[kernel-sec-discuss] r2347 - active
Dann Frazier
dannf at alioth.debian.org
Fri Jun 10 01:36:03 UTC 2011
Author: dannf
Date: 2011-06-10 01:36:02 +0000 (Fri, 10 Jun 2011)
New Revision: 2347
Modified:
active/CVE-2010-3875
active/CVE-2010-4075
active/CVE-2011-1017
active/CVE-2011-1160
active/CVE-2011-1476
active/CVE-2011-1477
active/CVE-2011-1478
active/CVE-2011-1493
active/CVE-2011-1494
active/CVE-2011-1495
active/CVE-2011-1577
active/CVE-2011-1585
active/CVE-2011-1593
active/CVE-2011-1776
active/CVE-2011-2022
active/CVE-2011-2182
Log:
lenny updates
Modified: active/CVE-2010-3875
===================================================================
--- active/CVE-2010-3875 2011-06-08 15:05:52 UTC (rev 2346)
+++ active/CVE-2010-3875 2011-06-10 01:36:02 UTC (rev 2347)
@@ -8,5 +8,5 @@
upstream: released (2.6.37-rc2) [fe10ae5, 5b919f833d9d60588d026ad82d17f17e8872c7a9]
2.6.32-upstream-stable: released (2.6.32.39)
sid: released (2.6.38-1)
-2.6.26-lenny-security: needed
+2.6.26-lenny-security: pending (2.6.26-26lenny3) [bugfix/all/net-ax25-fix-information-leak-to-userland.patch, bugfix/all/net-ax25-fix-information-leak-to-userland-harder.patch]
2.6.32-squeeze-security: released (2.6.32-34)
Modified: active/CVE-2010-4075
===================================================================
--- active/CVE-2010-4075 2011-06-08 15:05:52 UTC (rev 2346)
+++ active/CVE-2010-4075 2011-06-10 01:36:02 UTC (rev 2347)
@@ -6,6 +6,6 @@
upstream: released (2.6.37) [d281da7ff6f70efca0553c288bb883e8605b3862]
2.6.32-upstream-stable: needed
sid: released (2.6.37-1)
-2.6.26-lenny-security: needed "ABI breaker"
+2.6.26-lenny-security: pending (2.6.26-26lenny3) [bugfix/all/serial_core-clean-data-before-filling-it.patch]
2.6.32-squeeze-security: released (2.6.32-31)
Modified: active/CVE-2011-1017
===================================================================
--- active/CVE-2011-1017 2011-06-08 15:05:52 UTC (rev 2346)
+++ active/CVE-2011-1017 2011-06-10 01:36:02 UTC (rev 2347)
@@ -11,5 +11,5 @@
upstream: released (2.6.38.5)
2.6.32-upstream-stable: needed
sid: released (2.6.38-5)
-2.6.26-lenny-security: needed
-2.6.32-squeeze-security: released (2.6.32-34squeeze1) [bugfix/all/partitions-ldm-fix-oops-caused-by-corrupted-partition-table.patch] "This fix is broken, see http://linux.kernel.org/pipermail/stable-review/2011-May/010606.html"
+2.6.26-lenny-security: pending (2.6.26-26lenny3) [bugfix/all/partitions-ldm-fix-oops-caused-by-corrupted-partition-table.patch]
+2.6.32-squeeze-security: released (2.6.32-34) [bugfix/all/partitions-ldm-fix-oops-caused-by-corrupted-partition-table.patch]
Modified: active/CVE-2011-1160
===================================================================
--- active/CVE-2011-1160 2011-06-08 15:05:52 UTC (rev 2346)
+++ active/CVE-2011-1160 2011-06-10 01:36:02 UTC (rev 2347)
@@ -7,5 +7,5 @@
upstream: released (2.6.39-rc1) [1309d7afbed112f0e8e90be9af975550caa0076b]
2.6.32-upstream-stable: released (2.6.32.37)
sid: released (2.6.38-4) [bugfix/all/stable/2.6.38.3.patch]
-2.6.26-lenny-security: needed
+2.6.26-lenny-security: pending (2.6.26-26lenny3) [bugfix/all/tpm-fix-uninitialized-usage-of-data-buffer.patch]
2.6.32-squeeze-security: released (2.6.32-34) [bugfix/all/stable/2.6.32.37.patch]
Modified: active/CVE-2011-1476
===================================================================
--- active/CVE-2011-1476 2011-06-08 15:05:52 UTC (rev 2346)
+++ active/CVE-2011-1476 2011-06-10 01:36:02 UTC (rev 2347)
@@ -8,5 +8,5 @@
upstream: released (2.6.39-rc1) [b769f49463711205d57286e64cf535ed4daf59e9]
2.6.32-upstream-stable: released (2.6.32.37)
sid: released (2.6.38-4) [bugfix/all/stable/2.6.38.3.patch]
-2.6.26-lenny-security: needed
+2.6.26-lenny-security: pending (2.6.26-26lenny3) [bugfix/all/sound-oss-remove-offset-from-load_patch-callbacks.patch]
2.6.32-squeeze-security: released (2.6.32-34) [bugfix/all/stable/2.6.32.37.patch]
Modified: active/CVE-2011-1477
===================================================================
--- active/CVE-2011-1477 2011-06-08 15:05:52 UTC (rev 2346)
+++ active/CVE-2011-1477 2011-06-10 01:36:02 UTC (rev 2347)
@@ -8,5 +8,5 @@
upstream: released (2.6.39-rc1) [b769f49463711205d57286e64cf535ed4daf59e9]
2.6.32-upstream-stable: released (2.6.32.37) [ef79e147a62e11f6a657b076bc98192fba725645]
sid: released (2.6.38-4) [bugfix/all/stable/2.6.38.3.patch]
-2.6.26-lenny-security: needed
+2.6.26-lenny-security: pending (2.6.26-26lenny3) [bugfix/all/sound-oss-remove-offset-from-load_patch-callbacks.patch]
2.6.32-squeeze-security: released (2.6.32-34) [bugfix/all/stable/2.6.32.37.patch]
Modified: active/CVE-2011-1478
===================================================================
--- active/CVE-2011-1478 2011-06-08 15:05:52 UTC (rev 2346)
+++ active/CVE-2011-1478 2011-06-10 01:36:02 UTC (rev 2347)
@@ -7,5 +7,5 @@
upstream: released (2.6.38)
2.6.32-upstream-stable: released (2.6.32.37)
sid: released (2.6.38-1)
-2.6.26-lenny-security:
+2.6.26-lenny-security: N/A "code not present"
2.6.32-squeeze-security: released (2.6.32-34)
Modified: active/CVE-2011-1493
===================================================================
--- active/CVE-2011-1493 2011-06-08 15:05:52 UTC (rev 2346)
+++ active/CVE-2011-1493 2011-06-10 01:36:02 UTC (rev 2347)
@@ -6,5 +6,5 @@
upstream: released (2.6.39-rc1) [be20250c13f88375345ad99950190685eda51eb8]
2.6.32-upstream-stable: released (2.6.32.37) [62fdb8668c631619251cff6d964556e0f67b8dcd]
sid: released (2.6.38-4) [bugfix/all/stable/2.6.38.3.patch]
-2.6.26-lenny-security: needed
+2.6.26-lenny-security: pending (2.6.26-26lenny3) [bugfix/all/rose-prevent-heap-corruption-with-bad-facilities.patch]
2.6.32-squeeze-security: released (2.6.32-34) [bugfix/all/stable/2.6.32.37.patch]
Modified: active/CVE-2011-1494
===================================================================
--- active/CVE-2011-1494 2011-06-08 15:05:52 UTC (rev 2346)
+++ active/CVE-2011-1494 2011-06-10 01:36:02 UTC (rev 2347)
@@ -10,5 +10,5 @@
upstream: released (2.6.39-rc6) [a1f74ae82d133ebb2aabb19d181944b4e83e9960]
2.6.32-upstream-stable: released (2.6.32.40)
sid: released (2.6.38-5)
-2.6.26-lenny-security: needed
+2.6.26-lenny-security: N/A "code not present"
2.6.32-squeeze-security: released (2.6.32-34) [bugfix/all/mpt2sas-prevent-heap-overflows-and-unchecked-reads.patch]
Modified: active/CVE-2011-1495
===================================================================
--- active/CVE-2011-1495 2011-06-08 15:05:52 UTC (rev 2346)
+++ active/CVE-2011-1495 2011-06-10 01:36:02 UTC (rev 2347)
@@ -10,5 +10,5 @@
upstream: released (2.6.39-rc6) [a1f74ae82d133ebb2aabb19d181944b4e83e9960]
2.6.32-upstream-stable: released (2.6.32.40)
sid: released (2.6.38-5)
-2.6.26-lenny-security: needed
+2.6.26-lenny-security: N/A "code not present"
2.6.32-squeeze-security: released (2.6.32-34) [bugfix/all/mpt2sas-prevent-heap-overflows-and-unchecked-reads.patch]
Modified: active/CVE-2011-1577
===================================================================
--- active/CVE-2011-1577 2011-06-08 15:05:52 UTC (rev 2346)
+++ active/CVE-2011-1577 2011-06-10 01:36:02 UTC (rev 2347)
@@ -8,5 +8,5 @@
upstream: released (3.0-rc1) [3eb8e74ec72736b9b9d728bad30484ec89c91dde]
2.6.32-upstream-stable: needed
sid: needed
-2.6.26-lenny-security: needed
+2.6.26-lenny-security: pending (2.6.26-26lenny3) [bugfix/all/efi-corrupted-GUID-partition-tables-can-cause-kernel-oops.patch]
2.6.32-squeeze-security: needed
Modified: active/CVE-2011-1585
===================================================================
--- active/CVE-2011-1585 2011-06-08 15:05:52 UTC (rev 2346)
+++ active/CVE-2011-1585 2011-06-10 01:36:02 UTC (rev 2347)
@@ -6,5 +6,5 @@
upstream: released (2.6.36) [4ff67b720c02c36e54d55b88c2931879b7db1cd2, fc87a40677bbe0937e2ff0642c7e83c9a4813f3d, 24e6cf92fde1f140d8eb0bf7cd24c2c78149b6b2]
2.6.32-upstream-stable: needed
sid: released (2.6.37-1)
-2.6.26-lenny-security:
+2.6.26-lenny-security: ignored "requires porting, an exploitation requires the ability to run mount.cifs w/ root privs"
2.6.32-squeeze-security: released (2.6.32-34squeeze1) [bugfix/all/cifs-clean-up-cifs_find_smb_ses.patch, bugfix/all/cifs-fix-NULL-pointer-dereference-in-cifs_find_smb_ses.patch, bugfix/all/cifs-check-for-NULL-session-password.patch]
Modified: active/CVE-2011-1593
===================================================================
--- active/CVE-2011-1593 2011-06-08 15:05:52 UTC (rev 2346)
+++ active/CVE-2011-1593 2011-06-10 01:36:02 UTC (rev 2347)
@@ -8,5 +8,5 @@
upstream: released (2.6.39-rc4) [c78193e9, d8bdc59f]
2.6.32-upstream-stable: released (2.6.32.39) [67e022f3add1879292986e779b2aaf6ecb93fa58]
sid: released (2.6.38-4) [bugfix/all/stable/2.6.38.4.patch]
-2.6.26-lenny-security:
+2.6.26-lenny-security: pending (2.6.26-26lenny3) [bugfix/all/next_pidmap-fix-overflow-condition.patch, bugfix/all/proc-do-proper-range-check-on-readdir-offset.patch]
2.6.32-squeeze-security: released (2.6.32-34) [bugfix/all/stable/2.6.32.39.patch]
Modified: active/CVE-2011-1776
===================================================================
--- active/CVE-2011-1776 2011-06-08 15:05:52 UTC (rev 2346)
+++ active/CVE-2011-1776 2011-06-10 01:36:02 UTC (rev 2347)
@@ -6,5 +6,5 @@
upstream: released (2.6.39-rc7) [fa039d5f6b126fbd65eefa05db2f67e44df8f121]
2.6.32-upstream-stable: released (2.6.32.41)
sid: released (2.6.39-1)
-2.6.26-lenny-security: needed
+2.6.26-lenny-security: pending (2.6.26-26lenny3) [bugfix/all/validate-size-of-efi-guid-partition-entries.patch]
2.6.32-squeeze-security: released (2.6.32-34squeeze1) [bugfix/all/validate-size-of-efi-guid-partition-entries.patch]
Modified: active/CVE-2011-2022
===================================================================
--- active/CVE-2011-2022 2011-06-08 15:05:52 UTC (rev 2346)
+++ active/CVE-2011-2022 2011-06-10 01:36:02 UTC (rev 2347)
@@ -7,5 +7,5 @@
upstream: released (2.6.39-rc5) [194b3da873fd334ef183806db751473512af29ce]
2.6.32-upstream-stable: released (2.6.32.40)
sid: released (2.6.38-5)
-2.6.26-lenny-security:
+2.6.26-lenny-security: pending (2.6.26-26lenny3)
2.6.32-squeeze-security: released (2.6.32-34) [bugfix/all/agp-fix-arbitrary-kernel-memory-writes.patch]
Modified: active/CVE-2011-2182
===================================================================
--- active/CVE-2011-2182 2011-06-08 15:05:52 UTC (rev 2346)
+++ active/CVE-2011-2182 2011-06-10 01:36:02 UTC (rev 2347)
@@ -7,5 +7,5 @@
upstream: needed
2.6.32-upstream-stable: needed
sid: needed
-2.6.26-lenny-security: needed
+2.6.26-lenny-security: pending (2.6.26-26lenny3) [bugfix/all/fix-for-buffer-overflow-in-ldm_frag_add-not-sufficient.patch]
2.6.32-squeeze-security: needed
More information about the kernel-sec-discuss
mailing list