[kernel-sec-discuss] r1842 - active retired

Moritz Muehlenhoff jmm at alioth.debian.org
Fri May 28 15:36:10 UTC 2010 

Author: jmm
Date: 2010-05-28 15:36:03 +0000 (Fri, 28 May 2010)
New Revision: 1842

Added:
   retired/CVE-2009-4537
   retired/CVE-2010-1437
Removed:
   active/CVE-2009-4537
   active/CVE-2010-1437
Log:
retire two issues


Deleted: active/CVE-2009-4537
===================================================================
--- active/CVE-2009-4537	2010-05-28 15:35:33 UTC (rev 1841)
+++ active/CVE-2009-4537	2010-05-28 15:36:03 UTC (rev 1842)
@@ -1,17 +0,0 @@
-Candidate: CVE-2009-4537
-Description:
- regression in r8169 driver
-References:
- http://www.openwall.com/lists/oss-security/2009/12/31/1
- http://marc.info/?t=126202986900002&r=1&w=2 
-Notes:
- the patch for this issue is partial; in the sense that any deviation from the
- default settings opens the hole right back up.  Ben Hutchings has volunteered
- to work on a comprehensive fix if someone provides him the hardware.  see:
- http://lkml.org/lkml/2010/3/29/448
-Bugs:
-upstream: released (2.6.34-rc3) [c0cd884a]
-2.6.32-upstream-stable: needed
-linux-2.6: released (2.6.32-11) [bugfix/all/net-r8169-improved-rx-length-check-errors.patch]
-2.6.26-lenny-security: released (2.6.26-22lenny1) [bugfix/all/net-r8169-improved-rx-length-check-errors.patch, bugfix/all/r8169-offical-fix-for-cve-2009-4537-overlength-frame-dmas.patch]
-2.6.32-squeeze-security: released (2.6.32-11) [bugfix/all/net-r8169-improved-rx-length-check-errors.patch]

Deleted: active/CVE-2010-1437
===================================================================
--- active/CVE-2010-1437	2010-05-28 15:35:33 UTC (rev 1841)
+++ active/CVE-2010-1437	2010-05-28 15:36:03 UTC (rev 1842)
@@ -1,11 +0,0 @@
-Candidate: CVE-2010-1437
-Description: find_keyring_by_name() can gain the freed keyring
-References:
- http://www.openwall.com/lists/oss-security/2010/04/27/2
-Notes:
-Bugs:
-upstream: released (2.6.34-rc6) [03449cd9]
-2.6.32-upstream-stable: released (2.6.32.13)
-linux-2.6: released (2.6.32-13) [bugfix/all/keys-the-request_key-syscall-should-link-an-existing-key-to-the-dest-keyring.patch]
-2.6.26-lenny-security: released (2.6.26-22lenny1)
-2.6.32-squeeze-security: released (2.6.32-13) [bugfix/all/keys-the-request_key-syscall-should-link-an-existing-key-to-the-dest-keyring.patch]

Copied: retired/CVE-2009-4537 (from rev 1840, active/CVE-2009-4537)
===================================================================
--- retired/CVE-2009-4537	                        (rev 0)
+++ retired/CVE-2009-4537	2010-05-28 15:36:03 UTC (rev 1842)
@@ -0,0 +1,17 @@
+Candidate: CVE-2009-4537
+Description:
+ regression in r8169 driver
+References:
+ http://www.openwall.com/lists/oss-security/2009/12/31/1
+ http://marc.info/?t=126202986900002&r=1&w=2 
+Notes:
+ the patch for this issue is partial; in the sense that any deviation from the
+ default settings opens the hole right back up.  Ben Hutchings has volunteered
+ to work on a comprehensive fix if someone provides him the hardware.  see:
+ http://lkml.org/lkml/2010/3/29/448
+Bugs:
+upstream: released (2.6.34-rc3) [c0cd884a]
+2.6.32-upstream-stable: released (2.6.32.12)
+linux-2.6: released (2.6.32-11) [bugfix/all/net-r8169-improved-rx-length-check-errors.patch]
+2.6.26-lenny-security: released (2.6.26-22lenny1) [bugfix/all/net-r8169-improved-rx-length-check-errors.patch, bugfix/all/r8169-offical-fix-for-cve-2009-4537-overlength-frame-dmas.patch]
+2.6.32-squeeze-security: released (2.6.32-11) [bugfix/all/net-r8169-improved-rx-length-check-errors.patch]


Property changes on: retired/CVE-2009-4537
___________________________________________________________________
Added: svn:mergeinfo
   + 

Copied: retired/CVE-2010-1437 (from rev 1840, active/CVE-2010-1437)
===================================================================
--- retired/CVE-2010-1437	                        (rev 0)
+++ retired/CVE-2010-1437	2010-05-28 15:36:03 UTC (rev 1842)
@@ -0,0 +1,11 @@
+Candidate: CVE-2010-1437
+Description: find_keyring_by_name() can gain the freed keyring
+References:
+ http://www.openwall.com/lists/oss-security/2010/04/27/2
+Notes:
+Bugs:
+upstream: released (2.6.34-rc6) [03449cd9]
+2.6.32-upstream-stable: released (2.6.32.13)
+linux-2.6: released (2.6.32-13) [bugfix/all/keys-the-request_key-syscall-should-link-an-existing-key-to-the-dest-keyring.patch]
+2.6.26-lenny-security: released (2.6.26-22lenny1)
+2.6.32-squeeze-security: released (2.6.32-13) [bugfix/all/keys-the-request_key-syscall-should-link-an-existing-key-to-the-dest-keyring.patch]


Property changes on: retired/CVE-2010-1437
___________________________________________________________________
Added: svn:mergeinfo
   +

More information about the kernel-sec-discuss mailing list