[kernel-sec-discuss] r1414 - active

Michael Gilbert gilbert-guest at alioth.debian.org
Mon Jul 6 02:54:55 UTC 2009 

Author: gilbert-guest
Date: 2009-07-06 02:54:54 +0000 (Mon, 06 Jul 2009)
New Revision: 1414

Modified:
   active/CVE-2007-6514
   active/CVE-2009-0835
   active/CVE-2009-1242
   active/CVE-2009-1338
   active/CVE-2009-1630
Log:
issue triage


Modified: active/CVE-2007-6514
===================================================================
--- active/CVE-2007-6514	2009-07-06 02:44:51 UTC (rev 1413)
+++ active/CVE-2007-6514	2009-07-06 02:54:54 UTC (rev 1414)
@@ -4,6 +4,12 @@
 Ubuntu-Description: 
 Notes: 
  jmm> Needs fixing in smbfs rather than in Apache
+ the attack vector for this one is so obscure: the worst that can
+ happen is disclosure of scripts hosted on an apache server serving
+ those scripts, and only if those scripts are on a windows share.  i'd
+ almost be inclined to say no-dsa for this one (or issue a dsa that
+ says don't host your apache scripts on a windows share).  it's hardly
+ worth worrying about.
 Bugs: 
 upstream: 
 linux-2.6: 

Modified: active/CVE-2009-0835
===================================================================
--- active/CVE-2009-0835	2009-07-06 02:44:51 UTC (rev 1413)
+++ active/CVE-2009-0835	2009-07-06 02:54:54 UTC (rev 1414)
@@ -23,8 +23,8 @@
  jmm> Dann, what do you think?
  dannf> agreed
 Bugs:
-upstream:
-linux-2.6: needed
+upstream: released (2.6.28.8, 2.6.29) [1ab4bad21786384ff68dc6576d021acd4e42d8ce, 5b1017404aea6d2e552e991b3fd814d839e9cd67]
+linux-2.6: (2.6.29-1)
 2.6.18-etch-security: N/A
 2.6.24-etch-security: N/A
 2.6.26-lenny-security: released (2.6.26-15lenny1) [bugfix/all/seccomp-fix-32+64-syscall-hole.patch]

Modified: active/CVE-2009-1242
===================================================================
--- active/CVE-2009-1242	2009-07-06 02:44:51 UTC (rev 1413)
+++ active/CVE-2009-1242	2009-07-06 02:54:54 UTC (rev 1414)
@@ -17,7 +17,7 @@
 Ubuntu-Description:
 Notes:
 Bugs:
-upstream: released (2.6.29.1)
+upstream: released (2.6.29.1) [16175a796d061833aacfbd9672235f2d2725df65]
 linux-2.6: released (2.6.29-2)
 2.6.18-etch-security: N/A "no KVM"
 2.6.24-etch-security: released (2.6.24-6~etchnhalf.8etch1) [bugfix/kvm-vmx-inhibit-EFER-access.patch]

Modified: active/CVE-2009-1338
===================================================================
--- active/CVE-2009-1338	2009-07-06 02:44:51 UTC (rev 1413)
+++ active/CVE-2009-1338	2009-07-06 02:54:54 UTC (rev 1414)
@@ -7,7 +7,7 @@
 Ubuntu-Description:
 Notes:
 Bugs:
-upstream: released (2.6.28-rc3)
+upstream: released (2.6.28-rc3) [d25141a818383b3c3b09f065698c544a7a0ec6e7]
 linux-2.6: released (2.6.29-1)
 2.6.18-etch-security: N/A
 2.6.24-etch-security: released (2.6.24-6~etchnhalf.8etch1) [bugfix/all/limit_kill_sig_-1_to_callers_namespace.patch, bugfix/all/pid-extend+fix-pid_vnr.patch]

Modified: active/CVE-2009-1630
===================================================================
--- active/CVE-2009-1630	2009-07-06 02:44:51 UTC (rev 1413)
+++ active/CVE-2009-1630	2009-07-06 02:54:54 UTC (rev 1414)
@@ -11,8 +11,8 @@
 Ubuntu-Description:
 Notes:
 Bugs:
-upstream: pending (2.6.30-rc7) [7ee2cb7f32b299c2b06a31fde155457203e4b7dd]
-linux-2.6:
+upstream: released (2.6.30~rc7) [7ee2cb7f32b299c2b06a31fde155457203e4b7dd]
+linux-2.6: released (2.6.30-1)
 2.6.18-etch-security:
 2.6.24-etch-security: pending (2.6.24-6~etchnhalf.8etch2) [bugfix/all/nfs-v4-client-fix-MAY_EXEC-handling.patch]
 2.6.26-lenny-security: released (2.6.26-15lenny3) [bugfix/all/nfs-v4-client-fix-MAY_EXEC-handling.patch]

More information about the kernel-sec-discuss mailing list