[kernel-sec-discuss] r2103 - active

Dann Frazier dannf at alioth.debian.org
Wed Dec 22 07:26:40 UTC 2010 

Author: dannf
Date: 2010-12-22 07:26:29 +0000 (Wed, 22 Dec 2010)
New Revision: 2103

Modified:
   active/CVE-2010-4160
   active/CVE-2010-4161
   active/CVE-2010-4175
Log:
lenny updates

Modified: active/CVE-2010-4160
===================================================================
--- active/CVE-2010-4160	2010-12-17 14:57:38 UTC (rev 2102)
+++ active/CVE-2010-4160	2010-12-22 07:26:29 UTC (rev 2103)
@@ -5,8 +5,8 @@
  jmm> In earlier kernels the code resides in drivers/net/pppol2tp.c
  jmm> http://article.gmane.org/gmane.comp.security.oss.general/3775
 Bugs:
-upstream: needed
-2.6.32-upstream-stable:
-linux-2.6:
-2.6.26-lenny-security:
-2.6.32-squeeze-security:
+upstream: released (2.6.37-rc1) [253eacc070b114c2ec1f81b067d2fed7305467b0 8acfe468b0384e834a303f08ebc4953d72fb690a]
+2.6.32-upstream-stable: released (2.6.32.27) [3543e68e, f342cb14f]
+linux-2.6: released (2.6.32-27)
+2.6.26-lenny-security: released (2.6.26-26lenny1) [bugfix/all/net-truncate-recvfrom-and-sendto-length-to-INT_MAX.patch, bugfix/all/net-limit-socket-io-iovec-total-length-to-INT_MAX.patch]
+2.6.32-squeeze-security: released (2.6.32-27)

Modified: active/CVE-2010-4161
===================================================================
--- active/CVE-2010-4161	2010-12-17 14:57:38 UTC (rev 2102)
+++ active/CVE-2010-4161	2010-12-22 07:26:29 UTC (rev 2103)
@@ -14,5 +14,5 @@
 upstream: released (2.6.27)
 2.6.32-upstream-stable: N/A
 linux-2.6: released (2.6.28-1)
-2.6.26-lenny-security: 
+2.6.26-lenny-security: N/A "already have rcu protection; reproducer fails"
 2.6.32-squeeze-security: N/A

Modified: active/CVE-2010-4175
===================================================================
--- active/CVE-2010-4175	2010-12-17 14:57:38 UTC (rev 2102)
+++ active/CVE-2010-4175	2010-12-22 07:26:29 UTC (rev 2103)
@@ -7,5 +7,5 @@
 upstream: released (2.6.37-rc3) [218854af84038d828a32f061858b1902ed2beec6]
 2.6.32-upstream-stable: released (2.6.32.27)
 linux-2.6: released (2.6.32-28) [bugfix/all/rds-Integer-overflow-in-RDS-cmsg-handling.patch]
-2.6.26-lenny-security:
+2.6.26-lenny-security: N/A "rds interface was introduced in 2.6.30"
 2.6.32-squeeze-security: released (2.6.32-28) [bugfix/all/rds-Integer-overflow-in-RDS-cmsg-handling.patch]

More information about the kernel-sec-discuss mailing list