[kernel-sec-discuss] r2042 - active
Dann Frazier
dannf at alioth.debian.org
Sun Nov 21 01:32:39 UTC 2010
Author: dannf
Date: 2010-11-21 01:32:36 +0000 (Sun, 21 Nov 2010)
New Revision: 2042
Modified:
active/CVE-2010-3877
active/CVE-2010-3880
active/CVE-2010-3881
active/CVE-2010-4072
active/CVE-2010-4073
active/CVE-2010-4074
active/CVE-2010-4075
active/CVE-2010-4157
active/CVE-2010-4158
Log:
status updates
Modified: active/CVE-2010-3877
===================================================================
--- active/CVE-2010-3877 2010-11-21 00:19:12 UTC (rev 2041)
+++ active/CVE-2010-3877 2010-11-21 01:32:36 UTC (rev 2042)
@@ -4,8 +4,8 @@
References:
Notes:
Bugs:
-upstream: needed [88f8a5e3e7defccd3925cabb1ee4d3994e5cdb52]
+upstream: released (2.6.37-rc2) [88f8a5e3e7defccd3925cabb1ee4d3994e5cdb52]
2.6.32-upstream-stable: needed
linux-2.6: needed
-2.6.26-lenny-security: needed
+2.6.26-lenny-security: pending (2.6.26-25lenny2) [bugfix/all/net-tipc-fix-information-leak-to-userland.patch]
2.6.32-squeeze-security: needed
Modified: active/CVE-2010-3880
===================================================================
--- active/CVE-2010-3880 2010-11-21 00:19:12 UTC (rev 2041)
+++ active/CVE-2010-3880 2010-11-21 01:32:36 UTC (rev 2042)
@@ -5,8 +5,8 @@
Notes:
jmm> 22e76c849d505d87c5ecf3d3e6742a65f0ff4860
Bugs:
-upstream: needed
+upstream: released (2.6.37-rc2) [22e76c8]
2.6.32-upstream-stable: needed
linux-2.6: needed
-2.6.26-lenny-security:
+2.6.26-lenny-security: pending (2.6.26-25lenny2) [bugfix/all/inet_diag-make-sure-we-actually-run-the-same-bytecode-we-audited.patch]
2.6.32-squeeze-security: needed
Modified: active/CVE-2010-3881
===================================================================
--- active/CVE-2010-3881 2010-11-21 00:19:12 UTC (rev 2041)
+++ active/CVE-2010-3881 2010-11-21 01:32:36 UTC (rev 2042)
@@ -7,5 +7,5 @@
upstream: needed
2.6.32-upstream-stable: needed
linux-2.6: needed
-2.6.26-lenny-security:
+2.6.26-lenny-security: N/A "structures didn't exist in lenny (nor in lenny's kvm-source pkg)"
2.6.32-squeeze-security: needed
Modified: active/CVE-2010-4072
===================================================================
--- active/CVE-2010-4072 2010-11-21 00:19:12 UTC (rev 2041)
+++ active/CVE-2010-4072 2010-11-21 01:32:36 UTC (rev 2042)
@@ -6,7 +6,7 @@
jmm> 3af54c9bd9e6f14f896aac1bb0e8405ae0bc7a44
Bugs:
upstream: released (2.6.37-rc1)
-2.6.32-upstream-stable: needed (stable@ was CCed)
+2.6.32-upstream-stable: needed "stable@ was CCed"
linux-2.6: needed
-2.6.26-lenny-security: needed
-2.6.32-squeeze-security: neededx
+2.6.26-lenny-security: pending (2.6.26-25lenny2) [bugfix/all/ipc-shm-fix-information-leak-to-userland.patch]
+2.6.32-squeeze-security: needed
Modified: active/CVE-2010-4073
===================================================================
--- active/CVE-2010-4073 2010-11-21 00:19:12 UTC (rev 2041)
+++ active/CVE-2010-4073 2010-11-21 01:32:36 UTC (rev 2042)
@@ -8,5 +8,5 @@
upstream: released (2.6.37-rc1)
2.6.32-upstream-stable: needed (stable@ was CCed)
linux-2.6: needed
-2.6.26-lenny-security: needed
+2.6.26-lenny-security: pending (2.6.26-25lenny2) [bugfix/all/ipc-initialize-structure-memory-to-zero-for-compat-functions.patch]
2.6.32-squeeze-security: needed
Modified: active/CVE-2010-4074
===================================================================
--- active/CVE-2010-4074 2010-11-21 00:19:12 UTC (rev 2041)
+++ active/CVE-2010-4074 2010-11-21 01:32:36 UTC (rev 2042)
@@ -7,5 +7,5 @@
upstream: released (2.6.36)
2.6.32-upstream-stable: released (2.6.32.23)
linux-2.6: released (2.6.32-24)
-2.6.26-lenny-security: needed
+2.6.26-lenny-security: pending (2.6.26-25lenny2) [bugfix/all/usb-serial-mosfoo-prevent-reading-uninitialized-stack-memory.patch]
2.6.32-squeeze-security: released (2.6.32-24)
Modified: active/CVE-2010-4075
===================================================================
--- active/CVE-2010-4075 2010-11-21 00:19:12 UTC (rev 2041)
+++ active/CVE-2010-4075 2010-11-21 01:32:36 UTC (rev 2042)
@@ -7,5 +7,5 @@
upstream: needed
2.6.32-upstream-stable: needed
linux-2.6: needed
-2.6.26-lenny-security: needed
+2.6.26-lenny-security: needed "ABI breaker"
2.6.32-squeeze-security: needed
Modified: active/CVE-2010-4157
===================================================================
--- active/CVE-2010-4157 2010-11-21 00:19:12 UTC (rev 2041)
+++ active/CVE-2010-4157 2010-11-21 01:32:36 UTC (rev 2042)
@@ -6,5 +6,5 @@
upstream: released (2.6.37-rc1) [f63ae56e4e97fb12053590e41a4fa59e7daa74a4]
2.6.32-upstream-stable: pending (2.6.32.26-rc1)
linux-2.6: pending (2.6.32-28) [bugfix/all/gdth-integer-overflow-in-ioctl.patch]
-2.6.26-lenny-security: needed
+2.6.26-lenny-security: pending (2.6.26-25lenny2) [bugfix/all/gdth-integer-overflow-in-ioctl.patch]
2.6.32-squeeze-security: pending (2.6.32-28) [bugfix/all/gdth-integer-overflow-in-ioctl.patch]
Modified: active/CVE-2010-4158
===================================================================
--- active/CVE-2010-4158 2010-11-21 00:19:12 UTC (rev 2041)
+++ active/CVE-2010-4158 2010-11-21 01:32:36 UTC (rev 2042)
@@ -6,7 +6,7 @@
http://lists.grok.org.uk/pipermail/full-disclosure/2010-November/077321.html
Notes:
Bugs:
-upstream: needed
+upstream: released (2.6.37-rc2) [57fe93b374a6b8711995c2d466c502af9f3a08bb]
2.6.32-upstream-stable: needed
linux-2.6: needed
2.6.26-lenny-security: needed
More information about the kernel-sec-discuss
mailing list