[kernel-sec-discuss] r2220 - active retired
Moritz Muehlenhoff
jmm at alioth.debian.org
Wed Mar 9 18:18:34 UTC 2011
Author: jmm
Date: 2011-03-09 18:18:24 +0000 (Wed, 09 Mar 2011)
New Revision: 2220
Modified:
active/CVE-2010-2943
active/CVE-2010-3699
active/CVE-2010-3865
active/CVE-2010-3880
active/CVE-2010-4075
active/CVE-2010-4165
active/CVE-2010-4656
active/CVE-2011-0521
active/CVE-2011-0710
active/CVE-2011-0711
active/CVE-2011-0712
active/CVE-2011-1010
active/CVE-2011-1012
active/CVE-2011-1013
active/CVE-2011-1078
retired/CVE-2010-3310
retired/CVE-2010-3432
retired/CVE-2010-3442
retired/CVE-2010-3448
Log:
various updates
Modified: active/CVE-2010-2943
===================================================================
--- active/CVE-2010-2943 2011-03-07 16:08:41 UTC (rev 2219)
+++ active/CVE-2010-2943 2011-03-09 18:18:24 UTC (rev 2220)
@@ -9,6 +9,6 @@
Bugs:
upstream: release (2.6.35) [7dce11db,7124fe0a,1920779e,7b6259e7]
2.6.32-upstream-stable: released (2.6.32.30)
-linux-2.6: pending (2.6.32-31) [bugfix/all/xfs-always-use-iget-in-bulkstat.patch, bugfix/all/xfs-validate-untrusted-inode-numbers-during-lookup.patch, bugfix/all/xfs-rename-XFS_IGET_BULKSTAT-to-XFS_IGET_UNTRUSTED.patch, bugfix/all/xfs-remove-block-number-from-inode-lookup-code.patch, bugfix/all/xfs-fix-untrusted-inode-number-lookup.patch]
+linux-2.6: released (2.6.37-1) [bugfix/all/xfs-always-use-iget-in-bulkstat.patch, bugfix/all/xfs-validate-untrusted-inode-numbers-during-lookup.patch, bugfix/all/xfs-rename-XFS_IGET_BULKSTAT-to-XFS_IGET_UNTRUSTED.patch, bugfix/all/xfs-remove-block-number-from-inode-lookup-code.patch, bugfix/all/xfs-fix-untrusted-inode-number-lookup.patch]
2.6.26-lenny-security: needed "test case fails on 2.6.26"
-2.6.32-squeeze-security: pending (2.6.32-31) [bugfix/all/xfs-always-use-iget-in-bulkstat.patch, bugfix/all/xfs-validate-untrusted-inode-numbers-during-lookup.patch, bugfix/all/xfs-rename-XFS_IGET_BULKSTAT-to-XFS_IGET_UNTRUSTED.patch, bugfix/all/xfs-remove-block-number-from-inode-lookup-code.patch, bugfix/all/xfs-fix-untrusted-inode-number-lookup.patch]
+2.6.32-squeeze-security: released (2.6.32-31) [bugfix/all/xfs-always-use-iget-in-bulkstat.patch, bugfix/all/xfs-validate-untrusted-inode-numbers-during-lookup.patch, bugfix/all/xfs-rename-XFS_IGET_BULKSTAT-to-XFS_IGET_UNTRUSTED.patch, bugfix/all/xfs-remove-block-number-from-inode-lookup-code.patch, bugfix/all/xfs-fix-untrusted-inode-number-lookup.patch]
Modified: active/CVE-2010-3699
===================================================================
--- active/CVE-2010-3699 2011-03-07 16:08:41 UTC (rev 2219)
+++ active/CVE-2010-3699 2011-03-09 18:18:24 UTC (rev 2220)
@@ -6,6 +6,6 @@
Bugs:
upstream: N/A "This affects the Xen feature patch set, not in upstream proper"
2.6.32-upstream-stable: N/A "This affects the Xen feature patch set, not in upstream proper"
-linux-2.6: pending (2.6.32-31)
+linux-2.6: released (2.6.32-31)
2.6.26-lenny-security: released (2.6.26-26lenny2) [features/all/xen/CVE-2010-3699.patch]
-2.6.32-squeeze-security: pending (2.6.32-31)
+2.6.32-squeeze-security: released (2.6.32-31)
Modified: active/CVE-2010-3865
===================================================================
--- active/CVE-2010-3865 2011-03-07 16:08:41 UTC (rev 2219)
+++ active/CVE-2010-3865 2011-03-09 18:18:24 UTC (rev 2220)
@@ -12,6 +12,6 @@
Bugs:
upstream: released (2.6.37-rc1) [1b1f693d7ad6d193862dcb1118540a030c5e761f]
2.6.32-upstream-stable:
-linux-2.6: pending (2.6.32-31)
+linux-2.6: released (2.6.32-31)
2.6.26-lenny-security: N/A (Vulnerable code not present)
-2.6.32-squeeze-security: pending (2.6.32-31)
+2.6.32-squeeze-security: released (2.6.32-31)
Modified: active/CVE-2010-3880
===================================================================
--- active/CVE-2010-3880 2011-03-07 16:08:41 UTC (rev 2219)
+++ active/CVE-2010-3880 2011-03-09 18:18:24 UTC (rev 2220)
@@ -3,7 +3,6 @@
References:
http://www.spinics.net/lists/netdev/msg145899.html
Notes:
- jmm> 22e76c849d505d87c5ecf3d3e6742a65f0ff4860
Bugs:
upstream: released (2.6.37-rc2) [22e76c8]
2.6.32-upstream-stable: needed
Modified: active/CVE-2010-4075
===================================================================
--- active/CVE-2010-4075 2011-03-07 16:08:41 UTC (rev 2219)
+++ active/CVE-2010-4075 2011-03-09 18:18:24 UTC (rev 2220)
@@ -5,7 +5,7 @@
Bugs:
upstream: released (2.6.37) [d281da7ff6f70efca0553c288bb883e8605b3862]
2.6.32-upstream-stable: needed
-linux-2.6: pending (2.6.32-31)
+linux-2.6: released (2.6.32-31)
2.6.26-lenny-security: needed "ABI breaker"
-2.6.32-squeeze-security: pending (2.6.32-31)
+2.6.32-squeeze-security: released (2.6.32-31)
Modified: active/CVE-2010-4165
===================================================================
--- active/CVE-2010-4165 2011-03-07 16:08:41 UTC (rev 2219)
+++ active/CVE-2010-4165 2011-03-09 18:18:24 UTC (rev 2220)
@@ -10,4 +10,4 @@
2.6.32-upstream-stable: released (2.6.32.30)
linux-2.6: needed (2.6.32-28) [debian/patches/bugfix/all/tcp-Increase-TCP_MAXSEG-socket-option-minimum.patch]
2.6.26-lenny-security: N/A
-2.6.32-squeeze-security: needed (2.6.32-28) [bugfix/all/tcp-Increase-TCP_MAXSEG-socket-option-minimum.patch]
+2.6.32-squeeze-security: released (2.6.32-31)
Modified: active/CVE-2010-4656
===================================================================
--- active/CVE-2010-4656 2011-03-07 16:08:41 UTC (rev 2219)
+++ active/CVE-2010-4656 2011-03-09 18:18:24 UTC (rev 2220)
@@ -5,7 +5,7 @@
Notes:
Bugs:
upstream: released (2.6.37) [3ed780117dbe5acb64280d218f0347f238dafed0]
-2.6.32-upstream-stable: pending (2.6.32.32)
+2.6.32-upstream-stable: released (2.6.32.32)
linux-2.6: released (2.6.37-1)
2.6.26-lenny-security: released (2.6.26-26lenny2) [bugfix/all/usb-iowarrior-dont-trust-report_size-for-buffer-size.patch]
-2.6.32-squeeze-security: pending (2.6.32-31) [bugfix/all/usb-iowarrior-dont-trust-report_size-for-buffer-size.patch]
+2.6.32-squeeze-security: released (2.6.32-31) [bugfix/all/usb-iowarrior-dont-trust-report_size-for-buffer-size.patch]
Modified: active/CVE-2011-0521
===================================================================
--- active/CVE-2011-0521 2011-03-07 16:08:41 UTC (rev 2219)
+++ active/CVE-2011-0521 2011-03-09 18:18:24 UTC (rev 2220)
@@ -9,4 +9,4 @@
2.6.32-upstream-stable: released (2.6.32.30)
linux-2.6: released (2.6.37-2)
2.6.26-lenny-security: released (2.6.26-26lenny2) [bugfix/all/av7110-check-for-negative-array-offset.patch]
-2.6.32-squeeze-security: pending (2.6.32-31) [bugfix/all/av7110-check-for-negative-array-offset.patch]
+2.6.32-squeeze-security: released (2.6.32-31) [bugfix/all/av7110-check-for-negative-array-offset.patch]
Modified: active/CVE-2011-0710
===================================================================
--- active/CVE-2011-0710 2011-03-07 16:08:41 UTC (rev 2219)
+++ active/CVE-2011-0710 2011-03-09 18:18:24 UTC (rev 2220)
@@ -7,4 +7,4 @@
2.6.32-upstream-stable: released (2.6.32.30)
linux-2.6: released (2.6.37-2)
2.6.26-lenny-security: needed
-2.6.32-squeeze-security: pending (2.6.32-31) [bugfix/s390/remove-task_show_regs.patch]
+2.6.32-squeeze-security: released (2.6.32-31) [bugfix/s390/remove-task_show_regs.patch]
Modified: active/CVE-2011-0711
===================================================================
--- active/CVE-2011-0711 2011-03-07 16:08:41 UTC (rev 2219)
+++ active/CVE-2011-0711 2011-03-09 18:18:24 UTC (rev 2220)
@@ -4,8 +4,8 @@
https://patchwork.kernel.org/patch/546491/
Notes:
Bugs:
-upstream: needed "not fixed upstream as of 2011.02.21"
-2.6.32-upstream-stable: needed "not fixed upstream as of 2011.02.21"
-linux-2.6: needed "not fixed upstream as of 2011.02.21"
-2.6.26-lenny-security: needed "not fixed upstream as of 2011.02.21"
-2.6.32-squeeze-security: needed "not fixed upstream as of 2011.02.21"
+upstream: released (2.6.38-rc7) [3a3675b7f23f83ca8c67c9c2b6edf707fd28d1ba]
+2.6.32-upstream-stable: needed
+linux-2.6: needed
+2.6.26-lenny-security: needed
+2.6.32-squeeze-security: needed
Modified: active/CVE-2011-0712
===================================================================
--- active/CVE-2011-0712 2011-03-07 16:08:41 UTC (rev 2219)
+++ active/CVE-2011-0712 2011-03-09 18:18:24 UTC (rev 2220)
@@ -7,4 +7,4 @@
2.6.32-upstream-stable: released (2.6.32.30)
linux-2.6: released (2.6.37-2) [bugfix/all/stable/2.6.37.2.patch]
2.6.26-lenny-security: needed
-2.6.32-squeeze-security: pending (2.6.32-31) [bugfix/all/ALSA-caiaq-Fix-possible-string-buffer-overflow.patch]
+2.6.32-squeeze-security: released (2.6.32-31) [bugfix/all/ALSA-caiaq-Fix-possible-string-buffer-overflow.patch]
Modified: active/CVE-2011-1010
===================================================================
--- active/CVE-2011-1010 2011-03-07 16:08:41 UTC (rev 2219)
+++ active/CVE-2011-1010 2011-03-09 18:18:24 UTC (rev 2220)
@@ -6,5 +6,5 @@
upstream: released (2.6.38-rc6) [fa7ea87a057958a8b7926c1a60a3ca6d696328ed]
2.6.32-upstream-stable: released (2.6.32.30)
linux-2.6: released (2.6.37-2)
-2.6.26-lenny-security:
-2.6.32-squeeze-security: pending (2.6.32-31) [bugfix/all/fs-partitions-Validate-map_count-in-Mac-partition-ta.patch]
+2.6.26-lenny-security: needed
+2.6.32-squeeze-security: released (2.6.32-31) [bugfix/all/fs-partitions-Validate-map_count-in-Mac-partition-ta.patch]
Modified: active/CVE-2011-1012
===================================================================
--- active/CVE-2011-1012 2011-03-07 16:08:41 UTC (rev 2219)
+++ active/CVE-2011-1012 2011-03-09 18:18:24 UTC (rev 2220)
@@ -2,10 +2,9 @@
Description:
References:
http://www.pre-cert.de/advisories/PRE-SA-2011-01.txt
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=294f6cf48666825d23c9372ef37631232746e40d
Notes:
Bugs:
-upstream: needed
+upstream: released (2.6.38-rc7) [294f6cf48666825d23c9372ef37631232746e40d]
2.6.32-upstream-stable: needed
linux-2.6: needed
2.6.26-lenny-security:
Modified: active/CVE-2011-1013
===================================================================
--- active/CVE-2011-1013 2011-03-07 16:08:41 UTC (rev 2219)
+++ active/CVE-2011-1013 2011-03-09 18:18:24 UTC (rev 2220)
@@ -4,7 +4,7 @@
Notes:
Bugs:
upstream: released (2.6.38-rc7) [1922756124ddd53846877416d92ba4a802bc658f]
-2.6.32-upstream-stable: pending (2.6.32.32)
+2.6.32-upstream-stable: released (2.6.32.32)
linux-2.6:
2.6.26-lenny-security: N/A "Vulnerable code not present"
-2.6.32-squeeze-security: pending (2.6.32-31)
+2.6.32-squeeze-security: released (2.6.32-31)
Modified: active/CVE-2011-1078
===================================================================
--- active/CVE-2011-1078 2011-03-07 16:08:41 UTC (rev 2219)
+++ active/CVE-2011-1078 2011-03-09 18:18:24 UTC (rev 2220)
@@ -1,5 +1,5 @@
Candidate: CVE-2011-1078
-Description: bnep: fix buffer overflow
+Description: sco info leak
References:
https://lkml.org/lkml/2011/2/14/49
Notes:
Modified: retired/CVE-2010-3310
===================================================================
--- retired/CVE-2010-3310 2011-03-07 16:08:41 UTC (rev 2219)
+++ retired/CVE-2010-3310 2011-03-09 18:18:24 UTC (rev 2220)
@@ -4,10 +4,9 @@
http://www.openwall.com/lists/oss-security/2010/09/21/1
http://marc.info/?l=linux-netdev&m=128502238927086&w=2
Notes:
- jmm> 9828e6e6e3f19efcb476c567b9999891d051f52f
jmm> submitted for 2.6.32.x stable
Bugs:
-upstream: released (2.6.36-rc6)
+upstream: released (2.6.36-rc6) [9828e6e6e3f19efcb476c567b9999891d051f52f]
2.6.32-upstream-stable: released (2.6.32.25)
linux-2.6: released (2.6.32-25) [bugfix/all/rose-fix-signedness-issues-wrt-digi-count.patch]
2.6.26-lenny-security: released (2.6.26-26lenny1) [bugfix/all/rose-fix-signedness-issues-wrt-digi-count.patch]
Modified: retired/CVE-2010-3432
===================================================================
--- retired/CVE-2010-3432 2011-03-07 16:08:41 UTC (rev 2219)
+++ retired/CVE-2010-3432 2011-03-09 18:18:24 UTC (rev 2220)
@@ -5,10 +5,9 @@
to ping-pong between two transports when sending, and that can result packet
corruption followed by skb overlfow crash.
References:
- 4bdab43323b459900578b200a4b8cf9713ac8fab
Notes:
Bugs:
-upstream: released (2.6.36-rc5)
+upstream: released (2.6.36-rc5) [4bdab43323b459900578b200a4b8cf9713ac8fab]
2.6.32-upstream-stable: released (2.6.32.23)
linux-2.6: released (2.6.32-24)
2.6.26-lenny-security: released (2.6.26-26lenny1) [bugfix/all/sctp-do-not-reset-the-packet-during-sctp_packet_config.patch]
Modified: retired/CVE-2010-3442
===================================================================
--- retired/CVE-2010-3442 2011-03-07 16:08:41 UTC (rev 2219)
+++ retired/CVE-2010-3442 2011-03-09 18:18:24 UTC (rev 2220)
@@ -1,4 +1,4 @@
-Candidate: CVE-2010-3442
+andidate: CVE-2010-3442
Description:
> On 09/29/2010 03:01 PM, Marcus Meissner wrote:
> > On Wed, Sep 29, 2010 at 02:49:52PM +0800, Eugene Teo wrote:
@@ -13,11 +13,9 @@
> >> group "audio") via the SNDRV_CTL_IOCTL_ELEM_ADD and
> >> SNDRV_CTL_IOCTL_ELEM_REPLACE ioctls.
References:
- http://git.kernel.org/?p=linux/kernel/git/tiwai/sound-2.6.git;a=commitdiff;h=5591bf07225523600450edd9e6ad258bb877b779
Notes:
- jmm> 5591bf07225523600450edd9e6ad258bb877b779
Bugs:
-upstream: released (2.6.36)
+upstream: released (2.6.36) [5591bf07225523600450edd9e6ad258bb877b779]
2.6.32-upstream-stable: released (2.6.32.25)
linux-2.6: released (2.6.32-25) [bugfix/all/alsa-prevent-heap-corruption-in-snd_ctl_new.patch]
2.6.26-lenny-security: released (2.6.26-26lenny1) [bugfix/all/alsa-prevent-heap-corruption-in-snd_ctl_new.patch]
Modified: retired/CVE-2010-3448
===================================================================
--- retired/CVE-2010-3448 2011-03-07 16:08:41 UTC (rev 2219)
+++ retired/CVE-2010-3448 2011-03-09 18:18:24 UTC (rev 2220)
@@ -1,10 +1,9 @@
Candidate: CVE-2010-3448
Description:
References:
- jmm> b525c06cdbd8a3963f0173ccd23f9147d4c384b5
Notes:
Bugs: 565790
-upstream: released (2.6.34)
+upstream: released (2.6.34) [b525c06cdbd8a3963f0173ccd23f9147d4c384b5]
2.6.32-upstream-stable: released (2.6.32.12)
linux-2.6: released (2.6.32-12)
2.6.26-lenny-security: released (2.6.26-26lenny1) [bugfix/x86/thinkpad-acpi-lock-down-video-output-state-access.patch]
More information about the kernel-sec-discuss
mailing list