[kernel-sec-discuss] r1997 - active
Dann Frazier
dannf at alioth.debian.org
Mon Oct 25 02:18:44 UTC 2010
Author: dannf
Date: 2010-10-25 02:18:41 +0000 (Mon, 25 Oct 2010)
New Revision: 1997
Modified:
active/CVE-2010-3067
active/CVE-2010-3084
active/CVE-2010-3296
active/CVE-2010-3297
active/CVE-2010-3310
active/CVE-2010-3432
active/CVE-2010-3437
active/CVE-2010-3442
active/CVE-2010-3448
active/CVE-2010-3705
Log:
various updates
Modified: active/CVE-2010-3067
===================================================================
--- active/CVE-2010-3067 2010-10-15 09:12:07 UTC (rev 1996)
+++ active/CVE-2010-3067 2010-10-25 02:18:41 UTC (rev 1997)
@@ -1,4 +1,4 @@
-Candidate: cve-2010-3067
+Candidate: CVE-2010-3067
Description: fs/aio.c integer overflow
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3067
@@ -7,5 +7,5 @@
upstream: released (2.6.36-rc5) [75e1c70f]
2.6.32-upstream-stable: released (2.6.32.23)
linux-2.6: released (2.6.32-24)
-2.6.26-lenny-security: needed
+2.6.26-lenny-security: pending (2.6.26-25lenny2) [bugfix/all/aio-check-for-multiplication-overflow-in-do_io_submit.patch]
2.6.32-squeeze-security: released (2.6.32-24)
Modified: active/CVE-2010-3084
===================================================================
--- active/CVE-2010-3084 2010-10-15 09:12:07 UTC (rev 1996)
+++ active/CVE-2010-3084 2010-10-25 02:18:41 UTC (rev 1997)
@@ -8,5 +8,5 @@
upstream: released (2.6.36-rc4)
2.6.32-upstream-stable:
linux-2.6: released (2.6.32-25) [bugfix/all/niu-fix-kernel-buffer-overflow-for-ETHTOOL_GRXCLSRLALL.patch]
-2.6.26-lenny-security:
+2.6.26-lenny-security: N/A "vulnerable code not added until 2d96cf8 in 2.6.30"
2.6.32-squeeze-security: released (2.6.32-25) [bugfix/all/niu-fix-kernel-buffer-overflow-for-ETHTOOL_GRXCLSRLALL.patch]
Modified: active/CVE-2010-3296
===================================================================
--- active/CVE-2010-3296 2010-10-15 09:12:07 UTC (rev 1996)
+++ active/CVE-2010-3296 2010-10-25 02:18:41 UTC (rev 1997)
@@ -8,5 +8,5 @@
upstream: released (2.6.36-rc5)
2.6.32-upstream-stable: released (2.6.32.23)
linux-2.6: released (2.6.32-24)
-2.6.26-lenny-security: needed
+2.6.26-lenny-security: pending (2.6.26-25lenny2) [bugfix/all/cxgb3-prevent-reading-uninitialized-stack-memory.patch]
2.6.32-squeeze-security: released (2.6.32-24)
Modified: active/CVE-2010-3297
===================================================================
--- active/CVE-2010-3297 2010-10-15 09:12:07 UTC (rev 1996)
+++ active/CVE-2010-3297 2010-10-25 02:18:41 UTC (rev 1997)
@@ -1,4 +1,4 @@
-Candidate: cve-2010-3297
+Candidate: CVE-2010-3297
Description: drivers/net/eql.c: reading uninitialized stack memory
References:
https://bugzilla.redhat.com/633145
@@ -8,5 +8,5 @@
upstream: released (2.6.36-rc5)
2.6.32-upstream-stable: released (2.6.32.23)
linux-2.6: released (2.6.32-24)
-2.6.26-lenny-security: needed
+2.6.26-lenny-security: pending (2.6.26-25lenny2) [bugfix/all/net-eql-prevent-reading-uninitialized-stack-memory.patch]
2.6.32-squeeze-security: released (2.6.32-24)
Modified: active/CVE-2010-3310
===================================================================
--- active/CVE-2010-3310 2010-10-15 09:12:07 UTC (rev 1996)
+++ active/CVE-2010-3310 2010-10-25 02:18:41 UTC (rev 1997)
@@ -10,5 +10,5 @@
upstream: released (2.6.36-rc6)
2.6.32-upstream-stable: needed
linux-2.6: released (2.6.32-25) [bugfix/all/rose-fix-signedness-issues-wrt-digi-count.patch]
-2.6.26-lenny-security: needed
+2.6.26-lenny-security: pending (2.6.26-25lenny2) [bugfix/all/rose-fix-signedness-issues-wrt-digi-count.patch]
2.6.32-squeeze-security: released (2.6.32-25) [bugfix/all/rose-fix-signedness-issues-wrt-digi-count.patch]
Modified: active/CVE-2010-3432
===================================================================
--- active/CVE-2010-3432 2010-10-15 09:12:07 UTC (rev 1996)
+++ active/CVE-2010-3432 2010-10-25 02:18:41 UTC (rev 1997)
@@ -11,5 +11,5 @@
upstream: released (2.6.36-rc5)
2.6.32-upstream-stable: released (2.6.32.23)
linux-2.6: released (2.6.32-24)
-2.6.26-lenny-security:
+2.6.26-lenny-security: pending (2.6.26-25lenny2) [bugfix/all/sctp-do-not-reset-the-packet-during-sctp_packet_config.patch]
2.6.32-squeeze-security: released (2.6.32-24)
Modified: active/CVE-2010-3437
===================================================================
--- active/CVE-2010-3437 2010-10-15 09:12:07 UTC (rev 1996)
+++ active/CVE-2010-3437 2010-10-25 02:18:41 UTC (rev 1997)
@@ -23,5 +23,5 @@
upstream: released (2.6.36-rc6)
2.6.32-upstream-stable: needed
linux-2.6: released (2.6.32-25) [bugfix/all/fix-pktcdvd-ioctl-dev_minor-range-check.patch]
-2.6.26-lenny-security: needed
+2.6.26-lenny-security: pending (2.6.26-25lenny2) [bugfix/all/fix-pktcdvd-ioctl-dev_minor-range-check.patch]
2.6.32-squeeze-security: released (2.6.32-25) [bugfix/all/fix-pktcdvd-ioctl-dev_minor-range-check.patch]
Modified: active/CVE-2010-3442
===================================================================
--- active/CVE-2010-3442 2010-10-15 09:12:07 UTC (rev 1996)
+++ active/CVE-2010-3442 2010-10-25 02:18:41 UTC (rev 1997)
@@ -19,5 +19,5 @@
upstream: needed
2.6.32-upstream-stable: needed
linux-2.6: released (2.6.32-25) [bugfix/all/alsa-prevent-heap-corruption-in-snd_ctl_new.patch]
-2.6.26-lenny-security:
+2.6.26-lenny-security: pending (2.6.26-25lenny2) [bugfix/all/alsa-prevent-heap-corruption-in-snd_ctl_new.patch]
2.6.32-squeeze-security: released (2.6.32-25) [bugfix/all/alsa-prevent-heap-corruption-in-snd_ctl_new.patch]
Modified: active/CVE-2010-3448
===================================================================
--- active/CVE-2010-3448 2010-10-15 09:12:07 UTC (rev 1996)
+++ active/CVE-2010-3448 2010-10-25 02:18:41 UTC (rev 1997)
@@ -7,5 +7,5 @@
upstream: released (2.6.34)
2.6.32-upstream-stable: released (2.6.32.12)
linux-2.6: released (2.6.32-12)
-2.6.26-lenny-security: needed
+2.6.26-lenny-security: pending (2.6.26-25lenny2) [bugfix/x86/thinkpad-acpi-lock-down-video-output-state-access.patch]
2.6.32-squeeze-security: released (2.6.32-12)
Modified: active/CVE-2010-3705
===================================================================
--- active/CVE-2010-3705 2010-10-15 09:12:07 UTC (rev 1996)
+++ active/CVE-2010-3705 2010-10-25 02:18:41 UTC (rev 1997)
@@ -9,5 +9,5 @@
upstream: needed
2.6.32-upstream-stable: needed
linux-2.6: released (2.6.32-25) [bugfix/all/sctp-fix-out-of-bounds-reading-in-sctp_assoc_get_hmac.patch]
-2.6.26-lenny-security: needed
+2.6.26-lenny-security: pending (2.6.26-25lenny2) [bugfix/all/sctp-fix-out-of-bounds-reading-in-sctp_asoc_get_hmac.patch]
2.6.32-squeeze-security: released (2.6.32-25) [bugfix/all/sctp-fix-out-of-bounds-reading-in-sctp_assoc_get_hmac.patch]
More information about the kernel-sec-discuss
mailing list