[kernel-sec-discuss] r1812 - active
Michael Gilbert
gilbert-guest at alioth.debian.org
Sat Apr 17 20:16:24 UTC 2010
Author: gilbert-guest
Date: 2010-04-17 20:16:23 +0000 (Sat, 17 Apr 2010)
New Revision: 1812
Added:
active/CVE-2010-1162
Removed:
active/CVE-2010-tty-forgets-pids
Modified:
active/CVE-2010-0727
active/CVE-2010-1084
active/CVE-2010-thinkpad-dos
Log:
info
Modified: active/CVE-2010-0727
===================================================================
--- active/CVE-2010-0727 2010-04-15 00:22:49 UTC (rev 1811)
+++ active/CVE-2010-0727 2010-04-17 20:16:23 UTC (rev 1812)
@@ -7,8 +7,8 @@
jmm> 720e7749279bde0d08684b1bb4e7a2eedeec6394
jmm> Submitted for 2.6.32.x stable
Bugs:
-upstream: released (2.6.34-rc2)
-2.6.32-upstream-stable: needed
-linux-2.6: needed
+upstream: released (2.6.34-rc2) [720e77492]
+2.6.32-upstream-stable: released (2.6.32.11) [788b99c4]
+linux-2.6: released (2.6.32-11) [bugfix/all/stable/2.6.32.11.patch]
2.6.26-lenny-security: needed
-2.6.32-squeeze-security: needed
+2.6.32-squeeze-security: released (2.6.32-11) [bugfix/all/stable/2.6.32.11.patch]
Modified: active/CVE-2010-1084
===================================================================
--- active/CVE-2010-1084 2010-04-15 00:22:49 UTC (rev 1811)
+++ active/CVE-2010-1084 2010-04-17 20:16:23 UTC (rev 1812)
@@ -5,8 +5,8 @@
jmm> 101545f6fef4a0a3ea8daf0b5b880df2c6a92a69
jmm> Submitted for stable at kernel.org
Bugs:
-upstream: needed
-2.6.32-upstream-stable: needed
-linux-2.6: needed
+upstream: released (2.6.34-rc3) [101545f6]
+2.6.32-upstream-stable: released (2.6.32.11) [e1c20f72]
+linux-2.6: released (2.6.32-11) [bugfix/all/stable/2.6.32.11.patch]
2.6.26-lenny-security: needed
-2.6.32-squeeze-security: needed
+2.6.32-squeeze-security: released (2.6.32-11) [bugfix/all/stable/2.6.32.11.patch]
Copied: active/CVE-2010-1162 (from rev 1811, active/CVE-2010-tty-forgets-pids)
===================================================================
--- active/CVE-2010-1162 (rev 0)
+++ active/CVE-2010-1162 2010-04-17 20:16:23 UTC (rev 1812)
@@ -0,0 +1,12 @@
+Candidate: CVE-2010-1162
+Description:
+ tty: release_one_tty() forgets to put pids
+References:
+ http://www.openwall.com/lists/oss-security/2010/04/14/1
+Notes:
+Bugs:
+upstream: released (2.6.34-rc4) [6da8d866]
+2.6.32-upstream-stable: needed
+linux-2.6: needed
+2.6.26-lenny-security: needed
+2.6.32-squeeze-security: needed
Modified: active/CVE-2010-thinkpad-dos
===================================================================
--- active/CVE-2010-thinkpad-dos 2010-04-15 00:22:49 UTC (rev 1811)
+++ active/CVE-2010-thinkpad-dos 2010-04-17 20:16:23 UTC (rev 1812)
@@ -4,9 +4,11 @@
References:
http://git.kernel.org/linus/b525c06cdbd8a3963f0173ccd23f9147d4c384b5
Notes:
+ vulnerable ibm_init() code not present in < 2.6.33; would just the
+ addition of the CAP_SYS_ADMIN checks be sufficient?
Bugs:
upstream: released (2.6.34-rc1) [b525c06c]
-2.6.32-upstream-stable:
-linux-2.6:
-2.6.26-lenny-security:
-2.6.32-squeeze-security:
+2.6.32-upstream-stable: needed
+linux-2.6: needed
+2.6.26-lenny-security: needed
+2.6.32-squeeze-security: needed
Deleted: active/CVE-2010-tty-forgets-pids
===================================================================
--- active/CVE-2010-tty-forgets-pids 2010-04-15 00:22:49 UTC (rev 1811)
+++ active/CVE-2010-tty-forgets-pids 2010-04-17 20:16:23 UTC (rev 1812)
@@ -1,12 +0,0 @@
-Candidate:
-Description:
- tty: release_one_tty() forgets to put pids
-References:
- http://www.openwall.com/lists/oss-security/2010/04/14/1
-Notes:
-Bugs:
-upstream: released (2.6.34-rc4) [6da8d866]
-2.6.32-upstream-stable: needed
-linux-2.6: needed
-2.6.26-lenny-security: needed
-2.6.32-squeeze-security: needed
More information about the kernel-sec-discuss
mailing list