[kernel-sec-discuss] r1997 - active

Dann Frazier dannf at alioth.debian.org
Mon Oct 25 02:18:44 UTC 2010 

Author: dannf
Date: 2010-10-25 02:18:41 +0000 (Mon, 25 Oct 2010)
New Revision: 1997

Modified:
   active/CVE-2010-3067
   active/CVE-2010-3084
   active/CVE-2010-3296
   active/CVE-2010-3297
   active/CVE-2010-3310
   active/CVE-2010-3432
   active/CVE-2010-3437
   active/CVE-2010-3442
   active/CVE-2010-3448
   active/CVE-2010-3705
Log:
various updates

Modified: active/CVE-2010-3067
===================================================================
--- active/CVE-2010-3067	2010-10-15 09:12:07 UTC (rev 1996)
+++ active/CVE-2010-3067	2010-10-25 02:18:41 UTC (rev 1997)
@@ -1,4 +1,4 @@
-Candidate: cve-2010-3067
+Candidate: CVE-2010-3067
 Description: fs/aio.c integer overflow
 References:
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3067
@@ -7,5 +7,5 @@
 upstream: released (2.6.36-rc5) [75e1c70f]
 2.6.32-upstream-stable: released (2.6.32.23)
 linux-2.6: released (2.6.32-24)
-2.6.26-lenny-security: needed
+2.6.26-lenny-security: pending (2.6.26-25lenny2) [bugfix/all/aio-check-for-multiplication-overflow-in-do_io_submit.patch]
 2.6.32-squeeze-security: released (2.6.32-24)

Modified: active/CVE-2010-3084
===================================================================
--- active/CVE-2010-3084	2010-10-15 09:12:07 UTC (rev 1996)
+++ active/CVE-2010-3084	2010-10-25 02:18:41 UTC (rev 1997)
@@ -8,5 +8,5 @@
 upstream: released (2.6.36-rc4) 
 2.6.32-upstream-stable:
 linux-2.6: released (2.6.32-25) [bugfix/all/niu-fix-kernel-buffer-overflow-for-ETHTOOL_GRXCLSRLALL.patch]
-2.6.26-lenny-security:
+2.6.26-lenny-security: N/A "vulnerable code not added until 2d96cf8 in 2.6.30"
 2.6.32-squeeze-security: released (2.6.32-25) [bugfix/all/niu-fix-kernel-buffer-overflow-for-ETHTOOL_GRXCLSRLALL.patch]

Modified: active/CVE-2010-3296
===================================================================
--- active/CVE-2010-3296	2010-10-15 09:12:07 UTC (rev 1996)
+++ active/CVE-2010-3296	2010-10-25 02:18:41 UTC (rev 1997)
@@ -8,5 +8,5 @@
 upstream: released (2.6.36-rc5)
 2.6.32-upstream-stable: released (2.6.32.23)
 linux-2.6: released (2.6.32-24)
-2.6.26-lenny-security: needed
+2.6.26-lenny-security: pending (2.6.26-25lenny2) [bugfix/all/cxgb3-prevent-reading-uninitialized-stack-memory.patch]
 2.6.32-squeeze-security: released (2.6.32-24)

Modified: active/CVE-2010-3297
===================================================================
--- active/CVE-2010-3297	2010-10-15 09:12:07 UTC (rev 1996)
+++ active/CVE-2010-3297	2010-10-25 02:18:41 UTC (rev 1997)
@@ -1,4 +1,4 @@
-Candidate: cve-2010-3297
+Candidate: CVE-2010-3297
 Description: drivers/net/eql.c: reading uninitialized stack memory
 References:
  https://bugzilla.redhat.com/633145
@@ -8,5 +8,5 @@
 upstream: released (2.6.36-rc5)
 2.6.32-upstream-stable: released (2.6.32.23)
 linux-2.6: released (2.6.32-24)
-2.6.26-lenny-security: needed
+2.6.26-lenny-security: pending (2.6.26-25lenny2) [bugfix/all/net-eql-prevent-reading-uninitialized-stack-memory.patch]
 2.6.32-squeeze-security: released (2.6.32-24)

Modified: active/CVE-2010-3310
===================================================================
--- active/CVE-2010-3310	2010-10-15 09:12:07 UTC (rev 1996)
+++ active/CVE-2010-3310	2010-10-25 02:18:41 UTC (rev 1997)
@@ -10,5 +10,5 @@
 upstream: released (2.6.36-rc6)
 2.6.32-upstream-stable: needed
 linux-2.6: released (2.6.32-25) [bugfix/all/rose-fix-signedness-issues-wrt-digi-count.patch]
-2.6.26-lenny-security: needed
+2.6.26-lenny-security: pending (2.6.26-25lenny2) [bugfix/all/rose-fix-signedness-issues-wrt-digi-count.patch]
 2.6.32-squeeze-security: released (2.6.32-25) [bugfix/all/rose-fix-signedness-issues-wrt-digi-count.patch]

Modified: active/CVE-2010-3432
===================================================================
--- active/CVE-2010-3432	2010-10-15 09:12:07 UTC (rev 1996)
+++ active/CVE-2010-3432	2010-10-25 02:18:41 UTC (rev 1997)
@@ -11,5 +11,5 @@
 upstream: released (2.6.36-rc5)
 2.6.32-upstream-stable: released (2.6.32.23)
 linux-2.6: released (2.6.32-24)
-2.6.26-lenny-security:
+2.6.26-lenny-security: pending (2.6.26-25lenny2) [bugfix/all/sctp-do-not-reset-the-packet-during-sctp_packet_config.patch]
 2.6.32-squeeze-security: released (2.6.32-24)

Modified: active/CVE-2010-3437
===================================================================
--- active/CVE-2010-3437	2010-10-15 09:12:07 UTC (rev 1996)
+++ active/CVE-2010-3437	2010-10-25 02:18:41 UTC (rev 1997)
@@ -23,5 +23,5 @@
 upstream: released (2.6.36-rc6)
 2.6.32-upstream-stable: needed
 linux-2.6: released (2.6.32-25) [bugfix/all/fix-pktcdvd-ioctl-dev_minor-range-check.patch]
-2.6.26-lenny-security: needed
+2.6.26-lenny-security: pending (2.6.26-25lenny2) [bugfix/all/fix-pktcdvd-ioctl-dev_minor-range-check.patch]
 2.6.32-squeeze-security: released (2.6.32-25) [bugfix/all/fix-pktcdvd-ioctl-dev_minor-range-check.patch]

Modified: active/CVE-2010-3442
===================================================================
--- active/CVE-2010-3442	2010-10-15 09:12:07 UTC (rev 1996)
+++ active/CVE-2010-3442	2010-10-25 02:18:41 UTC (rev 1997)
@@ -19,5 +19,5 @@
 upstream: needed
 2.6.32-upstream-stable: needed
 linux-2.6: released (2.6.32-25) [bugfix/all/alsa-prevent-heap-corruption-in-snd_ctl_new.patch]
-2.6.26-lenny-security:
+2.6.26-lenny-security: pending (2.6.26-25lenny2) [bugfix/all/alsa-prevent-heap-corruption-in-snd_ctl_new.patch]
 2.6.32-squeeze-security: released (2.6.32-25) [bugfix/all/alsa-prevent-heap-corruption-in-snd_ctl_new.patch]

Modified: active/CVE-2010-3448
===================================================================
--- active/CVE-2010-3448	2010-10-15 09:12:07 UTC (rev 1996)
+++ active/CVE-2010-3448	2010-10-25 02:18:41 UTC (rev 1997)
@@ -7,5 +7,5 @@
 upstream: released (2.6.34)
 2.6.32-upstream-stable: released (2.6.32.12)
 linux-2.6: released (2.6.32-12)
-2.6.26-lenny-security: needed
+2.6.26-lenny-security: pending (2.6.26-25lenny2) [bugfix/x86/thinkpad-acpi-lock-down-video-output-state-access.patch]
 2.6.32-squeeze-security: released (2.6.32-12)

Modified: active/CVE-2010-3705
===================================================================
--- active/CVE-2010-3705	2010-10-15 09:12:07 UTC (rev 1996)
+++ active/CVE-2010-3705	2010-10-25 02:18:41 UTC (rev 1997)
@@ -9,5 +9,5 @@
 upstream: needed
 2.6.32-upstream-stable: needed
 linux-2.6: released (2.6.32-25) [bugfix/all/sctp-fix-out-of-bounds-reading-in-sctp_assoc_get_hmac.patch]
-2.6.26-lenny-security: needed
+2.6.26-lenny-security: pending (2.6.26-25lenny2) [bugfix/all/sctp-fix-out-of-bounds-reading-in-sctp_asoc_get_hmac.patch]
 2.6.32-squeeze-security: released (2.6.32-25) [bugfix/all/sctp-fix-out-of-bounds-reading-in-sctp_assoc_get_hmac.patch]

More information about the kernel-sec-discuss mailing list