[kernel-sec-discuss] r1734 - active retired

Moritz Muehlenhoff jmm at alioth.debian.org
Sun Feb 14 21:15:26 UTC 2010 

Author: jmm
Date: 2010-02-14 21:15:03 +0000 (Sun, 14 Feb 2010)
New Revision: 1734

Added:
   retired/CVE-2009-3939
   retired/CVE-2009-4027
Removed:
   active/CVE-2009-3939
   active/CVE-2009-4027
Modified:
   active/CVE-2009-3613
   active/CVE-2009-3620
   active/CVE-2009-3725
   active/CVE-2009-3726
   active/CVE-2009-4005
   active/CVE-2009-4020
   active/CVE-2009-4021
   active/CVE-2009-4141
   active/CVE-2009-4536
   active/CVE-2009-4538
   active/CVE-2010-0003
   active/CVE-2010-0006
Log:
various further updates:
 - record fixes to sid
 - more ignored (EOL) entries for Etch
 - retire two more issues


Modified: active/CVE-2009-3613
===================================================================
--- active/CVE-2009-3613	2010-02-14 21:09:08 UTC (rev 1733)
+++ active/CVE-2009-3613	2010-02-14 21:15:03 UTC (rev 1734)
@@ -9,6 +9,6 @@
 Bugs:
 upstream: released (2.6.29) [a866bbf, 97d477a]
 linux-2.6: released (2.6.29-1)
-2.6.18-etch-security: ignored (2.6.18.dfsg.1-26etch1) "needs port"
+2.6.18-etch-security: ignored (EOL)
 2.6.24-etch-security: released (2.6.24-6~etchnhalf.9etch1) [bugfix/all/r8169-balance-pci_map-pci_unmap-pair.patch, bugfix/all/r8169-use-hardware-auto-padding.patch]
 2.6.26-lenny-security: released (2.6.26-19lenny1) [bugfix/all/r8169-use-hardware-auto-padding.patch]

Modified: active/CVE-2009-3620
===================================================================
--- active/CVE-2009-3620	2010-02-14 21:09:08 UTC (rev 1733)
+++ active/CVE-2009-3620	2010-02-14 21:15:03 UTC (rev 1734)
@@ -9,6 +9,6 @@
 Bugs:
 upstream: released (2.6.32-rc1) [7dc482dfeeeefcfd000d4271c4626937406756d7]
 linux-2.6: released (2.6.32-1) 
-2.6.18-etch-security: needed
+2.6.18-etch-security: ignored (EOL)
 2.6.24-etch-security: released (2.6.24-6~etchnhalf.9etch1) [bugfix/all/drm+r128-Add-test-for-init-to-all-reqd-ioctls.patch]
 2.6.26-lenny-security: released (2.6.26-19lenny2) [bugfix/all/drm+r128-Add-test-for-init-to-all-reqd-ioctls.patch]

Modified: active/CVE-2009-3725
===================================================================
--- active/CVE-2009-3725	2010-02-14 21:09:08 UTC (rev 1733)
+++ active/CVE-2009-3725	2010-02-14 21:15:03 UTC (rev 1734)
@@ -13,5 +13,5 @@
 upstream: released (2.6.32-rc3) [cc44578b5a508889beb8ae3ccd4d2bbdf17bc86c, 98a5783af02f4c9b87b676d7bbda6258045cfc76, 5788c56891cfb310e419c4f9ae20427851797431, 24836479a126e02be691e073c2b6cad7e7ab836a], released (2.6.31.5) [127f1bdba584bc2aa2f910273b6b5701d5bad3ed, 85a79fc56eaee6587d19971b5348261773c1c507, 060425ef1d42f59b9b3faed31406e9e59c7464a0, e1a7338bc0da30633357c84be4df222a1bdbfd99]
 linux-2.6: released (2.6.31-1)
 2.6.18-etch-security: N/A
-2.6.24-etch-security: needed "upstream fix requires API changes"
+2.6.24-etch-security: ignored (EOL)
 2.6.26-lenny-security: needed "upstream fix requires API changes"

Modified: active/CVE-2009-3726
===================================================================
--- active/CVE-2009-3726	2010-02-14 21:09:08 UTC (rev 1733)
+++ active/CVE-2009-3726	2010-02-14 21:15:03 UTC (rev 1734)
@@ -8,6 +8,6 @@
 Bugs:
 upstream: released (2.6.31) [d953126a28f97ec965d23c69fd5795854c048f30]
 linux-2.6: released (2.6.31-1)
-2.6.18-etch-security:
+2.6.18-etch-security: ignored (EOL)
 2.6.24-etch-security: pending (2.6.24-6~etchnhalf.9etch2) [bugfix/all/nfsv4-buggy-server-oops.patch]
 2.6.26-lenny-security: released (2.6.26-21) [bugfix/all/nfsv4-buggy-server-oops.patch]

Deleted: active/CVE-2009-3939
===================================================================
--- active/CVE-2009-3939	2010-02-14 21:09:08 UTC (rev 1733)
+++ active/CVE-2009-3939	2010-02-14 21:15:03 UTC (rev 1734)
@@ -1,18 +0,0 @@
-Candidate: CVE-2009-3939
-Description:
- The poll_mode_io file for the megaraid_sas driver in the Linux kernel 
- 2.6.31.6 and earlier has world-writable permissions, which allows local 
- users to change the I/O mode of the driver by modifying this file.
-References:
- http://www.openwall.com/lists/oss-security/2009/11/13/1
-Notes:
- jmm> Introduced in ad84db2e2e1817bb8a29e7c9108eb66bf023d99f
- jmm> Fixed in bb7d3f24c71e528989501617651b669fbed798cb
-Bugs: #562975 (patch available)
-upstream: released (2.6.32.5, 2.6.33-rc4)
-2.6.32-upstream-stable: released (2.6.32.5) [94249e60370f0094831ba673881222252d799257)]
-linux-2.6: released (2.6.32-6) [bugfix/all/stable/2.6.32.5.patch]
-2.6.18-etch-security: N/A "introduced in 2.6.25 commit ad84db2e"
-2.6.24-etch-security: N/A "introduced in 2.6.25 commit ad84db2e"
-2.6.26-lenny-security: released (2.6.26-21lenny1) [bugfix/all/megaraid_sas-remove-sysfs-poll_mode_io-world-writeable-perms.patch]
-2.6.32-squeeze-security: released (2.6.32-6) [bugfix/all/stable/2.6.32.5.patch]

Modified: active/CVE-2009-4005
===================================================================
--- active/CVE-2009-4005	2010-02-14 21:09:08 UTC (rev 1733)
+++ active/CVE-2009-4005	2010-02-14 21:15:03 UTC (rev 1734)
@@ -8,7 +8,7 @@
 upstream: released (2.6.32-rc7) [286e633e]
 2.6.31-upstream-stable: N/A
 linux-2.6: released (2.6.32-1)
-2.6.18-etch-security: needed
+2.6.18-etch-security: ignored (EOL)
 2.6.24-etch-security: pending (2.6.24-6~etchnhalf.9etch2) [bugfix/all/isdn-hfc_usb-fix-read-buffer-overflow.patch]
 2.6.26-lenny-security: released (2.6.26-21) [bugfix/all/isdn-hfc_usb-fix-read-buffer-overflow.patch]
 2.6.32-squeeze-security: released (2.6.32-1) 

Modified: active/CVE-2009-4020
===================================================================
--- active/CVE-2009-4020	2010-02-14 21:09:08 UTC (rev 1733)
+++ active/CVE-2009-4020	2010-02-14 21:15:03 UTC (rev 1734)
@@ -8,7 +8,7 @@
 upstream: released (2.6.33-rc1) [ec81aecb]
 2.6.32-upstream-stable: released (2.6.32.2) [037b7867]
 linux-2.6: released (2.6.32-3)
-2.6.18-etch-security: needed
+2.6.18-etch-security: ignored (EOL)
 2.6.24-etch-security: released (2.6.24-6~etchnhalf.9etch2) [bugfix/all/hfs-fix-a-potential-buffer-overflow.patch]
 2.6.26-lenny-security: released (2.6.26-21) [bugfix/all/hfs-fix-a-potential-buffer-overflow.patch]
 2.6.32-squeeze-security: released (2.6.32-3)

Modified: active/CVE-2009-4021
===================================================================
--- active/CVE-2009-4021	2010-02-14 21:09:08 UTC (rev 1733)
+++ active/CVE-2009-4021	2010-02-14 21:15:03 UTC (rev 1734)
@@ -8,7 +8,7 @@
 Bugs:
 upstream: released (2.6.32-rc7) [f60311d5]
 linux-2.6: released (2.6.32-1)
-2.6.18-etch-security: needed
+2.6.18-etch-security: ignored (EOL)
 2.6.24-etch-security: pending (2.6.24-6~etchnhalf.9etch2) [bugfix/all/fuse-prevent-fuse_put_request-on-invalid-pointer.patch]
 2.6.26-lenny-security: released (2.6.26-21) [bugfix/all/fuse-prevent-fuse_put_request-on-invalid-pointer.patch]
 2.6.32-squeeze-security: released (2.6.32-1)

Deleted: active/CVE-2009-4027
===================================================================
--- active/CVE-2009-4027	2010-02-14 21:09:08 UTC (rev 1733)
+++ active/CVE-2009-4027	2010-02-14 21:15:03 UTC (rev 1734)
@@ -1,13 +0,0 @@
-Candidate: CVE-2009-4027
-Description:
- mac80211 issue
-References:
- http://www.openwall.com/lists/oss-security/2009/12/01/2
-Notes:
-Bugs:
-upstream: released (2.6.32) [827d42c9]
-linux-2.6: released (2.6.32-1)
-2.6.18-etch-security: N/A "introduced in 2.6.26 commit d92684e6"
-2.6.24-etch-security: N/A "introduced in 2.6.26 commit d92684e6"
-2.6.26-lenny-security: released (2.6.26-21lenny1) [bugfix/all/mac80211-fix-spurious-delBA-handling.patch]
-2.6.32-squeeze-security: released (2.6.32-1)

Modified: active/CVE-2009-4141
===================================================================
--- active/CVE-2009-4141	2010-02-14 21:09:08 UTC (rev 1733)
+++ active/CVE-2009-4141	2010-02-14 21:15:03 UTC (rev 1734)
@@ -11,9 +11,9 @@
 jmm> Commit 53281b6d
 upstream: released (2.6.32.4)
 2.6.32-upstream-stable: released (2.6.32.4)
-linux-2.6: pending (2.6.32-6) [bugfix/all/fasync-split-fasync_helper.patch]
+linux-2.6: released (2.6.32-6) [bugfix/all/fasync-split-fasync_helper.patch]
 2.6.18-etch-security: N/A
 2.6.24-etch-security: N/A
 2.6.26-lenny-security: N/A
-2.6.32-squeeze-security: pending (2.6.32-6) [bugfix/all/fasync-split-fasync_helper.patch]
+2.6.32-squeeze-security: released (2.6.32-6) [bugfix/all/fasync-split-fasync_helper.patch]
 

Modified: active/CVE-2009-4536
===================================================================
--- active/CVE-2009-4536	2010-02-14 21:09:08 UTC (rev 1733)
+++ active/CVE-2009-4536	2010-02-14 21:15:03 UTC (rev 1734)
@@ -10,7 +10,7 @@
 upstream: released (2.6.33-rc6) [40a14dea]
 2.6.32-upstream-stable:
 linux-2.6: released (2.6.32-6) [bugfix/all/e1000-enhance-frame-fragment-detection.patch]
-2.6.18-etch-security:
+2.6.18-etch-security: ignored (EOL)
 2.6.24-etch-security: pending (2.6.24-6~etchnhalf.9etch2) [bugfix/all/e1000-enhance-frame-fragment-detection.patch]
 2.6.26-lenny-security: released (2.6.26-21lenny1) [bugfix/all/e1000-enhance-frame-fragment-detection.patch]
 2.6.32-squeeze-security: released (2.6.32-6) [bugfix/all/e1000-enhance-frame-fragment-detection.patch]

Modified: active/CVE-2009-4538
===================================================================
--- active/CVE-2009-4538	2010-02-14 21:09:08 UTC (rev 1733)
+++ active/CVE-2009-4538	2010-02-14 21:15:03 UTC (rev 1734)
@@ -10,7 +10,7 @@
 upstream: released (2.6.33-rc6) [b94b5028]
 2.6.32-upstream-stable:
 linux-2.6: released (2.6.32-6) [bugfix/all/e1000e-enhance-fragment-detection.patch]
-2.6.18-etch-security:
+2.6.18-etch-security: ignored (EOL)
 2.6.24-etch-security: pending (2.6.24-6~etchnhalf.9etch2) [bugfix/all/e1000e-enhance-frame-fragment-detection.patch]
 2.6.26-lenny-security: released (2.6.26-21lenny1) [bugfix/all/e1000e-enhance-frame-fragment-detection.patch]
 2.6.32-squeeze-security: released (2.6.32-6) [bugfix/all/e1000e-enhance-fragment-detection.patch]

Modified: active/CVE-2010-0003
===================================================================
--- active/CVE-2010-0003	2010-02-14 21:09:08 UTC (rev 1733)
+++ active/CVE-2010-0003	2010-02-14 21:15:03 UTC (rev 1734)
@@ -8,7 +8,7 @@
 upstream: released (2.6.33-rc4) [b45c6e76bc]
 2.6.32-upstream-stable: released (2.6.32.4)
 linux-2.6: released (2.6.32-6) [bugfix/all/stable/2.6.32.4.patch]
-2.6.18-etch-security:
+2.6.18-etch-security: ignored (EOL)
 2.6.24-etch-security: pending (2.6.24-6~etchnhalf.9etch2) [bugfix/all/signal-fix-information-leak-with-print-fatal-signals.patch]
 2.6.26-lenny-security: released (2.6.26-21lenny1) [bugfix/all/signal-fix-information-leak-with-print-fatal-signals.patch]
 2.6.32-squeeze-security: released (2.6.32-6) [bugfix/all/stable/2.6.32.4.patch]

Modified: active/CVE-2010-0006
===================================================================
--- active/CVE-2010-0006	2010-02-14 21:09:08 UTC (rev 1733)
+++ active/CVE-2010-0006	2010-02-14 21:15:03 UTC (rev 1734)
@@ -10,8 +10,8 @@
 Bugs:
 upstream: released (2.6.33) (2570a4f5428bcdb1077622342181755741e7fa60)
 2.6.32-upstream-stable: released (2.6.32.4)
-linux-2.6: pending (2.6.32-6)
+linux-2.6: released (2.6.32-6)
 2.6.18-etch-security: N/A "introduced in 2.6.28 commit 483a47d2"
 2.6.24-etch-security: N/A "introduced in 2.6.28 commit 483a47d2"
 2.6.26-lenny-security: N/A "introduced in 2.6.28 commit 483a47d2"
-2.6.32-squeeze-security: pending (2.6.32-6)
+2.6.32-squeeze-security: released (2.6.32-6)

Copied: retired/CVE-2009-3939 (from rev 1730, active/CVE-2009-3939)
===================================================================
--- retired/CVE-2009-3939	                        (rev 0)
+++ retired/CVE-2009-3939	2010-02-14 21:15:03 UTC (rev 1734)
@@ -0,0 +1,18 @@
+Candidate: CVE-2009-3939
+Description:
+ The poll_mode_io file for the megaraid_sas driver in the Linux kernel 
+ 2.6.31.6 and earlier has world-writable permissions, which allows local 
+ users to change the I/O mode of the driver by modifying this file.
+References:
+ http://www.openwall.com/lists/oss-security/2009/11/13/1
+Notes:
+ jmm> Introduced in ad84db2e2e1817bb8a29e7c9108eb66bf023d99f
+ jmm> Fixed in bb7d3f24c71e528989501617651b669fbed798cb
+Bugs: #562975 (patch available)
+upstream: released (2.6.32.5, 2.6.33-rc4)
+2.6.32-upstream-stable: released (2.6.32.5) [94249e60370f0094831ba673881222252d799257)]
+linux-2.6: released (2.6.32-6) [bugfix/all/stable/2.6.32.5.patch]
+2.6.18-etch-security: N/A "introduced in 2.6.25 commit ad84db2e"
+2.6.24-etch-security: N/A "introduced in 2.6.25 commit ad84db2e"
+2.6.26-lenny-security: released (2.6.26-21lenny1) [bugfix/all/megaraid_sas-remove-sysfs-poll_mode_io-world-writeable-perms.patch]
+2.6.32-squeeze-security: released (2.6.32-6) [bugfix/all/stable/2.6.32.5.patch]

Copied: retired/CVE-2009-4027 (from rev 1730, active/CVE-2009-4027)
===================================================================
--- retired/CVE-2009-4027	                        (rev 0)
+++ retired/CVE-2009-4027	2010-02-14 21:15:03 UTC (rev 1734)
@@ -0,0 +1,13 @@
+Candidate: CVE-2009-4027
+Description:
+ mac80211 issue
+References:
+ http://www.openwall.com/lists/oss-security/2009/12/01/2
+Notes:
+Bugs:
+upstream: released (2.6.32) [827d42c9]
+linux-2.6: released (2.6.32-1)
+2.6.18-etch-security: N/A "introduced in 2.6.26 commit d92684e6"
+2.6.24-etch-security: N/A "introduced in 2.6.26 commit d92684e6"
+2.6.26-lenny-security: released (2.6.26-21lenny1) [bugfix/all/mac80211-fix-spurious-delBA-handling.patch]
+2.6.32-squeeze-security: released (2.6.32-1)

More information about the kernel-sec-discuss mailing list