[kernel-sec-discuss] r1799 - active retired

Michael Gilbert gilbert-guest at alioth.debian.org
Wed Mar 31 03:08:19 UTC 2010 

Author: gilbert-guest
Date: 2010-03-31 03:08:14 +0000 (Wed, 31 Mar 2010)
New Revision: 1799

Added:
   active/CVE-2010-1187
   retired/CVE-2010-1188
Modified:
   active/CVE-2009-4537
Log:
info and new issues

Modified: active/CVE-2009-4537
===================================================================
--- active/CVE-2009-4537	2010-03-27 17:04:40 UTC (rev 1798)
+++ active/CVE-2009-4537	2010-03-31 03:08:14 UTC (rev 1799)
@@ -3,17 +3,13 @@
  regression in r8169 driver
 References:
  http://www.openwall.com/lists/oss-security/2009/12/31/1
+ http://marc.info/?t=126202986900002&r=1&w=2 
 Notes:
- jmm> No final upstream patch yet, discussion at http://marc.info/?t=126202986900002&r=1&w=2 
- gilbert> redhat adopted and shipped the patch proposed at 
-          http://marc.info/?l=linux-netdev&m=126210110408898&w=2 in all of
-          their kernels.  it was mentioned partway through the discussion,
-          and there weren't any objections to it, but there also weren't
-          any approvals either.
- gilbert> patch has still not been accepted upstream as of 20100315, and
-          discussion died in early january.
+ any deviation from the default settings opens the hole back up.  Ben Hutchings has
+ volunteered to work on a comprehensive fix if someone provides him the hardware.  See:
+ http://lkml.org/lkml/2010/3/29/448
 Bugs:
-upstream:
+upstream: released (2.6.34-rc3) [c0cd884a]
 2.6.32-upstream-stable:
 linux-2.6:
 2.6.18-etch-security: ignored (EOL)

Added: active/CVE-2010-1187
===================================================================
--- active/CVE-2010-1187	                        (rev 0)
+++ active/CVE-2010-1187	2010-03-31 03:08:14 UTC (rev 1799)
@@ -0,0 +1,12 @@
+Candidate: CVE-2010-1187
+Description:
+ tipc oops
+References:
+ http://www.openwall.com/lists/oss-security/2010/03/30/6
+Notes:
+Bugs:
+upstream: released (2.6.34-rc2) [d0021b25]
+2.6.32-upstream-stable: needed
+linux-2.6: needed
+2.6.26-lenny-security: needed
+2.6.32-squeeze-security: needed

Added: retired/CVE-2010-1188
===================================================================
--- retired/CVE-2010-1188	                        (rev 0)
+++ retired/CVE-2010-1188	2010-03-31 03:08:14 UTC (rev 1799)
@@ -0,0 +1,12 @@
+Candidate: CVE-2010-1188
+Description:
+ ipv6 skb unexpectedly freed
+References:
+ http://www.openwall.com/lists/oss-security/2010/03/30/7
+Notes:
+Bugs:
+upstream: released (2.6.20) [fb7e2399]
+2.6.32-upstream-stable: N/A "fixed before 2.6.32"
+linux-2.6: released (2.6.20-1)
+2.6.26-lenny-security: N/A "fixed before 2.6.26"
+2.6.32-squeeze-security: N/A "fixed before 2.6.32"

More information about the kernel-sec-discuss mailing list