[kernel-sec-discuss] r1515 - active

Moritz Muehlenhoff jmm at alioth.debian.org
Mon Oct 19 17:09:20 UTC 2009 

Author: jmm
Date: 2009-10-19 17:09:20 +0000 (Mon, 19 Oct 2009)
New Revision: 1515

Modified:
   active/CVE-2008-2137
   active/CVE-2009-1336
   active/CVE-2009-1389
   active/CVE-2009-1439
   active/CVE-2009-1633
   active/CVE-2009-2691
   active/CVE-2009-2908
Log:
various updates for upstream fixes/sid


Modified: active/CVE-2008-2137
===================================================================
--- active/CVE-2008-2137	2009-10-19 01:28:41 UTC (rev 1514)
+++ active/CVE-2008-2137	2009-10-19 17:09:20 UTC (rev 1515)
@@ -3,9 +3,10 @@
 References: 
 Ubuntu-Description: 
 Notes: 
+ jmm> 5816339310b2d9623cf413d33e538b45e815da5d
 Bugs: 
-upstream: 
-linux-2.6: 
+upstream: released (2.6.26)
+linux-2.6: released (2.6.26-1)
 2.6.18-etch-security: released (2.6.18.dfsg.1-18etch5) [bugfix/sparc-fix-mmap-va-span-checking.patch, bugfix/sparc-fix-mremap-addr-range-validation.patch]
 2.6.24-etch-security: released (2.6.24-6~etchnhalf.3) [bugfix/sparc-fix-mmap-va-span-checking.patch, bugfix/sparc-fix-mremap-addr-range-validation.patch]
 2.6.26-lenny-security: N/A

Modified: active/CVE-2009-1336
===================================================================
--- active/CVE-2009-1336	2009-10-19 01:28:41 UTC (rev 1514)
+++ active/CVE-2009-1336	2009-10-19 17:09:20 UTC (rev 1515)
@@ -6,7 +6,7 @@
 Ubuntu-Description:
 Notes:
 Bugs:
-upstream:
+upstream: released (2.6.23-1)
 linux-2.6: released (2.6.23-rc9)
 2.6.18-etch-security: released (2.6.18.dfsg.1-24etch1) [bugfix/all/nfs-fix-oops-in-encode_lookup.patch]
 2.6.24-etch-security: N/A

Modified: active/CVE-2009-1389
===================================================================
--- active/CVE-2009-1389	2009-10-19 01:28:41 UTC (rev 1514)
+++ active/CVE-2009-1389	2009-10-19 17:09:20 UTC (rev 1515)
@@ -3,9 +3,10 @@
 References:
 Ubuntu-Description:
 Notes:
+ jmm> fdd7b4c3302c93f6833e338903ea77245eb510b4
 Bugs: 532376
-upstream:
-linux-2.6:
+upstream: released (2.6.30)
+linux-2.6: released (2.6.30-1)
 2.6.18-etch-security: released (2.6.18.dfsg.1-24etch3) [bugfix/all/r8169-fix-crash-when-large-packets-are-received.patch]
 2.6.24-etch-security: released (2.6.24-6~etchnhalf.8etch2) [bugfix/all/r8169-fix-crash-when-large-packets-are-received.patch]
 2.6.26-lenny-security: released (2.6.26-16) [bugfix/all/r8169-fix-crash-when-large-packets-are-received.patch]

Modified: active/CVE-2009-1439
===================================================================
--- active/CVE-2009-1439	2009-10-19 01:28:41 UTC (rev 1514)
+++ active/CVE-2009-1439	2009-10-19 17:09:20 UTC (rev 1515)
@@ -7,8 +7,8 @@
 Ubuntu-Description:
 Notes:
 Bugs:
-upstream:
-linux-2.6:
+upstream: released (2.6.30)
+linux-2.6: released (2.6.30-1)
 2.6.18-etch-security: released (2.6.18.dfsg.1-24etch1) [bugfix/all/cifs-fix-memory-overwrite-when-saving-nativeFileSystem-field-during-mount.patch, bugfix/all/cifs-fix-buffer-size-for-tcon-nativeFileSystem-field.patch, bugfix/all/cifs-remove-unneeded-bcc_ptr-update-in-CIFSTCon.patch]
 2.6.24-etch-security: released (2.6.24-6~etchnhalf.8etch1) [bugfix/all/cifs-fix-memory-overwrite-when-saving-nativeFileSystem-field-during-mount.patch, bugfix/all/cifs-fix-buffer-size-for-tcon-nativeFileSystem-field.patch, bugfix/all/cifs-remove-unneeded-bcc_ptr-update-in-CIFSTCon.patch]
 2.6.26-lenny-security: released (2.6.26-15lenny1) [bugfix/all/cifs-fix-memory-overwrite-when-saving-nativeFileSystem-field-during-mount.patch, bugfix/all/cifs-fix-buffer-size-for-tcon-nativeFileSystem-field.patch, bugfix/all/cifs-remove-unneeded-bcc_ptr-update-in-CIFSTCon.patch]

Modified: active/CVE-2009-1633
===================================================================
--- active/CVE-2009-1633	2009-10-19 01:28:41 UTC (rev 1514)
+++ active/CVE-2009-1633	2009-10-19 17:09:20 UTC (rev 1515)
@@ -8,7 +8,7 @@
 Notes:
 Bugs:
 upstream: released (2.6.30-rc5) [27b87fe52baba0a55e9723030e76fce94fabcea4, 7b0c8fcff47a885743125dd843db64af41af5a61, 968460ebd8006d55661dec0fb86712b40d71c413]
-linux-2.6:
+linux-2.6: released (2.6.30-1)
 2.6.18-etch-security: released (2.6.18.dfsg.1-24etch3) [bugfix/all/cifs-fix-oops-when-windows-server-sent-bad-domain-name-null-terminator.patch, bugfix/all/cifs-fix-unicode-string-area-word-alignment-in-session-setup.patch, bugfix/all/cifs-increase-size-of-tmp_buf-in-cifs_readdir-to-avoid-potential-overflows.patch] "bugfix/all/cifs-rename-cifs_strncpy_to_host-and-fix-buffer-size.patch not applied - affected code not present"
 2.6.24-etch-security: released (2.6.24-6~etchnhalf.8etch2) [bugfix/all/cifs-fix-unicode-string-area-word-alignment-in-session-setup.patch, bugfix/all/cifs-increase-size-of-tmp_buf-in-cifs_readdir-to-avoid-potential-overflows.patch] "bugfix/all/cifs-rename-cifs_strncpy_to_host-and-fix-buffer-size.patch not applied - affected code not present"
 2.6.26-lenny-security: released (2.6.26-15lenny3) [bugfix/all/cifs-fix-unicode-string-area-word-alignment-in-session-setup.patch, bugfix/all/cifs-increase-size-of-tmp_buf-in-cifs_readdir-to-avoid-potential-overflows.patch, bugfix/all/cifs-rename-cifs_strncpy_to_host-and-fix-buffer-size.patch]

Modified: active/CVE-2009-2691
===================================================================
--- active/CVE-2009-2691	2009-10-19 01:28:41 UTC (rev 1514)
+++ active/CVE-2009-2691	2009-10-19 17:09:20 UTC (rev 1515)
@@ -10,7 +10,7 @@
          construct that didn't exist until after 2.6.27
 Bugs:
 upstream: released (2.6.31-rc6) [13f0fea, 00f89d2, 704b836]
-linux-2.6:
+linux-2.6: pending (2.6.31-1)
 2.6.18-etch-security: ignored (2.6.18.dfsg.1-24etch4) "needs port"
 2.6.24-etch-security:
 2.6.26-lenny-security: ignored (2.6.26-19) "needs port"

Modified: active/CVE-2009-2908
===================================================================
--- active/CVE-2009-2908	2009-10-19 01:28:41 UTC (rev 1514)
+++ active/CVE-2009-2908	2009-10-19 17:09:20 UTC (rev 1515)
@@ -10,9 +10,10 @@
  http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.31.y.git;a=commit;h=afc2b6932f48f200736d3e36ad66fee0ec733136
  https://bugzilla.redhat.com/show_bug.cgi?id=527534
 Notes:
+ jmm> Introduced in 2.6.19
 Bugs:
 upstream: released (2.6.31.2) [afc2b6932f48f200736d3e36ad66fee0ec733136], pending (2.6.32-rc3) [9c2d2056647790c5034d722bd24e9d913ebca73c]
 linux-2.6: needed
-2.6.18-etch-security:
+2.6.18-etch-security: N/A
 2.6.24-etch-security:
 2.6.26-lenny-security: pending (2.6.26-19lenny1) [bugfix/all/ecryptfs-prevent-lower-dentry-from-going-negative-during-unlink.patch]

More information about the kernel-sec-discuss mailing list