[kernel-sec-discuss] r1977 - active retired

Moritz Muehlenhoff jmm at alioth.debian.org
Thu Sep 30 07:04:46 UTC 2010 

Author: jmm
Date: 2010-09-30 07:04:38 +0000 (Thu, 30 Sep 2010)
New Revision: 1977

Added:
   retired/CVE-2010-2240
   retired/CVE-2010-2492
   retired/CVE-2010-2803
Removed:
   active/CVE-2010-2240
   active/CVE-2010-2492
   active/CVE-2010-2803
Log:
retire issues


Deleted: active/CVE-2010-2240
===================================================================
--- active/CVE-2010-2240	2010-09-30 07:03:48 UTC (rev 1976)
+++ active/CVE-2010-2240	2010-09-30 07:04:38 UTC (rev 1977)
@@ -1,14 +0,0 @@
-Candidate: CVE-2010-2240
-Description:
-References:
-Notes:
- jmm> 2.6.32.20 should have all the fixes, the missing ones compared to the patches used for
- jmm> Lenny were merged in 2008 (7c88db0cb589df980acfb2f73c3595a0653004ec)
- jmm> and 2009 (05fa199d45c54a9bda7aa3ae6537253d6f097aa9)
- dannf> additional fix needed for hppa/ia64
-Bugs:
-upstream: released (2.6.36-rc3) [320b2b8, 528f913, 9605456, 05fa199, 8ca3eb0]
-2.6.32-upstream-stable: released (2.6.32.23)
-linux-2.6:  released (2.6.32-24)
-2.6.26-lenny-security: released (2.6.26-25) [bugfix/all/mm-keep-a-guard-page-below-a-grow-down-stack-segment.patch, bugfix/all/mm-fix-missing-page-table-unmap-for-stack-guard-page-failure-case.patch, bugfix/x86/dont-send-SIGBUS-for-kernel-page-faults.patch, bugfix/all/mm-pass-correct-mm-when-growing-stack.patch, bugfix/all/mm-fix-page-table-unmap-for-stack-guard-page-properly.patch, bugfix/all/proc-fix-vma-display-mismatch-between-proc-pid-maps-smaps.patch, bugfix/all/mm-fix-up-some-user-visible-effects-of-the-stack-guard-page.patch, bugfix/all/guard-page-for-stacks-that-grow-upwards.patch]
-2.6.32-squeeze-security:  released (2.6.32-24)

Deleted: active/CVE-2010-2492
===================================================================
--- active/CVE-2010-2492	2010-09-30 07:03:48 UTC (rev 1976)
+++ active/CVE-2010-2492	2010-09-30 07:04:38 UTC (rev 1977)
@@ -1,11 +0,0 @@
-Candidate: CVE-2010-2492
-Description: Buffer overflow in the ecryptfs_uid_hash macro
-References:
- a6f80fb7b5986fda663d94079d3bba0937a6b6ff
-Notes:
-Bugs:
-upstream: released (2.6.35) [a6f80fb]
-2.6.32-upstream-stable: released (2.6.32.17) [ecryptfs-bugfix-for-error-related-to-ecryptfs_hash_buckets.patch]
-linux-2.6: released (2.6.32-19) [bugfix/all/stable/2.6.32.17.patch]
-2.6.26-lenny-security: released (2.6.26-25lenny1) [bugfix/all/ecryptfs-bugfix-for-error-related-to-ecryptfs_hash_buckets.patch]
-2.6.32-squeeze-security: released (2.6.32-19) [bugfix/all/stable/2.6.32.17.patch]

Deleted: active/CVE-2010-2803
===================================================================
--- active/CVE-2010-2803	2010-09-30 07:03:48 UTC (rev 1976)
+++ active/CVE-2010-2803	2010-09-30 07:04:38 UTC (rev 1977)
@@ -1,12 +0,0 @@
-Candidate: CVE-2010-2803
-Description:
-References:
- http://git.kernel.org/?p=linux/kernel/git/airlied/drm-2.6.git;a=commitdiff;h=b9f0aee83335db1f3915f4e42a5e21b351740afd
-Notes:
- jmm> b9f0aee83335db1f3915f4e42a5e21b351740afd
-Bugs:
-upstream: releaed (2.6.36-rc2)
-2.6.32-upstream-stable: released (2.6.32.21)
-linux-2.6: released (2.6.32-22)
-2.6.26-lenny-security: released (2.6.26-24lenny1) [bugfix/all/drm-stop-information-leak-of-old-kernel-stack.patch]
-2.6.32-squeeze-security: released (2.6.32-22)

Copied: retired/CVE-2010-2240 (from rev 1976, active/CVE-2010-2240)
===================================================================
--- retired/CVE-2010-2240	                        (rev 0)
+++ retired/CVE-2010-2240	2010-09-30 07:04:38 UTC (rev 1977)
@@ -0,0 +1,14 @@
+Candidate: CVE-2010-2240
+Description:
+References:
+Notes:
+ jmm> 2.6.32.20 should have all the fixes, the missing ones compared to the patches used for
+ jmm> Lenny were merged in 2008 (7c88db0cb589df980acfb2f73c3595a0653004ec)
+ jmm> and 2009 (05fa199d45c54a9bda7aa3ae6537253d6f097aa9)
+ dannf> additional fix needed for hppa/ia64
+Bugs:
+upstream: released (2.6.36-rc3) [320b2b8, 528f913, 9605456, 05fa199, 8ca3eb0]
+2.6.32-upstream-stable: released (2.6.32.23)
+linux-2.6:  released (2.6.32-24)
+2.6.26-lenny-security: released (2.6.26-25) [bugfix/all/mm-keep-a-guard-page-below-a-grow-down-stack-segment.patch, bugfix/all/mm-fix-missing-page-table-unmap-for-stack-guard-page-failure-case.patch, bugfix/x86/dont-send-SIGBUS-for-kernel-page-faults.patch, bugfix/all/mm-pass-correct-mm-when-growing-stack.patch, bugfix/all/mm-fix-page-table-unmap-for-stack-guard-page-properly.patch, bugfix/all/proc-fix-vma-display-mismatch-between-proc-pid-maps-smaps.patch, bugfix/all/mm-fix-up-some-user-visible-effects-of-the-stack-guard-page.patch, bugfix/all/guard-page-for-stacks-that-grow-upwards.patch]
+2.6.32-squeeze-security:  released (2.6.32-24)


Property changes on: retired/CVE-2010-2240
___________________________________________________________________
Added: svn:mergeinfo
   + 

Copied: retired/CVE-2010-2492 (from rev 1973, active/CVE-2010-2492)
===================================================================
--- retired/CVE-2010-2492	                        (rev 0)
+++ retired/CVE-2010-2492	2010-09-30 07:04:38 UTC (rev 1977)
@@ -0,0 +1,11 @@
+Candidate: CVE-2010-2492
+Description: Buffer overflow in the ecryptfs_uid_hash macro
+References:
+ a6f80fb7b5986fda663d94079d3bba0937a6b6ff
+Notes:
+Bugs:
+upstream: released (2.6.35) [a6f80fb]
+2.6.32-upstream-stable: released (2.6.32.17) [ecryptfs-bugfix-for-error-related-to-ecryptfs_hash_buckets.patch]
+linux-2.6: released (2.6.32-19) [bugfix/all/stable/2.6.32.17.patch]
+2.6.26-lenny-security: released (2.6.26-25lenny1) [bugfix/all/ecryptfs-bugfix-for-error-related-to-ecryptfs_hash_buckets.patch]
+2.6.32-squeeze-security: released (2.6.32-19) [bugfix/all/stable/2.6.32.17.patch]


Property changes on: retired/CVE-2010-2492
___________________________________________________________________
Added: svn:mergeinfo
   + 

Copied: retired/CVE-2010-2803 (from rev 1973, active/CVE-2010-2803)
===================================================================
--- retired/CVE-2010-2803	                        (rev 0)
+++ retired/CVE-2010-2803	2010-09-30 07:04:38 UTC (rev 1977)
@@ -0,0 +1,12 @@
+Candidate: CVE-2010-2803
+Description:
+References:
+ http://git.kernel.org/?p=linux/kernel/git/airlied/drm-2.6.git;a=commitdiff;h=b9f0aee83335db1f3915f4e42a5e21b351740afd
+Notes:
+ jmm> b9f0aee83335db1f3915f4e42a5e21b351740afd
+Bugs:
+upstream: releaed (2.6.36-rc2)
+2.6.32-upstream-stable: released (2.6.32.21)
+linux-2.6: released (2.6.32-22)
+2.6.26-lenny-security: released (2.6.26-24lenny1) [bugfix/all/drm-stop-information-leak-of-old-kernel-stack.patch]
+2.6.32-squeeze-security: released (2.6.32-22)


Property changes on: retired/CVE-2010-2803
___________________________________________________________________
Added: svn:mergeinfo
   +

More information about the kernel-sec-discuss mailing list