[kernel-sec-discuss] r1939 - active

Dann Frazier dannf at alioth.debian.org
Sun Aug 29 20:09:44 UTC 2010 

Author: dannf
Date: 2010-08-29 20:09:40 +0000 (Sun, 29 Aug 2010)
New Revision: 1939

Modified:
   active/CVE-2010-2240
   active/CVE-2010-2524
   active/CVE-2010-2942
   active/CVE-2010-2943
   active/CVE-2010-2946
Log:
various status updates

Modified: active/CVE-2010-2240
===================================================================
--- active/CVE-2010-2240	2010-08-29 18:51:58 UTC (rev 1938)
+++ active/CVE-2010-2240	2010-08-29 20:09:40 UTC (rev 1939)
@@ -5,9 +5,10 @@
  jmm> 2.6.32.20 should have all the fixes, the missing ones compared to the patches used for
  jmm> Lenny were merged in 2008 (7c88db0cb589df980acfb2f73c3595a0653004ec)
  jmm> and 2009 (05fa199d45c54a9bda7aa3ae6537253d6f097aa9)
+ dannf> additional fix needed for hppa/ia64
 Bugs:
-upstream: pending (2.6.36-rc1) [320b2b8, 528f913, 9605456, 05fa199]
-2.6.32-upstream-stable: released (2.6.32.20)
-linux-2.6: released (2.6.32-21) [bugfix/all/stable/2.6.32.19.patch]
-2.6.26-lenny-security: pending (2.6.26-24lenny1) [bugfix/all/mm-keep-a-guard-page-below-a-grow-down-stack-segment.patch, bugfix/all/mm-fix-missing-page-table-unmap-for-stack-guard-page-failure-case.patch, bugfix/x86/dont-send-SIGBUS-for-kernel-page-faults.patch, bugfix/all/mm-pass-correct-mm-when-growing-stack.patch, bugfix/all/mm-fix-page-table-unmap-for-stack-guard-page-properly.patch, bugfix/all/proc-fix-vma-display-mismatch-between-proc-pid-maps-smaps.patch, bugfix/all/mm-fix-up-some-user-visible-effects-of-the-stack-guard-page.patch]
-2.6.32-squeeze-security: pending (2.6.32-21) [bugfix/all/stable/2.6.32.20.patch]
+upstream: pending (2.6.36-rc3) [320b2b8, 528f913, 9605456, 05fa199, 8ca3eb0]
+2.6.32-upstream-stable: needed "2.6.32.y still needs 8ca3eb0"
+linux-2.6: needed "needs 8ca3eb0"
+2.6.26-lenny-security: pending (2.6.26-25) [bugfix/all/mm-keep-a-guard-page-below-a-grow-down-stack-segment.patch, bugfix/all/mm-fix-missing-page-table-unmap-for-stack-guard-page-failure-case.patch, bugfix/x86/dont-send-SIGBUS-for-kernel-page-faults.patch, bugfix/all/mm-pass-correct-mm-when-growing-stack.patch, bugfix/all/mm-fix-page-table-unmap-for-stack-guard-page-properly.patch, bugfix/all/proc-fix-vma-display-mismatch-between-proc-pid-maps-smaps.patch, bugfix/all/mm-fix-up-some-user-visible-effects-of-the-stack-guard-page.patch, bugfix/all/guard-page-for-stacks-that-grow-upwards.patch]
+2.6.32-squeeze-security: needed "needs 8ca3eb0"

Modified: active/CVE-2010-2524
===================================================================
--- active/CVE-2010-2524	2010-08-29 18:51:58 UTC (rev 1938)
+++ active/CVE-2010-2524	2010-08-29 20:09:40 UTC (rev 1939)
@@ -9,5 +9,5 @@
 upstream: released (2.6.35)
 2.6.32-upstream-stable: released (2.6.32.17) [4ff7ffd]
 linux-2.6: released (2.6.32-19) [bugfix/all/stable/2.6.32.17.patch]
-2.6.26-lenny-security: needed
+2.6.26-lenny-security: needed "needs port - upstream patch depends on newer key api"
 2.6.32-squeeze-security: released (2.6.32-19) [bugfix/all/stable/2.6.32.17.patch]

Modified: active/CVE-2010-2942
===================================================================
--- active/CVE-2010-2942	2010-08-29 18:51:58 UTC (rev 1938)
+++ active/CVE-2010-2942	2010-08-29 20:09:40 UTC (rev 1939)
@@ -7,8 +7,8 @@
  jmm> https://bugzilla.redhat.com/show_bug.cgi?id=624903
 Notes:
 Bugs:
-upstream: needed
+upstream: pending (2.6.36-rc3) [1c40be1]
 2.6.32-upstream-stable: needed
 linux-2.6: needed
-2.6.26-lenny-security: needed
+2.6.26-lenny-security: pending (2.6.26-25) [bugfix/all/net-sched-fix-some-kernel-memory-leaks.patch]
 2.6.32-squeeze-security: needed

Modified: active/CVE-2010-2943
===================================================================
--- active/CVE-2010-2943	2010-08-29 18:51:58 UTC (rev 1938)
+++ active/CVE-2010-2943	2010-08-29 20:09:40 UTC (rev 1939)
@@ -10,5 +10,5 @@
 upstream: release (2.6.35) [7dce11db,7124fe0a,1920779e,7b6259e7]
 2.6.32-upstream-stable: needed
 linux-2.6: needed
-2.6.26-lenny-security: needed
+2.6.26-lenny-security: needed "issue goes back to when inode chunk delection was added - not sure if that was after .26. need to try test case in http://oss.sgi.com/archives/xfs/2010-06/msg00191.html"
 2.6.32-squeeze-security: needed

Modified: active/CVE-2010-2946
===================================================================
--- active/CVE-2010-2946	2010-08-29 18:51:58 UTC (rev 1938)
+++ active/CVE-2010-2946	2010-08-29 20:09:40 UTC (rev 1939)
@@ -7,5 +7,5 @@
 upstream: released (2.6.36-rc1)
 2.6.32-upstream-stable: released (2.6.32.19)
 linux-2.6: pending (2.6.32-21)
-2.6.26-lenny-security: needed
+2.6.26-lenny-security: pending (2.6.26-25) [bugfix/all/jfs-dont-allow-os2-xattr-namespace-overlap-with-others.patch]
 2.6.32-squeeze-security: pending (2.6.32-21)

More information about the kernel-sec-discuss mailing list