[kernel-sec-discuss] r1799 - active retired
Michael Gilbert
gilbert-guest at alioth.debian.org
Wed Mar 31 03:08:19 UTC 2010
Author: gilbert-guest
Date: 2010-03-31 03:08:14 +0000 (Wed, 31 Mar 2010)
New Revision: 1799
Added:
active/CVE-2010-1187
retired/CVE-2010-1188
Modified:
active/CVE-2009-4537
Log:
info and new issues
Modified: active/CVE-2009-4537
===================================================================
--- active/CVE-2009-4537 2010-03-27 17:04:40 UTC (rev 1798)
+++ active/CVE-2009-4537 2010-03-31 03:08:14 UTC (rev 1799)
@@ -3,17 +3,13 @@
regression in r8169 driver
References:
http://www.openwall.com/lists/oss-security/2009/12/31/1
+ http://marc.info/?t=126202986900002&r=1&w=2
Notes:
- jmm> No final upstream patch yet, discussion at http://marc.info/?t=126202986900002&r=1&w=2
- gilbert> redhat adopted and shipped the patch proposed at
- http://marc.info/?l=linux-netdev&m=126210110408898&w=2 in all of
- their kernels. it was mentioned partway through the discussion,
- and there weren't any objections to it, but there also weren't
- any approvals either.
- gilbert> patch has still not been accepted upstream as of 20100315, and
- discussion died in early january.
+ any deviation from the default settings opens the hole back up. Ben Hutchings has
+ volunteered to work on a comprehensive fix if someone provides him the hardware. See:
+ http://lkml.org/lkml/2010/3/29/448
Bugs:
-upstream:
+upstream: released (2.6.34-rc3) [c0cd884a]
2.6.32-upstream-stable:
linux-2.6:
2.6.18-etch-security: ignored (EOL)
Added: active/CVE-2010-1187
===================================================================
--- active/CVE-2010-1187 (rev 0)
+++ active/CVE-2010-1187 2010-03-31 03:08:14 UTC (rev 1799)
@@ -0,0 +1,12 @@
+Candidate: CVE-2010-1187
+Description:
+ tipc oops
+References:
+ http://www.openwall.com/lists/oss-security/2010/03/30/6
+Notes:
+Bugs:
+upstream: released (2.6.34-rc2) [d0021b25]
+2.6.32-upstream-stable: needed
+linux-2.6: needed
+2.6.26-lenny-security: needed
+2.6.32-squeeze-security: needed
Added: retired/CVE-2010-1188
===================================================================
--- retired/CVE-2010-1188 (rev 0)
+++ retired/CVE-2010-1188 2010-03-31 03:08:14 UTC (rev 1799)
@@ -0,0 +1,12 @@
+Candidate: CVE-2010-1188
+Description:
+ ipv6 skb unexpectedly freed
+References:
+ http://www.openwall.com/lists/oss-security/2010/03/30/7
+Notes:
+Bugs:
+upstream: released (2.6.20) [fb7e2399]
+2.6.32-upstream-stable: N/A "fixed before 2.6.32"
+linux-2.6: released (2.6.20-1)
+2.6.26-lenny-security: N/A "fixed before 2.6.26"
+2.6.32-squeeze-security: N/A "fixed before 2.6.32"
More information about the kernel-sec-discuss
mailing list