[kernel-sec-discuss] r2034 - active

Ben Hutchings benh at alioth.debian.org
Sat Nov 20 17:56:10 UTC 2010 

Author: benh
Date: 2010-11-20 17:56:04 +0000 (Sat, 20 Nov 2010)
New Revision: 2034

Modified:
   active/CVE-2010-3859
   active/CVE-2010-3865
   active/CVE-2010-3873
   active/CVE-2010-3877
   active/CVE-2010-4157
Log:
status updates

Modified: active/CVE-2010-3859
===================================================================
--- active/CVE-2010-3859	2010-11-18 15:57:28 UTC (rev 2033)
+++ active/CVE-2010-3859	2010-11-20 17:56:04 UTC (rev 2034)
@@ -4,9 +4,10 @@
 Notes:
  jmm> http://marc.info/?l=linux-netdev&m=128770476511716&w=2
  jmm> http://article.gmane.org/gmane.comp.security.oss.general/3775
+ bwh> http://article.gmane.org/gmane.linux.kernel/1056407
 Bugs:
-upstream:
+upstream: released (2.6.37-rc1) [253eacc070b114c2ec1f81b067d2fed7305467b0 8acfe468b0384e834a303f08ebc4953d72fb690a]
 2.6.32-upstream-stable:
-linux-2.6:
+linux-2.6: released (2.6.32-27)
 2.6.26-lenny-security:
-2.6.32-squeeze-security:
+2.6.32-squeeze-security: released (2.6.32-27)

Modified: active/CVE-2010-3865
===================================================================
--- active/CVE-2010-3865	2010-11-18 15:57:28 UTC (rev 2033)
+++ active/CVE-2010-3865	2010-11-20 17:56:04 UTC (rev 2034)
@@ -7,6 +7,8 @@
  jmm> Introduced in 2.6.30
  jmm> Given Linus's comment we should disable CONFIG_RDS for
  jmm> Squeeze
+ bwh> This is probably fixed by the general fixes for CVE-2010-3859.
+ bwh> Auto-loading will be disabled in 2.6.32-28.
 Bugs:
 upstream: released (2.6.37-rc1) [1b1f693d7ad6d193862dcb1118540a030c5e761f]
 2.6.32-upstream-stable:

Modified: active/CVE-2010-3873
===================================================================
--- active/CVE-2010-3873	2010-11-18 15:57:28 UTC (rev 2033)
+++ active/CVE-2010-3873	2010-11-20 17:56:04 UTC (rev 2034)
@@ -8,6 +8,6 @@
 Bugs:
 upstream: needed
 2.6.32-upstream-stable: needed "forwarded to stable@ on 2010.11.08"
-linux-2.6: needed
+linux-2.6: pending (2.6.32-28) [bugfix/all/x25-Patch-to-fix-bug-15678-x25-accesses-fields-beyon.patch, bugfix/all/x25-memory-corruption-in-X.25-facilities-parsing.patch]
 2.6.26-lenny-security: pending (2.6.26-25lenny2) [bugfix/all/x25-fix-field-accesses-beyond-end-of-packet.patch, bugfix/all/x25-fix-memory-corruption-in-facilities-parsing.patch]
-2.6.32-squeeze-security: needed
+2.6.32-squeeze-security: pending (2.6.32-28) [bugfix/all/x25-Patch-to-fix-bug-15678-x25-accesses-fields-beyon.patch, bugfix/all/x25-memory-corruption-in-X.25-facilities-parsing.patch]

Modified: active/CVE-2010-3877
===================================================================
--- active/CVE-2010-3877	2010-11-18 15:57:28 UTC (rev 2033)
+++ active/CVE-2010-3877	2010-11-20 17:56:04 UTC (rev 2034)
@@ -4,7 +4,7 @@
 References:
 Notes:
 Bugs:
-upstream: needed [a6331d6f9a4298173b413cf99a40cc86a9d92c37]
+upstream: needed [88f8a5e3e7defccd3925cabb1ee4d3994e5cdb52]
 2.6.32-upstream-stable: needed
 linux-2.6: needed
 2.6.26-lenny-security: needed

Modified: active/CVE-2010-4157
===================================================================
--- active/CVE-2010-4157	2010-11-18 15:57:28 UTC (rev 2033)
+++ active/CVE-2010-4157	2010-11-20 17:56:04 UTC (rev 2034)
@@ -4,7 +4,7 @@
 Notes:
 Bugs:
 upstream: released (2.6.37-rc1) [f63ae56e4e97fb12053590e41a4fa59e7daa74a4]
-2.6.32-upstream-stable: needed
+2.6.32-upstream-stable: pending (2.6.32.26-rc1)
 linux-2.6: needed
 2.6.26-lenny-security: needed
 2.6.32-squeeze-security: needed

More information about the kernel-sec-discuss mailing list