream-stable:
-linux-2.6:
-2.6.18-etch-security: N/A "kvm introduced in 2.6.25"
-2.6.24-etch-security: N/A "kvm introduced in 2.6.25"
-2.6.26-lenny-security: N/A "code not present"
Modified: active/CVE-2009-4005
===================================================================
--- active/CVE-2009-4005 2009-12-15 03:26:27 UTC (rev 1651)
+++ active/CVE-2009-4005 2009-12-15 03:59:30 UTC (rev 1652)
@@ -7,8 +7,8 @@
Bugs:
upstream: released (2.6.32-rc7) [286e633e]
2.6.31-upstream-stable:
-linux-2.6: released (2.6.32~rc8-1~experimental.1)
-2.6.18-etch-security:
-2.6.24-etch-security:
+linux-2.6: released (2.6.32-1)
+2.6.18-etch-security: needed
+2.6.24-etch-security: needed
2.6.26-lenny-security: pending (2.6.26-21) [bugfix/all/isdn-hfc_usb-fix-read-buffer-overflow.patch]
-2.6.32-squeeze-security: N/A
+2.6.32-squeeze-security: released (2.6.32-1)
Modified: active/CVE-2009-4021
===================================================================
--- active/CVE-2009-4021 2009-12-15 03:26:27 UTC (rev 1651)
+++ active/CVE-2009-4021 2009-12-15 03:59:30 UTC (rev 1652)
@@ -8,8 +8,8 @@
Bugs:
upstream: released (2.6.32-rc7) [f60311d5]
2.6.31-upstream-stable:
-linux-2.6: released (2.6.32~rc8-1~experimental.1)
+linux-2.6: released (2.6.32-1)
2.6.18-etch-security: needed
2.6.24-etch-security: needed
2.6.26-lenny-security: pending (2.6.26-21) [bugfix/all/fuse-prevent-fuse_put_request-on-invalid-pointer.patch]
-2.6.32-squeeze-security: N/A
+2.6.32-squeeze-security: released (2.6.32-1)
Modified: active/CVE-2009-4031
===================================================================
--- active/CVE-2009-4031 2009-12-15 03:26:27 UTC (rev 1651)
+++ active/CVE-2009-4031 2009-12-15 03:59:30 UTC (rev 1652)
@@ -6,7 +6,7 @@
https://bugzilla.redhat.com/show_bug.cgi?id=541160
Notes:
Bugs:
-upstream:
+upstream: pending (2.6.33-rc1) [eb3c79e64]
2.6.31-upstream-stable:
linux-2.6: needed
2.6.18-etch-security: N/A "kvm introduced in 2.6.25"
Modified: active/CVE-2009-4131
===================================================================
--- active/CVE-2009-4131 2009-12-15 03:26:27 UTC (rev 1651)
+++ active/CVE-2009-4131 2009-12-15 03:59:30 UTC (rev 1652)
@@ -6,10 +6,11 @@
https://bugzilla.redhat.com/show_bug.cgi?id=544471
Notes:
Bugs:
-upstream:
-2.6.31-upstream-stable:
-linux-2.6:
+upstream: pending (2.6.33-rc1) [4a58579b9e]
+2.6.31-upstream-stable: released (2.6.31.8) [51a88ff8]
+2.6.32-upstream-stable: released (2.6.32.1) [0fd023ec]
+linux-2.6: needed
2.6.18-etch-security: N/A "introduced in 2.6.31 commit 748de673"
2.6.24-etch-security: N/A "introduced in 2.6.31 commit 748de673"
2.6.26-lenny-security: N/A "introduced in 2.6.31 commit 748de673"
-2.6.32-squeeze-security:
+2.6.32-squeeze-security: needed
Copied: retired/CVE-2009-4004 (from rev 1651, active/CVE-2009-4004)
===================================================================
--- retired/CVE-2009-4004 (rev 0)
+++ retired/CVE-2009-4004 2009-12-15 03:59:30 UTC (rev 1652)
@@ -0,0 +1,15 @@
+Candidate: CVE-2009-4004
+Description:
+ kernel memory corruption in kvm_vcpu_ioctl_x86_setup_mce
+References:
+ http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4004
+ http://www.securityfocus.com/bid/37035/info
+ http://xorl.wordpress.com/2009/11/17/linux-kernel-kvm-memory-corruption-on-mce-setup/
+Notes:
+Bugs:
+upstream: released (2.6.32-rc7) [a9e38c3e]
+2.6.31-upstream-stable:
+linux-2.6: released (2.6.32-1)
+2.6.18-etch-security: N/A "kvm introduced in 2.6.25"
+2.6.24-etch-security: N/A "kvm introduced in 2.6.25"
+2.6.26-lenny-security: N/A "code not present"
More information about the kernel-sec-discuss
mailing list