[kernel-sec-discuss] r1503 - active

Moritz Muehlenhoff jmm at alioth.debian.org
Sat Oct 3 10:48:07 UTC 2009 

Author: jmm
Date: 2009-10-03 10:48:07 +0000 (Sat, 03 Oct 2009)
New Revision: 1503

Modified:
   active/CVE-2009-2844
   active/CVE-2009-3001
   active/CVE-2009-3002
   active/CVE-2009-3043
   active/CVE-2009-3234
   active/CVE-2009-3280
   active/CVE-2009-3288
   active/CVE-2009-3290
Log:
kernel updates


Modified: active/CVE-2009-2844
===================================================================
--- active/CVE-2009-2844	2009-09-30 16:51:05 UTC (rev 1502)
+++ active/CVE-2009-2844	2009-10-03 10:48:07 UTC (rev 1503)
@@ -6,7 +6,7 @@
 Notes:
 Bugs:
 upstream: released (2.6.31-rc6)
-linux-2.6: needed
+linux-2.6: released (2.6.30-7)
 2.6.18-etch-security: N/A "Affects >= 2.6.30-rc1"
 2.6.24-etch-security: N/A "Affects >= 2.6.30-rc1"
 2.6.26-lenny-security: N/A "Affects >= 2.6.30-rc1"

Modified: active/CVE-2009-3001
===================================================================
--- active/CVE-2009-3001	2009-09-30 16:51:05 UTC (rev 1502)
+++ active/CVE-2009-3001	2009-10-03 10:48:07 UTC (rev 1503)
@@ -12,8 +12,8 @@
 Notes:
  gilbert> minor info leak, so not very urgent
 Bugs:
-upstream: pending (2.6.31) [28e9fc592cb8c7a43e4d3147b38be6032a0e81bc]
-linux-2.6: needed
+upstream: released (2.6.31) [28e9fc592cb8c7a43e4d3147b38be6032a0e81bc]
+linux-2.6: pending (2.6.31-1)
 2.6.18-etch-security: needed
 2.6.24-etch-security: needed
 2.6.26-lenny-security: needed

Modified: active/CVE-2009-3002
===================================================================
--- active/CVE-2009-3002	2009-09-30 16:51:05 UTC (rev 1502)
+++ active/CVE-2009-3002	2009-10-03 10:48:07 UTC (rev 1503)
@@ -18,8 +18,8 @@
 Notes:
  gilbert> these are just minor info leaks, so not really very urgent
 Bugs:
-upstream: pending (2.6.31) [09384dfc76e526c3993c09c42e016372dc9dd22c,17ac2e9c58b69a1e25460a568eae1b0dc0188c25,80922bbb12a105f858a8f0abb879cb4302d0ecaa,e84b90ae5eb3c112d1f208964df1d8156a538289,f6b97b29513950bfbf621a83d85b6f86b39ec8db]
-linux-2.6: needed
+upstream: released (2.6.31) [09384dfc76e526c3993c09c42e016372dc9dd22c,17ac2e9c58b69a1e25460a568eae1b0dc0188c25,80922bbb12a105f858a8f0abb879cb4302d0ecaa,e84b90ae5eb3c112d1f208964df1d8156a538289,f6b97b29513950bfbf621a83d85b6f86b39ec8db]
+linux-2.6: pending (2.6.31-1)
 2.6.18-etch-security:
 2.6.24-etch-security:
 2.6.26-lenny-security:

Modified: active/CVE-2009-3043
===================================================================
--- active/CVE-2009-3043	2009-09-30 16:51:05 UTC (rev 1502)
+++ active/CVE-2009-3043	2009-10-03 10:48:07 UTC (rev 1503)
@@ -14,8 +14,8 @@
 Notes:
  Introduced in commits c65c9bc3 and c8d50041.
 Bugs:
-upstream: pending (2.6.31) [5c58ceff103d8a654f24769bb1baaf84a841b0cc]
-linux-2.6: needed
+upstream: released (2.6.31) [5c58ceff103d8a654f24769bb1baaf84a841b0cc]
+linux-2.6: pending (2.6.31-1)
 2.6.18-etch-security: N/A "introduced in 2.6.31-rc1"
 2.6.24-etch-security: N/A "introduced in 2.6.31-rc1"
 2.6.26-lenny-security: N/A "introduced in 2.6.31-rc1"

Modified: active/CVE-2009-3234
===================================================================
--- active/CVE-2009-3234	2009-09-30 16:51:05 UTC (rev 1502)
+++ active/CVE-2009-3234	2009-10-03 10:48:07 UTC (rev 1503)
@@ -10,7 +10,7 @@
  brad spengler has working exploit code for this one, so high-urgency
 Bugs:
 upstream: released (2.6.31.1) [986ddf533c1dd6852196182084aefe1ca9eda34e], pending (2.6.32-rc2) [b3e62e3]
-linux-2.6: N/A "introduced in 2.6.31-rc1; recheck when 2.6.31 enters unstable"
+linux-2.6: 2.6.31-1
 2.6.18-etch-security: N/A "vulnerable code not present"
 2.6.24-etch-security: N/A "vulnerable code not present"
 2.6.26-lenny-security: N/A "vulnerable code not present"

Modified: active/CVE-2009-3280
===================================================================
--- active/CVE-2009-3280	2009-09-30 16:51:05 UTC (rev 1502)
+++ active/CVE-2009-3280	2009-10-03 10:48:07 UTC (rev 1503)
@@ -6,7 +6,7 @@
 Notes:
 Bugs:
 upstream: pending (2.6.32-rc1) [fcc6cb0c13555e78c2d47257b6d1b5e59b0c419a]
-linux-2.6: needed
+linux-2.6: pending (2.6.31-1)
 2.6.18-etch-security: N/A "vulnerable code not present"
 2.6.24-etch-security: N/A "vulnerable code not present"
 2.6.26-lenny-security: N/A "vulnerable code not present"

Modified: active/CVE-2009-3288
===================================================================
--- active/CVE-2009-3288	2009-09-30 16:51:05 UTC (rev 1502)
+++ active/CVE-2009-3288	2009-10-03 10:48:07 UTC (rev 1503)
@@ -10,9 +10,10 @@
  http://www.openwall.com/lists/oss-security/2009/09/03/4
 Ubuntu-Description:
 Notes:
+ jmm> e71044ee2efa4792e21d243b03d49006db66aec9
 Bugs:
-upstream: needed "patch available, but doesn't appear to be commited"
-linux-2.6: needed
+upstream: released (2.6.31.1)
+linux-2.6: pending (2.6.31-1)
 2.6.18-etch-security: N/A "Introduced by upstream commit 10db10d1 in v2.6.28-rc1.
 2.6.24-etch-security: N/A "Introduced by upstream commit 10db10d1 in v2.6.28-rc1.
 2.6.26-lenny-security: N/A "Introduced by upstream commit 10db10d1 in v2.6.28-rc1.

Modified: active/CVE-2009-3290
===================================================================
--- active/CVE-2009-3290	2009-09-30 16:51:05 UTC (rev 1502)
+++ active/CVE-2009-3290	2009-10-03 10:48:07 UTC (rev 1503)
@@ -20,7 +20,7 @@
  high-urgency
 Bugs:
 upstream: released (2.6.31) [07708c4af1346ab1521b26a202f438366b7bcffd]
-linux-2.6: needed
+linux-2.6: pending (2.6.31-1)
 2.6.18-etch-security: N/A "introduced in 2.6.25"
 2.6.24-etch-security: N/A "introduced in 2.6.25"
 2.6.26-lenny-security: pending (2.6.26-19lenny1) [bugfix/x86/kvm-disallow-hypercalls-for-guest-callers-in-rings-gt-0.patch]

More information about the kernel-sec-discuss mailing list