[kernel-sec-discuss] r1969 - active

Dann Frazier dannf at alioth.debian.org
Mon Sep 20 01:46:47 UTC 2010 

Author: dannf
Date: 2010-09-20 01:46:44 +0000 (Mon, 20 Sep 2010)
New Revision: 1969

Modified:
   active/CVE-2010-2240
   active/CVE-2010-2492
   active/CVE-2010-2803
   active/CVE-2010-2942
   active/CVE-2010-2946
   active/CVE-2010-2954
   active/CVE-2010-2955
   active/CVE-2010-2960
   active/CVE-2010-3015
   active/CVE-2010-3078
   active/CVE-2010-3080
   active/CVE-2010-3081
   active/CVE-2010-3301
Log:
mark several issues released

Modified: active/CVE-2010-2240
===================================================================
--- active/CVE-2010-2240	2010-09-17 16:40:51 UTC (rev 1968)
+++ active/CVE-2010-2240	2010-09-20 01:46:44 UTC (rev 1969)
@@ -10,5 +10,5 @@
 upstream: pending (2.6.36-rc3) [320b2b8, 528f913, 9605456, 05fa199, 8ca3eb0]
 2.6.32-upstream-stable: needed "2.6.32.y still needs 8ca3eb0"
 linux-2.6: needed "needs 8ca3eb0"
-2.6.26-lenny-security: pending (2.6.26-25) [bugfix/all/mm-keep-a-guard-page-below-a-grow-down-stack-segment.patch, bugfix/all/mm-fix-missing-page-table-unmap-for-stack-guard-page-failure-case.patch, bugfix/x86/dont-send-SIGBUS-for-kernel-page-faults.patch, bugfix/all/mm-pass-correct-mm-when-growing-stack.patch, bugfix/all/mm-fix-page-table-unmap-for-stack-guard-page-properly.patch, bugfix/all/proc-fix-vma-display-mismatch-between-proc-pid-maps-smaps.patch, bugfix/all/mm-fix-up-some-user-visible-effects-of-the-stack-guard-page.patch, bugfix/all/guard-page-for-stacks-that-grow-upwards.patch]
+2.6.26-lenny-security: released (2.6.26-25) [bugfix/all/mm-keep-a-guard-page-below-a-grow-down-stack-segment.patch, bugfix/all/mm-fix-missing-page-table-unmap-for-stack-guard-page-failure-case.patch, bugfix/x86/dont-send-SIGBUS-for-kernel-page-faults.patch, bugfix/all/mm-pass-correct-mm-when-growing-stack.patch, bugfix/all/mm-fix-page-table-unmap-for-stack-guard-page-properly.patch, bugfix/all/proc-fix-vma-display-mismatch-between-proc-pid-maps-smaps.patch, bugfix/all/mm-fix-up-some-user-visible-effects-of-the-stack-guard-page.patch, bugfix/all/guard-page-for-stacks-that-grow-upwards.patch]
 2.6.32-squeeze-security: needed "needs 8ca3eb0"

Modified: active/CVE-2010-2492
===================================================================
--- active/CVE-2010-2492	2010-09-17 16:40:51 UTC (rev 1968)
+++ active/CVE-2010-2492	2010-09-20 01:46:44 UTC (rev 1969)
@@ -7,5 +7,5 @@
 upstream: released (2.6.35) [a6f80fb]
 2.6.32-upstream-stable: released (2.6.32.17) [ecryptfs-bugfix-for-error-related-to-ecryptfs_hash_buckets.patch]
 linux-2.6: released (2.6.32-19) [bugfix/all/stable/2.6.32.17.patch]
-2.6.26-lenny-security: pending (2.6.26-25lenny1) [bugfix/all/ecryptfs-bugfix-for-error-related-to-ecryptfs_hash_buckets.patch]
+2.6.26-lenny-security: released (2.6.26-25lenny1) [bugfix/all/ecryptfs-bugfix-for-error-related-to-ecryptfs_hash_buckets.patch]
 2.6.32-squeeze-security: released (2.6.32-19) [bugfix/all/stable/2.6.32.17.patch]

Modified: active/CVE-2010-2803
===================================================================
--- active/CVE-2010-2803	2010-09-17 16:40:51 UTC (rev 1968)
+++ active/CVE-2010-2803	2010-09-20 01:46:44 UTC (rev 1969)
@@ -7,6 +7,6 @@
 Bugs:
 upstream: releaed (2.6.36-rc2)
 2.6.32-upstream-stable: released (2.6.32.21)
-linux-2.6: pending (2.6.32-22)
+linux-2.6: released (2.6.32-22)
 2.6.26-lenny-security: released (2.6.26-24lenny1) [bugfix/all/drm-stop-information-leak-of-old-kernel-stack.patch]
-2.6.32-squeeze-security: pending (2.6.32-22)
+2.6.32-squeeze-security: released (2.6.32-22)

Modified: active/CVE-2010-2942
===================================================================
--- active/CVE-2010-2942	2010-09-17 16:40:51 UTC (rev 1968)
+++ active/CVE-2010-2942	2010-09-20 01:46:44 UTC (rev 1969)
@@ -10,5 +10,5 @@
 upstream: pending (2.6.36-rc3) [1c40be1]
 2.6.32-upstream-stable: needed
 linux-2.6: needed
-2.6.26-lenny-security: pending (2.6.26-25) [bugfix/all/net-sched-fix-some-kernel-memory-leaks.patch]
+2.6.26-lenny-security: released (2.6.26-25) [bugfix/all/net-sched-fix-some-kernel-memory-leaks.patch]
 2.6.32-squeeze-security: needed

Modified: active/CVE-2010-2946
===================================================================
--- active/CVE-2010-2946	2010-09-17 16:40:51 UTC (rev 1968)
+++ active/CVE-2010-2946	2010-09-20 01:46:44 UTC (rev 1969)
@@ -7,5 +7,5 @@
 upstream: released (2.6.36-rc1)
 2.6.32-upstream-stable: released (2.6.32.19)
 linux-2.6: released (2.6.32-21)
-2.6.26-lenny-security: pending (2.6.26-25) [bugfix/all/jfs-dont-allow-os2-xattr-namespace-overlap-with-others.patch]
+2.6.26-lenny-security: released (2.6.26-25) [bugfix/all/jfs-dont-allow-os2-xattr-namespace-overlap-with-others.patch]
 2.6.32-squeeze-security: released (2.6.32-21)

Modified: active/CVE-2010-2954
===================================================================
--- active/CVE-2010-2954	2010-09-17 16:40:51 UTC (rev 1968)
+++ active/CVE-2010-2954	2010-09-20 01:46:44 UTC (rev 1969)
@@ -7,6 +7,6 @@
 Bugs:
 upstream: pending (2.6.36) [628e300]
 2.6.32-upstream-stable: needed "davem says it is queued for stable, though not yet in the stable-queue..."
-linux-2.6: pending (2.6.32-22) [bugfix/all/irda-correctly-clean-up-self-ias_obj-on-irda_bind-failure.patch]
-2.6.26-lenny-security: pending (2.6.26-25lenny1) [bugfix/all/irda-correctly-clean-up-self-ias_obj-on-irda_bind-failure.patch]
-2.6.32-squeeze-security: pending (2.6.32-22) [bugfix/all/irda-correctly-clean-up-self-ias_obj-on-irda_bind-failure.patch]
+linux-2.6: released (2.6.32-22) [bugfix/all/irda-correctly-clean-up-self-ias_obj-on-irda_bind-failure.patch]
+2.6.26-lenny-security: released (2.6.26-25lenny1) [bugfix/all/irda-correctly-clean-up-self-ias_obj-on-irda_bind-failure.patch]
+2.6.32-squeeze-security: released (2.6.32-22) [bugfix/all/irda-correctly-clean-up-self-ias_obj-on-irda_bind-failure.patch]

Modified: active/CVE-2010-2955
===================================================================
--- active/CVE-2010-2955	2010-09-17 16:40:51 UTC (rev 1968)
+++ active/CVE-2010-2955	2010-09-20 01:46:44 UTC (rev 1969)
@@ -7,6 +7,6 @@
 Bugs:
 upstream: released (2.6.36-rc4) [42da2f9]
 2.6.32-upstream-stable: pending (2.6.32.22) [wireless-extensions-fix-kernel-heap-content-leak.patch]
-linux-2.6: pending (2.6.32-23) [bugfix/all/wireless-extensions-fix-kernel-heap-content-leak.patch]
+linux-2.6: released (2.6.32-23) [bugfix/all/wireless-extensions-fix-kernel-heap-content-leak.patch]
 2.6.26-lenny-security: needed "needs port"
-2.6.32-squeeze-security: pending (2.6.32-23) [bugfix/all/wireless-extensions-fix-kernel-heap-content-leak.patch]
+2.6.32-squeeze-security: released (2.6.32-23) [bugfix/all/wireless-extensions-fix-kernel-heap-content-leak.patch]

Modified: active/CVE-2010-2960
===================================================================
--- active/CVE-2010-2960	2010-09-17 16:40:51 UTC (rev 1968)
+++ active/CVE-2010-2960	2010-09-20 01:46:44 UTC (rev 1969)
@@ -11,6 +11,6 @@
 Bugs:
 upstream: released (2.6.36-rc4) [9d1ac65, 3d96406]
 2.6.32-upstream-stable: needed "forwarded to stable@ by dannf"
-linux-2.6: pending (2.6.32-23) [bugfix/all/keys-fix-RCU-no-lock-warning-in-keyctl_session_to_parent.patch, bugfix/all/keys-fix-bug-in-keyctl_session_to_parent-if-parent-has-no-session-keyring.patch]
+linux-2.6: released (2.6.32-23) [bugfix/all/keys-fix-RCU-no-lock-warning-in-keyctl_session_to_parent.patch, bugfix/all/keys-fix-bug-in-keyctl_session_to_parent-if-parent-has-no-session-keyring.patch]
 2.6.26-lenny-security: N/A
-2.6.32-squeeze-security: pending (2.6.32-23) [bugfix/all/keys-fix-RCU-no-lock-warning-in-keyctl_session_to_parent.patch, bugfix/all/keys-fix-bug-in-keyctl_session_to_parent-if-parent-has-no-session-keyring.patch]
+2.6.32-squeeze-security: released (2.6.32-23) [bugfix/all/keys-fix-RCU-no-lock-warning-in-keyctl_session_to_parent.patch, bugfix/all/keys-fix-bug-in-keyctl_session_to_parent-if-parent-has-no-session-keyring.patch]

Modified: active/CVE-2010-3015
===================================================================
--- active/CVE-2010-3015	2010-09-17 16:40:51 UTC (rev 1968)
+++ active/CVE-2010-3015	2010-09-20 01:46:44 UTC (rev 1969)
@@ -7,6 +7,6 @@
 Bugs:
 upstream: released (2.6.34) [731eb1a0]
 2.6.32-upstream-stable: released (2.6.32.21)
-linux-2.6: pending (2.6.32-22)
+linux-2.6: released (2.6.32-22)
 2.6.26-lenny-security: released (2.6.26-24lenny1) [bugfix/all/ext4-consolidate-in_range-definitions.patch]
-2.6.32-squeeze-security: pending (2.6.32-22)
+2.6.32-squeeze-security: released (2.6.32-22)

Modified: active/CVE-2010-3078
===================================================================
--- active/CVE-2010-3078	2010-09-17 16:40:51 UTC (rev 1968)
+++ active/CVE-2010-3078	2010-09-20 01:46:44 UTC (rev 1969)
@@ -7,6 +7,6 @@
 Bugs:
 upstream: released (2.6.36-rc4) [a122eb2]
 2.6.32-upstream-stable: needed "forwarded to stable@ by dannf"
-linux-2.6: pending (2.6.26-25lenny1) [bugfix/all/xfs-prevent-reading-uninitialized-stack-memory.patch]
-2.6.26-lenny-security: pending (2.6.26-25lenny1) [bugfix/all/xfs-prevent-reading-uninitialized-stack-memory.patch]
+linux-2.6: released (2.6.26-25lenny1) [bugfix/all/xfs-prevent-reading-uninitialized-stack-memory.patch]
+2.6.26-lenny-security: released (2.6.26-25lenny1) [bugfix/all/xfs-prevent-reading-uninitialized-stack-memory.patch]
 2.6.32-squeeze-security: needed

Modified: active/CVE-2010-3080
===================================================================
--- active/CVE-2010-3080	2010-09-17 16:40:51 UTC (rev 1968)
+++ active/CVE-2010-3080	2010-09-20 01:46:44 UTC (rev 1969)
@@ -8,5 +8,5 @@
 upstream: released (2.6.32-rc4) [27f7ad5]
 2.6.32-upstream-stable: pending (2.6.32.22) [alsa-seq-oss-fix-double-free-at-error-path-of-snd_seq_oss_open.patch]
 linux-2.6: needed
-2.6.26-lenny-security: pending (2.6.26-25lenny1) [alsa-seq-oss-fix-double-free-at-error-path-of-snd_seq_oss_open.patch]
+2.6.26-lenny-security: released (2.6.26-25lenny1) [alsa-seq-oss-fix-double-free-at-error-path-of-snd_seq_oss_open.patch]
 2.6.32-squeeze-security: needed "CONFIG_SND_SEQUENCER_OSS is not set though, so not an issue for prebuilt kernels"

Modified: active/CVE-2010-3081
===================================================================
--- active/CVE-2010-3081	2010-09-17 16:40:51 UTC (rev 1968)
+++ active/CVE-2010-3081	2010-09-20 01:46:44 UTC (rev 1969)
@@ -6,6 +6,6 @@
 Bugs:
 upstream: pending [c41d68a]
 2.6.32-upstream-stable: pending (2.6.32.22) [compat-make-compat_alloc_user_space-incorporate-the-access_ok.patch]
-linux-2.6: pending (2.6.32-23) [bugfix/all/compat-make-compat_alloc_user_space-incorporate-the-access_ok.patch]
-2.6.26-lenny-security: pending (2.6.26-25lenny1) [bugfix/all/compat-make-compat_alloc_user_space-incorporate-the_access_ok.patch]
-2.6.32-squeeze-security: pending (2.6.32-23) [bugfix/all/compat-make-compat_alloc_user_space-incorporate-the-access_ok.patch]
+linux-2.6: released (2.6.32-23) [bugfix/all/compat-make-compat_alloc_user_space-incorporate-the-access_ok.patch]
+2.6.26-lenny-security: released (2.6.26-25lenny1) [bugfix/all/compat-make-compat_alloc_user_space-incorporate-the_access_ok.patch]
+2.6.32-squeeze-security: released (2.6.32-23) [bugfix/all/compat-make-compat_alloc_user_space-incorporate-the-access_ok.patch]

Modified: active/CVE-2010-3301
===================================================================
--- active/CVE-2010-3301	2010-09-17 16:40:51 UTC (rev 1968)
+++ active/CVE-2010-3301	2010-09-20 01:46:44 UTC (rev 1969)
@@ -7,6 +7,6 @@
 Bugs:
 upstream: pending [36d001c, eefdca0]
 2.6.32-upstream-stable: pending (2.6.32.22) [x86-64-compat-test-rax-for-the-syscall-number-not-eax.patch, x86-64-compat-retruncate-rax-after-ia32-syscall-entry-tracing.patch]
-linux-2.6: pending (2.6.32-23) [bugfix/x86/compat-test-rax-for-the-syscall-number-not-eax.patch, bugfix/x86/compat-retruncate-rax-after-ia32-syscall-entry-tracing.patch]
+linux-2.6: released (2.6.32-23) [bugfix/x86/compat-test-rax-for-the-syscall-number-not-eax.patch, bugfix/x86/compat-retruncate-rax-after-ia32-syscall-entry-tracing.patch]
 2.6.26-lenny-security: N/A "issue (re-)introduced in 2.6.27 by d4d6715"
-2.6.32-squeeze-security: pending (2.6.32-23) [bugfix/x86/compat-test-rax-for-the-syscall-number-not-eax.patch, bugfix/x86/compat-retruncate-rax-after-ia32-syscall-entry-tracing.patch]
+2.6.32-squeeze-security: released (2.6.32-23) [bugfix/x86/compat-test-rax-for-the-syscall-number-not-eax.patch, bugfix/x86/compat-retruncate-rax-after-ia32-syscall-entry-tracing.patch]

More information about the kernel-sec-discuss mailing list