[kernel-sec-discuss] r2275 - active

Sat Apr 23 17:56:01 UTC 2011

Author: jmm
Date: 2011-04-23 17:55:59 +0000 (Sat, 23 Apr 2011)
New Revision: 2275

Modified:
   active/CVE-2011-1078
   active/CVE-2011-1079
   active/CVE-2011-1080
   active/CVE-2011-1160
   active/CVE-2011-1170
   active/CVE-2011-1171
   active/CVE-2011-1172
   active/CVE-2011-1173
   active/CVE-2011-1180
   active/CVE-2011-1476
   active/CVE-2011-1477
   active/CVE-2011-1479
   active/CVE-2011-1493
Log:
record linux-2.6 upload to sid


Modified: active/CVE-2011-1078
===================================================================

--- active/CVE-2011-1078	2011-04-21 06:35:44 UTC (rev 2274)
+++ active/CVE-2011-1078	2011-04-23 17:55:59 UTC (rev 2275)
@@ -3,10 +3,9 @@
 References:
  https://lkml.org/lkml/2011/2/14/49
 Notes:
- jmm> Fixed in 2.6.38.3
 Bugs:
 upstream: released (2.6.39-rc1) [c4c896e1471aec3b004a693c689f60be3b17ac86]
 2.6.32-upstream-stable: released (2.6.32.37)
-linux-2.6: needed
+linux-2.6: released (2.6.38-4) [bugfix/all/stable/2.6.38.3.patch]
 2.6.26-lenny-security: pending (2.6.26-26lenny3) [bugfix/all/bluetooth-sco-fix-information-leak-to-userspace.patch]
 2.6.32-squeeze-security: released (2.6.32-32) [bugfix/all/bluetooth-sco-fix-information-leak-to-userspace.patch]

Modified: active/CVE-2011-1079
===================================================================
--- active/CVE-2011-1079	2011-04-21 06:35:44 UTC (rev 2274)
+++ active/CVE-2011-1079	2011-04-23 17:55:59 UTC (rev 2275)
@@ -3,10 +3,9 @@
 References:
  https://lkml.org/lkml/2011/2/14/50
 Notes:
- jmm> Fixed in 2.6.38.3
 Bugs:
 upstream: released (2.6.39-rc1) [43629f8f5ea32a998d06d1bb41eefa0e821ff573]
 2.6.32-upstream-stable: released (2.6.32.37)
-linux-2.6: needed
+linux-2.6: released (2.6.38-4) [bugfix/all/stable/2.6.38.3.patch]
 2.6.26-lenny-security: pending (2.6.26-26lenny3) [bugfix/all/bluetooth-bnep-fix-buffer-overflow.patch]
 2.6.32-squeeze-security: released (2.6.32-32) [bugfix/all/bluetooth-bnep-fix-buffer-overflow.patch]

Modified: active/CVE-2011-1080
===================================================================
--- active/CVE-2011-1080	2011-04-21 06:35:44 UTC (rev 2274)
+++ active/CVE-2011-1080	2011-04-23 17:55:59 UTC (rev 2275)
@@ -2,10 +2,9 @@
 Description: ebtables stack infoleak
 References:
 Notes:
- jmm> Fixed in 2.6.38.3
 Bugs:
 upstream: released (2.6.39-rc1) [d846f71195d57b0bbb143382647c2c6638b04c5a]
 2.6.32-upstream-stable: released (2.6.32.37)
-linux-2.6: needed
+linux-2.6: released (2.6.38-4) [bugfix/all/stable/2.6.38.3.patch]
 2.6.26-lenny-security: pending (2.6.26-26lenny3) [bugfix/all/bridge-netfilter-fix-information-leak.patch]
 2.6.32-squeeze-security: released (2.6.32-32) [bugfix/all/bridge-netfilter-fix-information-leak.patch]

Modified: active/CVE-2011-1160
===================================================================
--- active/CVE-2011-1160	2011-04-21 06:35:44 UTC (rev 2274)
+++ active/CVE-2011-1160	2011-04-23 17:55:59 UTC (rev 2275)
@@ -3,10 +3,9 @@
 References:
  http://tpmdd.git.sourceforge.net/git/gitweb.cgi?p=tpmdd/tpmdd;a=commitdiff;h=459e0537ebb7b786cd29a26f4e41c721632cd840
 Notes:
- jmm> Fixed in 2.6.38.3
 Bugs:
 upstream: released (2.6.39-rc1) [1309d7afbed112f0e8e90be9af975550caa0076b] 
 2.6.32-upstream-stable: released (2.6.32.37)
-linux-2.6: needed
+linux-2.6: released (2.6.38-4) [bugfix/all/stable/2.6.38.3.patch]
 2.6.26-lenny-security: needed
 2.6.32-squeeze-security: needed

Modified: active/CVE-2011-1170
===================================================================
--- active/CVE-2011-1170	2011-04-21 06:35:44 UTC (rev 2274)
+++ active/CVE-2011-1170	2011-04-23 17:55:59 UTC (rev 2275)
@@ -4,10 +4,9 @@
  https://bugzilla.redhat.com/CVE-2011-1170
  http://git.kernel.org/?p=linux/kernel/git/kaber/nf-next-2.6.git;a=commitdiff;h=42eab94fff18cb1091d3501cd284d6bd6cc9c143
 Notes:
- jmm> Fixed in 2.6.38.3
 Bugs:
 upstream: released (2.6.39-rc1) [42eab94fff18cb1091d3501cd284d6bd6cc9c143]
 2.6.32-upstream-stable: released (2.6.32.37)
-linux-2.6: needed
+linux-2.6: released (2.6.38-4) [bugfix/all/stable/2.6.38.3.patch]
 2.6.26-lenny-security: pending (2.6.26-26lenny3) [bugfix/all/netfilter-arp_tables-fix-infoleak-to-userspace.patch]
 2.6.32-squeeze-security: released (2.6.32-32) [bugfix/all/netfilter-arp_tables-fix-infoleak-to-userspace.patch]

Modified: active/CVE-2011-1171
===================================================================
--- active/CVE-2011-1171	2011-04-21 06:35:44 UTC (rev 2274)
+++ active/CVE-2011-1171	2011-04-23 17:55:59 UTC (rev 2275)
@@ -4,10 +4,9 @@
  https://bugzilla.redhat.com/CVE-2011-1171
  http://git.kernel.org/?p=linux/kernel/git/kaber/nf-next-2.6.git;a=commitdiff;h=78b79876761b86653df89c48a7010b5cbd41a84a
 Notes:
- jmm> Fixed in 2.6.38.3
 Bugs:
 upstream: released (2.6.39-rc1) [78b79876761b86653df89c48a7010b5cbd41a84a]
 2.6.32-upstream-stable: released (2.6.32.37)
-linux-2.6: needed
+linux-2.6: released (2.6.38-4) [bugfix/all/stable/2.6.38.3.patch]
 2.6.26-lenny-security: pending (2.6.26-26lenny3) [bugfix/all/netfilter-ip_tables-fix-infoleak-to-userspace.patch]
 2.6.32-squeeze-security: released (2.6.32-32) [bugfix/all/netfilter-ip_tables-fix-infoleak-to-userspace.patch]

Modified: active/CVE-2011-1172
===================================================================
--- active/CVE-2011-1172	2011-04-21 06:35:44 UTC (rev 2274)
+++ active/CVE-2011-1172	2011-04-23 17:55:59 UTC (rev 2275)
@@ -4,10 +4,9 @@
  https://bugzilla.redhat.com/CVE-2011-1172
  http://git.kernel.org/?p=linux/kernel/git/kaber/nf-next-2.6.git;a=commitdiff;h=6a8ab060779779de8aea92ce3337ca348f973f54
 Notes:
- jmm> Fixed in 2.6.38.3
 Bugs:
 upstream: released (2.6.39-rc1) [6a8ab060779779de8aea92ce3337ca348f973f54]
 2.6.32-upstream-stable: released (2.6.32.37)
-linux-2.6: needed
+linux-2.6: released (2.6.38-4) [bugfix/all/stable/2.6.38.3.patch]
 2.6.26-lenny-security: pending (2.6.26-26lenny3) [bugfix/all/ipv6-netfilter-ip6_tables-fix-infoleak-to-userspace.patch]
 2.6.32-squeeze-security: released (2.6.32-32) [bugfix/all/ipv6-netfilter-ip6_tables-fix-infoleak-to-userspace.patch]

Modified: active/CVE-2011-1173
===================================================================
--- active/CVE-2011-1173	2011-04-21 06:35:44 UTC (rev 2274)
+++ active/CVE-2011-1173	2011-04-23 17:55:59 UTC (rev 2275)
@@ -4,10 +4,9 @@
  https://bugzilla.redhat.com/show_bug.cgi?id=591815#c14
  http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git;a=commitdiff;h=67c5c6cb8129c595f21e88254a3fc6b3b841ae8e
 Notes:
- jmm> Fixed in 2.6.38.3
 Bugs:
 upstream: released (2.6.39-rc1) [67c5c6cb8129c595f21e88254a3fc6b3b841ae8e]
 2.6.32-upstream-stable: released (2.6.32.37)
-linux-2.6: needed
+linux-2.6: released (2.6.38-4) [bugfix/all/stable/2.6.38.3.patch]
 2.6.26-lenny-security: pending (2.6.26-26lenny3) [bugfix/all/econet-4-byte-infoleak-to-the-network.patch]
 2.6.32-squeeze-security: released (2.6.32-32) [bugfix/all/econet-4-byte-infoleak-to-the-network.patch]

Modified: active/CVE-2011-1180
===================================================================
--- active/CVE-2011-1180	2011-04-21 06:35:44 UTC (rev 2274)
+++ active/CVE-2011-1180	2011-04-23 17:55:59 UTC (rev 2275)
@@ -3,10 +3,9 @@
 References:
  http://marc.info/?l=linux-netdev&m=130067113628164&w=2
 Notes:
- jmm> Fixed in 2.6.38.3
 Bugs:
 upstream: released (2.6.39-rc1) [d370af0ef7951188daeb15bae75db7ba57c67846]
 2.6.32-upstream-stable: released (2.6.32.37)
-linux-2.6: needed
+linux-2.6: released (2.6.38-4) [bugfix/all/stable/2.6.38.3.patch]
 2.6.26-lenny-security: pending (2.6.26-26lenny3) [bugfix/all/irda-validate-peer-name-and-attribute-lengths.patch]
 2.6.32-squeeze-security: released (2.6.32-33) [bugfix/all/irda-validate-peer-name-and-attribute-lengths.patch]

Modified: active/CVE-2011-1476
===================================================================
--- active/CVE-2011-1476	2011-04-21 06:35:44 UTC (rev 2274)
+++ active/CVE-2011-1476	2011-04-23 17:55:59 UTC (rev 2275)
@@ -4,10 +4,9 @@
  http://marc.info/?l=linux-kernel&m=130089204124354&w=2
 Notes:
  jmm> OSS disabled since Squeeze
- jmm> Fixed in 2.6.38.3
 Bugs:
 upstream: released (2.6.39-rc1) [b769f49463711205d57286e64cf535ed4daf59e9]
 2.6.32-upstream-stable: released (2.6.32.37)
-linux-2.6: needed 
+linux-2.6: released (2.6.38-4) [bugfix/all/stable/2.6.38.3.patch]
 2.6.26-lenny-security: needed 
 2.6.32-squeeze-security: needed

Modified: active/CVE-2011-1477
===================================================================
--- active/CVE-2011-1477	2011-04-21 06:35:44 UTC (rev 2274)
+++ active/CVE-2011-1477	2011-04-23 17:55:59 UTC (rev 2275)
@@ -4,10 +4,9 @@
  http://marc.info/?l=linux-kernel&m=130089499728386&w=2
 Notes:
  jmm> OSS disabled since Squeeze
- jmm> Fixed in 2.6.38.3
 Bugs:
 upstream: released (2.6.39-rc1) [b769f49463711205d57286e64cf535ed4daf59e9]
 2.6.32-upstream-stable: released (2.6.32.37)
-linux-2.6: needed 
+linux-2.6: released (2.6.38-4) [bugfix/all/stable/2.6.38.3.patch]
 2.6.26-lenny-security: needed 
 2.6.32-squeeze-security: needed

Modified: active/CVE-2011-1479
===================================================================
--- active/CVE-2011-1479	2011-04-21 06:35:44 UTC (rev 2274)
+++ active/CVE-2011-1479	2011-04-23 17:55:59 UTC (rev 2275)
@@ -2,10 +2,9 @@
 Description: incomplete fix for CVE-2010-4250
 References:
 Notes:
- jmm> Fixed in 2.6.38.3
 Bugs:
 upstream: released (2.6.39-rc2) [d0de4dc584ec6aa3b26fffea320a8457827768fc]
 2.6.32-upstream-stable: N/A "Not affected by fix for CVE-2010-4250, a2ae4cc9a16e211c8a128ba10d22a85431f093ab"
-linux-2.6: needed
+linux-2.6: released (2.6.38-4) [bugfix/all/stable/2.6.38.3.patch]
 2.6.26-lenny-security: N/A "Not affected by fix for CVE-2010-4250, a2ae4cc9a16e211c8a128ba10d22a85431f093ab"
 2.6.32-squeeze-security: N/A "Not affected by fix for CVE-2010-4250, a2ae4cc9a16e211c8a128ba10d22a85431f093ab"

Modified: active/CVE-2011-1493
===================================================================
--- active/CVE-2011-1493	2011-04-21 06:35:44 UTC (rev 2274)
+++ active/CVE-2011-1493	2011-04-23 17:55:59 UTC (rev 2275)
@@ -6,6 +6,6 @@
 Bugs:
 upstream: released (2.6.39-rc1) [be20250c13f88375345ad99950190685eda51eb8, e0bccd315db0c2f919e7fcf9cb60db21d9986f52]
 2.6.32-upstream-stable: needed
-linux-2.6: needed
+linux-2.6: released (2.6.38-4) [bugfix/all/stable/2.6.38.3.patch]
 2.6.26-lenny-security: needed
 2.6.32-squeeze-security: needed


