[kernel-sec-discuss] r2034 - active
Ben Hutchings
benh at alioth.debian.org
Sat Nov 20 17:56:10 UTC 2010
Author: benh
Date: 2010-11-20 17:56:04 +0000 (Sat, 20 Nov 2010)
New Revision: 2034
Modified:
active/CVE-2010-3859
active/CVE-2010-3865
active/CVE-2010-3873
active/CVE-2010-3877
active/CVE-2010-4157
Log:
status updates
Modified: active/CVE-2010-3859
===================================================================
--- active/CVE-2010-3859 2010-11-18 15:57:28 UTC (rev 2033)
+++ active/CVE-2010-3859 2010-11-20 17:56:04 UTC (rev 2034)
@@ -4,9 +4,10 @@
Notes:
jmm> http://marc.info/?l=linux-netdev&m=128770476511716&w=2
jmm> http://article.gmane.org/gmane.comp.security.oss.general/3775
+ bwh> http://article.gmane.org/gmane.linux.kernel/1056407
Bugs:
-upstream:
+upstream: released (2.6.37-rc1) [253eacc070b114c2ec1f81b067d2fed7305467b0 8acfe468b0384e834a303f08ebc4953d72fb690a]
2.6.32-upstream-stable:
-linux-2.6:
+linux-2.6: released (2.6.32-27)
2.6.26-lenny-security:
-2.6.32-squeeze-security:
+2.6.32-squeeze-security: released (2.6.32-27)
Modified: active/CVE-2010-3865
===================================================================
--- active/CVE-2010-3865 2010-11-18 15:57:28 UTC (rev 2033)
+++ active/CVE-2010-3865 2010-11-20 17:56:04 UTC (rev 2034)
@@ -7,6 +7,8 @@
jmm> Introduced in 2.6.30
jmm> Given Linus's comment we should disable CONFIG_RDS for
jmm> Squeeze
+ bwh> This is probably fixed by the general fixes for CVE-2010-3859.
+ bwh> Auto-loading will be disabled in 2.6.32-28.
Bugs:
upstream: released (2.6.37-rc1) [1b1f693d7ad6d193862dcb1118540a030c5e761f]
2.6.32-upstream-stable:
Modified: active/CVE-2010-3873
===================================================================
--- active/CVE-2010-3873 2010-11-18 15:57:28 UTC (rev 2033)
+++ active/CVE-2010-3873 2010-11-20 17:56:04 UTC (rev 2034)
@@ -8,6 +8,6 @@
Bugs:
upstream: needed
2.6.32-upstream-stable: needed "forwarded to stable@ on 2010.11.08"
-linux-2.6: needed
+linux-2.6: pending (2.6.32-28) [bugfix/all/x25-Patch-to-fix-bug-15678-x25-accesses-fields-beyon.patch, bugfix/all/x25-memory-corruption-in-X.25-facilities-parsing.patch]
2.6.26-lenny-security: pending (2.6.26-25lenny2) [bugfix/all/x25-fix-field-accesses-beyond-end-of-packet.patch, bugfix/all/x25-fix-memory-corruption-in-facilities-parsing.patch]
-2.6.32-squeeze-security: needed
+2.6.32-squeeze-security: pending (2.6.32-28) [bugfix/all/x25-Patch-to-fix-bug-15678-x25-accesses-fields-beyon.patch, bugfix/all/x25-memory-corruption-in-X.25-facilities-parsing.patch]
Modified: active/CVE-2010-3877
===================================================================
--- active/CVE-2010-3877 2010-11-18 15:57:28 UTC (rev 2033)
+++ active/CVE-2010-3877 2010-11-20 17:56:04 UTC (rev 2034)
@@ -4,7 +4,7 @@
References:
Notes:
Bugs:
-upstream: needed [a6331d6f9a4298173b413cf99a40cc86a9d92c37]
+upstream: needed [88f8a5e3e7defccd3925cabb1ee4d3994e5cdb52]
2.6.32-upstream-stable: needed
linux-2.6: needed
2.6.26-lenny-security: needed
Modified: active/CVE-2010-4157
===================================================================
--- active/CVE-2010-4157 2010-11-18 15:57:28 UTC (rev 2033)
+++ active/CVE-2010-4157 2010-11-20 17:56:04 UTC (rev 2034)
@@ -4,7 +4,7 @@
Notes:
Bugs:
upstream: released (2.6.37-rc1) [f63ae56e4e97fb12053590e41a4fa59e7daa74a4]
-2.6.32-upstream-stable: needed
+2.6.32-upstream-stable: pending (2.6.32.26-rc1)
linux-2.6: needed
2.6.26-lenny-security: needed
2.6.32-squeeze-security: needed
More information about the kernel-sec-discuss
mailing list