[kernel-sec-discuss] r2011 - active

[Moritz Muehlenhoff]

Author: jmm
Date: 2010-11-02 11:16:59 +0000 (Tue, 02 Nov 2010)
New Revision: 2011

Added:
   active/CVE-2010-3865
Modified:
   active/CVE-2010-3310
   active/CVE-2010-3442
   active/CVE-2010-3858
   active/CVE-2010-4080
   active/CVE-2010-4081
Log:
updates


Modified: active/CVE-2010-3310
===================================================================
--- active/CVE-2010-3310	2010-10-29 14:33:33 UTC (rev 2010)
+++ active/CVE-2010-3310	2010-11-02 11:16:59 UTC (rev 2011)
@@ -8,7 +8,7 @@
  jmm> submitted for 2.6.32.x stable
 Bugs:
 upstream: released (2.6.36-rc6)
-2.6.32-upstream-stable: needed
+2.6.32-upstream-stable: released (2.6.32.25)
 linux-2.6: released (2.6.32-25) [bugfix/all/rose-fix-signedness-issues-wrt-digi-count.patch]
 2.6.26-lenny-security: pending (2.6.26-25lenny2) [bugfix/all/rose-fix-signedness-issues-wrt-digi-count.patch]
 2.6.32-squeeze-security: released (2.6.32-25) [bugfix/all/rose-fix-signedness-issues-wrt-digi-count.patch]

Modified: active/CVE-2010-3442
===================================================================
--- active/CVE-2010-3442	2010-10-29 14:33:33 UTC (rev 2010)
+++ active/CVE-2010-3442	2010-11-02 11:16:59 UTC (rev 2011)
@@ -16,8 +16,8 @@
  http://git.kernel.org/?p=linux/kernel/git/tiwai/sound-2.6.git;a=commitdiff;h=5591bf07225523600450edd9e6ad258bb877b779
 Notes:
 Bugs:
-upstream: needed
-2.6.32-upstream-stable: needed
+upstream: released (2.6.36)
+2.6.32-upstream-stable: released (2.6.32.25)
 linux-2.6: released (2.6.32-25) [bugfix/all/alsa-prevent-heap-corruption-in-snd_ctl_new.patch]
 2.6.26-lenny-security: pending (2.6.26-25lenny2) [bugfix/all/alsa-prevent-heap-corruption-in-snd_ctl_new.patch]
 2.6.32-squeeze-security: released (2.6.32-25) [bugfix/all/alsa-prevent-heap-corruption-in-snd_ctl_new.patch]

Modified: active/CVE-2010-3858
===================================================================
--- active/CVE-2010-3858	2010-10-29 14:33:33 UTC (rev 2010)
+++ active/CVE-2010-3858	2010-11-02 11:16:59 UTC (rev 2011)
@@ -10,7 +10,7 @@
  jmm> 1b528181b2ffa14721fb28ad1bd539fe1732c583
 Bugs:
 upstream: released (2.6.36)
-2.6.32-upstream-stable: needed
+2.6.32-upstream-stable: released (2.6.32.25)
 linux-2.6: needed
 2.6.26-lenny-security: needed
 2.6.32-squeeze-security: needed

Added: active/CVE-2010-3865
===================================================================
--- active/CVE-2010-3865	                        (rev 0)
+++ active/CVE-2010-3865	2010-11-02 11:16:59 UTC (rev 2011)
@@ -0,0 +1,15 @@
+Candidate: CVE-2010-3865
+Description: iovec overflow in rds_rdma_pages()
+References:
+ http://www.spinics.net/lists/netdev/msg145359.html
+ https://bugzilla.redhat.com/show_bug.cgi?id=647461
+Notes:
+ jmm> Introduced in 2.6.30
+ jmm> Given Linus's comment we should disable CONFIG_RDS for
+ jmm> Squeeze
+Bugs:
+upstream: 
+2.6.32-upstream-stable:
+linux-2.6:
+2.6.26-lenny-security: N/A (Vulnerable code not present)
+2.6.32-squeeze-security:

Modified: active/CVE-2010-4080
===================================================================
--- active/CVE-2010-4080	2010-10-29 14:33:33 UTC (rev 2010)
+++ active/CVE-2010-4080	2010-11-02 11:16:59 UTC (rev 2011)
@@ -4,7 +4,7 @@
 Notes: e68d3b316ab7b02a074edc4f770e6a746390cb7d
 Bugs:
 upstream: released (2.6.36)
-2.6.32-upstream-stable: needed
+2.6.32-upstream-stable: released (2.6.32.25)
 linux-2.6: needed
 2.6.26-lenny-security: needed
 2.6.32-squeeze-security: needed

Modified: active/CVE-2010-4081
===================================================================
--- active/CVE-2010-4081	2010-10-29 14:33:33 UTC (rev 2010)
+++ active/CVE-2010-4081	2010-11-02 11:16:59 UTC (rev 2011)
@@ -4,7 +4,7 @@
 Notes: e68d3b316ab7b02a074edc4f770e6a746390cb7d
 Bugs:
 upstream: released (2.6.36)
-2.6.32-upstream-stable: needed
+2.6.32-upstream-stable: released (2.6.32.25)
 linux-2.6: needed
 2.6.26-lenny-security: needed
 2.6.32-squeeze-security: needed