[kernel-sec-discuss] r2244 - active

Dann Frazier dannf at alioth.debian.org
Sun Mar 27 23:02:06 UTC 2011 

Author: dannf
Date: 2011-03-27 23:02:04 +0000 (Sun, 27 Mar 2011)
New Revision: 2244

Modified:
   active/CVE-2011-1017
   active/CVE-2011-1020
   active/CVE-2011-1078
   active/CVE-2011-1079
   active/CVE-2011-1080
   active/CVE-2011-1083
   active/CVE-2011-1090
   active/CVE-2011-1170
   active/CVE-2011-1171
   active/CVE-2011-1172
   active/CVE-2011-1173
   active/CVE-2011-1182
   active/CVE-2011-1476
   active/CVE-2011-1477
Log:
various updates

Modified: active/CVE-2011-1017
===================================================================
--- active/CVE-2011-1017	2011-03-27 23:00:15 UTC (rev 2243)
+++ active/CVE-2011-1017	2011-03-27 23:02:04 UTC (rev 2244)
@@ -6,6 +6,6 @@
 Bugs:
 upstream: needed
 2.6.32-upstream-stable: needed
-linux-2.6: needed
-2.6.26-lenny-security: 
-2.6.32-squeeze-security: needed
+linux-2.6: needed "no upstream fix as of 2011.03.27"
+2.6.26-lenny-security: needed "no upstream fix as of 2011.03.27"
+2.6.32-squeeze-security: needed "no upstream fix as of 2011.03.27"

Modified: active/CVE-2011-1020
===================================================================
--- active/CVE-2011-1020	2011-03-27 23:00:15 UTC (rev 2243)
+++ active/CVE-2011-1020	2011-03-27 23:02:04 UTC (rev 2244)
@@ -6,6 +6,6 @@
 Bugs:
 upstream: needed
 2.6.32-upstream-stable: needed
-linux-2.6: needed
-2.6.26-lenny-security: 
-2.6.32-squeeze-security: needed
+linux-2.6: needed "no upstream fix as of 2011.03.27"
+2.6.26-lenny-security: needed "no upstream fix as of 2011.03.27"
+2.6.32-squeeze-security: needed "no upstream fix as of 2011.03.27"

Modified: active/CVE-2011-1078
===================================================================
--- active/CVE-2011-1078	2011-03-27 23:00:15 UTC (rev 2243)
+++ active/CVE-2011-1078	2011-03-27 23:02:04 UTC (rev 2244)
@@ -4,8 +4,8 @@
  https://lkml.org/lkml/2011/2/14/49
 Notes:
 Bugs:
-upstream: needed
+upstream: pending (2.6.39-rc1) [c4c896e1471aec3b004a693c689f60be3b17ac86]
 2.6.32-upstream-stable: needed
 linux-2.6: needed
 2.6.26-lenny-security: needed
-2.6.32-squeeze-security: needed
+2.6.32-squeeze-security: pending (2.6.32-32) [bugfix/all/bluetooth-sco-fix-information-leak-to-userspace.patch]

Modified: active/CVE-2011-1079
===================================================================
--- active/CVE-2011-1079	2011-03-27 23:00:15 UTC (rev 2243)
+++ active/CVE-2011-1079	2011-03-27 23:02:04 UTC (rev 2244)
@@ -1,11 +1,11 @@
 Candidate: CVE-2011-1079
 Description:
 References:
- https://lkml.org/lkml/2011/2/14/49
+ https://lkml.org/lkml/2011/2/14/50
 Notes:
 Bugs:
-upstream: needed
+upstream: pending (2.6.39-rc1) [43629f8f5ea32a998d06d1bb41eefa0e821ff573]
 2.6.32-upstream-stable: needed
 linux-2.6: needed
 2.6.26-lenny-security: needed
-2.6.32-squeeze-security: needed
+2.6.32-squeeze-security: pending (2.6.32-32) [bugfix/all/bluetooth-bnep-fix-buffer-overflow.patch]

Modified: active/CVE-2011-1080
===================================================================
--- active/CVE-2011-1080	2011-03-27 23:00:15 UTC (rev 2243)
+++ active/CVE-2011-1080	2011-03-27 23:02:04 UTC (rev 2244)
@@ -3,8 +3,8 @@
 References:
 Notes:
 Bugs:
-upstream: needed 
+upstream: pending (2.6.39-rc1) [d846f71195d57b0bbb143382647c2c6638b04c5a]
 2.6.32-upstream-stable: needed
 linux-2.6: needed
 2.6.26-lenny-security: needed
-2.6.32-squeeze-security: needed
+2.6.32-squeeze-security: pending (2.6.32-32) [bugfix/all/bridge-netfilter-fix-information-leak.patch]

Modified: active/CVE-2011-1083
===================================================================
--- active/CVE-2011-1083	2011-03-27 23:00:15 UTC (rev 2243)
+++ active/CVE-2011-1083	2011-03-27 23:02:04 UTC (rev 2244)
@@ -5,8 +5,8 @@
  http://thread.gmane.org/gmane.linux.kernel/1105744/focus=1105888
 Notes:
 Bugs:
-upstream:
+upstream: needed
 2.6.32-upstream-stable:
-linux-2.6:
-2.6.26-lenny-security:
-2.6.32-squeeze-security:
+linux-2.6: needed "no upstream fix as of 2011.03.27"
+2.6.26-lenny-security: needed "no upstream fix as of 2011.03.27"
+2.6.32-squeeze-security: needed "no upstream fix as of 2011.03.27"

Modified: active/CVE-2011-1090
===================================================================
--- active/CVE-2011-1090	2011-03-27 23:00:15 UTC (rev 2243)
+++ active/CVE-2011-1090	2011-03-27 23:02:04 UTC (rev 2244)
@@ -7,4 +7,4 @@
 2.6.32-upstream-stable: needed
 linux-2.6: released (2.6.38-1)
 2.6.26-lenny-security: needed
-2.6.32-squeeze-security: needed
+2.6.32-squeeze-security: pending (2.6.32-32) [bugfix/all/nfs4-ensure-that-acl-pages-sent-over-nfs-were-not-allocated-from-the-slab.patch, bugfix/all/nfs4-ensure-that-acl-pages-sent-over-nfs-were-not-allocated-from-the-slab-compilation-warning.patch]

Modified: active/CVE-2011-1170
===================================================================
--- active/CVE-2011-1170	2011-03-27 23:00:15 UTC (rev 2243)
+++ active/CVE-2011-1170	2011-03-27 23:02:04 UTC (rev 2244)
@@ -5,8 +5,8 @@
  http://git.kernel.org/?p=linux/kernel/git/kaber/nf-next-2.6.git;a=commitdiff;h=42eab94fff18cb1091d3501cd284d6bd6cc9c143
 Notes:
 Bugs:
-upstream:
+upstream: pending (2.6.39-rc1) [42eab94fff18cb1091d3501cd284d6bd6cc9c143]
 2.6.32-upstream-stable: needed
 linux-2.6: needed
 2.6.26-lenny-security: needed
-2.6.32-squeeze-security: needed
+2.6.32-squeeze-security: pending (2.6.32-32) [bugfix/all/netfilter-arp_tables-fix-infoleak-to-userspace.patch]

Modified: active/CVE-2011-1171
===================================================================
--- active/CVE-2011-1171	2011-03-27 23:00:15 UTC (rev 2243)
+++ active/CVE-2011-1171	2011-03-27 23:02:04 UTC (rev 2244)
@@ -5,8 +5,8 @@
  http://git.kernel.org/?p=linux/kernel/git/kaber/nf-next-2.6.git;a=commitdiff;h=78b79876761b86653df89c48a7010b5cbd41a84a
 Notes:
 Bugs:
-upstream:
+upstream: pending (2.6.39-rc1) [78b79876761b86653df89c48a7010b5cbd41a84a]
 2.6.32-upstream-stable: needed
 linux-2.6: needed
 2.6.26-lenny-security: needed
-2.6.32-squeeze-security: needed
+2.6.32-squeeze-security: pending (2.6.32-32) [bugfix/all/netfilter-ip_tables-fix-infoleak-to-userspace.patch]

Modified: active/CVE-2011-1172
===================================================================
--- active/CVE-2011-1172	2011-03-27 23:00:15 UTC (rev 2243)
+++ active/CVE-2011-1172	2011-03-27 23:02:04 UTC (rev 2244)
@@ -5,8 +5,8 @@
  http://git.kernel.org/?p=linux/kernel/git/kaber/nf-next-2.6.git;a=commitdiff;h=6a8ab060779779de8aea92ce3337ca348f973f54
 Notes:
 Bugs:
-upstream:
+upstream: pending (2.6.39-rc1) [6a8ab060779779de8aea92ce3337ca348f973f54]
 2.6.32-upstream-stable:
 linux-2.6:
 2.6.26-lenny-security:
-2.6.32-squeeze-security:
+2.6.32-squeeze-security: pending (2.6.32-32) [bugfix/all/ipv6-netfilter-ip6_tables-fix-infoleak-to-userspace.patch]

Modified: active/CVE-2011-1173
===================================================================
--- active/CVE-2011-1173	2011-03-27 23:00:15 UTC (rev 2243)
+++ active/CVE-2011-1173	2011-03-27 23:02:04 UTC (rev 2244)
@@ -5,8 +5,8 @@
  http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git;a=commitdiff;h=67c5c6cb8129c595f21e88254a3fc6b3b841ae8e
 Notes:
 Bugs:
-upstream:
+upstream: pending (2.6.39-rc1) [67c5c6cb8129c595f21e88254a3fc6b3b841ae8e]
 2.6.32-upstream-stable: needed
 linux-2.6: needed
 2.6.26-lenny-security: needed
-2.6.32-squeeze-security: needed
+2.6.32-squeeze-security: pending (2.6.32-32) [bugfix/all/econet-4-byte-infoleak-to-the-network.patch]

Modified: active/CVE-2011-1182
===================================================================
--- active/CVE-2011-1182	2011-03-27 23:00:15 UTC (rev 2243)
+++ active/CVE-2011-1182	2011-03-27 23:02:04 UTC (rev 2244)
@@ -2,11 +2,10 @@
 Description: signal spoofing
 References:
  http://seclists.org/oss-sec/2011/q1/593
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=da48524eb20662618854bb3df2db01fc65f3070c
 Notes:
 Bugs:
-upstream: needed 
-2.6.32-upstream-stable: needed
+upstream: pending (2.6.39-rc1) [da48524eb20662618854bb3df2db01fc65f3070c]
+2.6.32-upstream-stable: released (2.6.32.36) [62a9fca67f7f5838894306ad5ab65af911dc0dfd]
 linux-2.6: needed
 2.6.26-lenny-security: needed
-2.6.32-squeeze-security: needed
+2.6.32-squeeze-security: pending (2.6.32-32) [bugfix/all/stable/2.6.32.36.patch]

Modified: active/CVE-2011-1476
===================================================================
--- active/CVE-2011-1476	2011-03-27 23:00:15 UTC (rev 2243)
+++ active/CVE-2011-1476	2011-03-27 23:02:04 UTC (rev 2244)
@@ -7,6 +7,6 @@
 Bugs:
 upstream: needed
 2.6.32-upstream-stable: needed
-linux-2.6: needed
-2.6.26-lenny-security: needed
-2.6.32-squeeze-security: needed
+linux-2.6: needed "no upstream fix as of 2011.03.27"
+2.6.26-lenny-security: needed "no upstream fix as of 2011.03.27"
+2.6.32-squeeze-security: needed "no upstream fix as of 2011.03.27"

Modified: active/CVE-2011-1477
===================================================================
--- active/CVE-2011-1477	2011-03-27 23:00:15 UTC (rev 2243)
+++ active/CVE-2011-1477	2011-03-27 23:02:04 UTC (rev 2244)
@@ -7,6 +7,6 @@
 Bugs:
 upstream: needed
 2.6.32-upstream-stable: needed
-linux-2.6: needed
-2.6.26-lenny-security: needed
-2.6.32-squeeze-security: needed
+linux-2.6: needed "no upstream fix as of 2011.03.27"
+2.6.26-lenny-security: needed "no upstream fix as of 2011.03.27"
+2.6.32-squeeze-security: needed "no upstream fix as of 2011.03.27"

More information about the kernel-sec-discuss mailing list