[kernel-sec-discuss] r1414 - active
Michael Gilbert
gilbert-guest at alioth.debian.org
Mon Jul 6 02:54:55 UTC 2009
Author: gilbert-guest
Date: 2009-07-06 02:54:54 +0000 (Mon, 06 Jul 2009)
New Revision: 1414
Modified:
active/CVE-2007-6514
active/CVE-2009-0835
active/CVE-2009-1242
active/CVE-2009-1338
active/CVE-2009-1630
Log:
issue triage
Modified: active/CVE-2007-6514
===================================================================
--- active/CVE-2007-6514 2009-07-06 02:44:51 UTC (rev 1413)
+++ active/CVE-2007-6514 2009-07-06 02:54:54 UTC (rev 1414)
@@ -4,6 +4,12 @@
Ubuntu-Description:
Notes:
jmm> Needs fixing in smbfs rather than in Apache
+ the attack vector for this one is so obscure: the worst that can
+ happen is disclosure of scripts hosted on an apache server serving
+ those scripts, and only if those scripts are on a windows share. i'd
+ almost be inclined to say no-dsa for this one (or issue a dsa that
+ says don't host your apache scripts on a windows share). it's hardly
+ worth worrying about.
Bugs:
upstream:
linux-2.6:
Modified: active/CVE-2009-0835
===================================================================
--- active/CVE-2009-0835 2009-07-06 02:44:51 UTC (rev 1413)
+++ active/CVE-2009-0835 2009-07-06 02:54:54 UTC (rev 1414)
@@ -23,8 +23,8 @@
jmm> Dann, what do you think?
dannf> agreed
Bugs:
-upstream:
-linux-2.6: needed
+upstream: released (2.6.28.8, 2.6.29) [1ab4bad21786384ff68dc6576d021acd4e42d8ce, 5b1017404aea6d2e552e991b3fd814d839e9cd67]
+linux-2.6: (2.6.29-1)
2.6.18-etch-security: N/A
2.6.24-etch-security: N/A
2.6.26-lenny-security: released (2.6.26-15lenny1) [bugfix/all/seccomp-fix-32+64-syscall-hole.patch]
Modified: active/CVE-2009-1242
===================================================================
--- active/CVE-2009-1242 2009-07-06 02:44:51 UTC (rev 1413)
+++ active/CVE-2009-1242 2009-07-06 02:54:54 UTC (rev 1414)
@@ -17,7 +17,7 @@
Ubuntu-Description:
Notes:
Bugs:
-upstream: released (2.6.29.1)
+upstream: released (2.6.29.1) [16175a796d061833aacfbd9672235f2d2725df65]
linux-2.6: released (2.6.29-2)
2.6.18-etch-security: N/A "no KVM"
2.6.24-etch-security: released (2.6.24-6~etchnhalf.8etch1) [bugfix/kvm-vmx-inhibit-EFER-access.patch]
Modified: active/CVE-2009-1338
===================================================================
--- active/CVE-2009-1338 2009-07-06 02:44:51 UTC (rev 1413)
+++ active/CVE-2009-1338 2009-07-06 02:54:54 UTC (rev 1414)
@@ -7,7 +7,7 @@
Ubuntu-Description:
Notes:
Bugs:
-upstream: released (2.6.28-rc3)
+upstream: released (2.6.28-rc3) [d25141a818383b3c3b09f065698c544a7a0ec6e7]
linux-2.6: released (2.6.29-1)
2.6.18-etch-security: N/A
2.6.24-etch-security: released (2.6.24-6~etchnhalf.8etch1) [bugfix/all/limit_kill_sig_-1_to_callers_namespace.patch, bugfix/all/pid-extend+fix-pid_vnr.patch]
Modified: active/CVE-2009-1630
===================================================================
--- active/CVE-2009-1630 2009-07-06 02:44:51 UTC (rev 1413)
+++ active/CVE-2009-1630 2009-07-06 02:54:54 UTC (rev 1414)
@@ -11,8 +11,8 @@
Ubuntu-Description:
Notes:
Bugs:
-upstream: pending (2.6.30-rc7) [7ee2cb7f32b299c2b06a31fde155457203e4b7dd]
-linux-2.6:
+upstream: released (2.6.30~rc7) [7ee2cb7f32b299c2b06a31fde155457203e4b7dd]
+linux-2.6: released (2.6.30-1)
2.6.18-etch-security:
2.6.24-etch-security: pending (2.6.24-6~etchnhalf.8etch2) [bugfix/all/nfs-v4-client-fix-MAY_EXEC-handling.patch]
2.6.26-lenny-security: released (2.6.26-15lenny3) [bugfix/all/nfs-v4-client-fix-MAY_EXEC-handling.patch]
More information about the kernel-sec-discuss
mailing list