[kernel-sec-discuss] r2250 - active

Moritz Muehlenhoff jmm at alioth.debian.org
Tue Mar 29 23:18:51 UTC 2011 

Author: jmm
Date: 2011-03-29 23:18:43 +0000 (Tue, 29 Mar 2011)
New Revision: 2250

Modified:
   active/CVE-2010-3875
   active/CVE-2010-3876
   active/CVE-2010-3877
   active/CVE-2010-3880
   active/CVE-2010-4243
   active/CVE-2010-4342
   active/CVE-2010-4529
   active/CVE-2010-4565
Log:
updates


Modified: active/CVE-2010-3875
===================================================================
--- active/CVE-2010-3875	2011-03-29 22:50:49 UTC (rev 2249)
+++ active/CVE-2010-3875	2011-03-29 23:18:43 UTC (rev 2250)
@@ -5,7 +5,7 @@
 Notes:
 Bugs:
 upstream: released (2.6.37-rc2) [fe10ae5]
-2.6.32-upstream-stable: needed "dannf poked davem about sending to stable on 2010.11.20"
-linux-2.6: released (2.6.32-30)
+2.6.32-upstream-stable: needed
+linux-2.6: released (2.6.32-30) [bugfix/all/CVE-2010-3875.patch]
 2.6.26-lenny-security: released (2.6.26-26lenny1) [bugfix/all/net-ax25-fix-information-leak-to-userland.patch]
-2.6.32-squeeze-security: released (2.6.32-30)
+2.6.32-squeeze-security: released (2.6.32-30) [bugfix/all/CVE-2010-3875.patch]

Modified: active/CVE-2010-3876
===================================================================
--- active/CVE-2010-3876	2011-03-29 22:50:49 UTC (rev 2249)
+++ active/CVE-2010-3876	2011-03-29 23:18:43 UTC (rev 2250)
@@ -5,7 +5,8 @@
 Notes:
 Bugs:
 upstream: released (2.6.37-rc2) [6728664]
-2.6.32-upstream-stable: needed "dannf poked davem about it on 2010.11.20"
-linux-2.6: released (2.6.32-30)
+2.6.32-upstream-stable: needed
+linux-2.6: released (2.6.32-30) [bugfix/all/CVE-2010-3876.patch]
 2.6.26-lenny-security: released (2.6.26-26lenny1) [bugfix/all/net-packet-fix-information-leak-to-userland.patch]
-2.6.32-squeeze-security: released (2.6.32-30)
+2.6.32-squeeze-security: released (2.6.32-30) [bugfix/all/CVE-2010-3876.patch]
+

Modified: active/CVE-2010-3877
===================================================================
--- active/CVE-2010-3877	2011-03-29 22:50:49 UTC (rev 2249)
+++ active/CVE-2010-3877	2011-03-29 23:18:43 UTC (rev 2250)
@@ -6,6 +6,6 @@
 Bugs:
 upstream: released (2.6.37-rc2) [88f8a5e3e7defccd3925cabb1ee4d3994e5cdb52]
 2.6.32-upstream-stable: needed
-linux-2.6: released (2.6.32-30)
+linux-2.6: released (2.6.32-30) [bugfix/all/CVE-2010-3877.patch]
 2.6.26-lenny-security: released (2.6.26-26lenny1) [bugfix/all/net-tipc-fix-information-leak-to-userland.patch]
-2.6.32-squeeze-security: released (2.6.32-30)
+2.6.32-squeeze-security: released (2.6.32-30) [bugfix/all/CVE-2010-3877.patch]

Modified: active/CVE-2010-3880
===================================================================
--- active/CVE-2010-3880	2011-03-29 22:50:49 UTC (rev 2249)
+++ active/CVE-2010-3880	2011-03-29 23:18:43 UTC (rev 2250)
@@ -6,6 +6,6 @@
 Bugs:
 upstream: released (2.6.37-rc2) [22e76c8]
 2.6.32-upstream-stable: needed
-linux-2.6: released (2.6.32-30)
+linux-2.6: released (2.6.32-30) [bugfix/all/CVE-2010-3880.patch]
 2.6.26-lenny-security: released (2.6.26-26lenny1) [bugfix/all/inet_diag-make-sure-we-actually-run-the-same-bytecode-we-audited.patch]
-2.6.32-squeeze-security: released (2.6.32-30)
+2.6.32-squeeze-security: released (2.6.32-30) [bugfix/all/CVE-2010-3880.patch]

Modified: active/CVE-2010-4243
===================================================================
--- active/CVE-2010-4243	2011-03-29 22:50:49 UTC (rev 2249)
+++ active/CVE-2010-4243	2011-03-29 23:18:43 UTC (rev 2250)
@@ -11,8 +11,8 @@
  > explosion of memory isn't accounted for by any task so it won't be
  > terminated by the OOM killer."
 Bugs:
-upstream: released (2.6.37-rc5) [3c77f84]
-2.6.32-upstream-stable: needed "Not yet queueed for 2.6.32.y, but it is queued for 2.6.35.y and the same fix applies to both"
+upstream: released (2.6.37-rc5) [3c77f84, 114279be2120a916e8a04feeb2ac976a10016f2f]
+2.6.32-upstream-stable: needed 
 linux-2.6: released (2.6.32-30) [bugfix/all/exec-make-argv-envp-memory-visible-to-oom-killer.patch, bugfix/all/exec-copy-and-paste-the-fixes-into-compat_do_execve-paths.patch]
 2.6.26-lenny-security: released (2.6.26-26lenny2) [bugfix/all/exec-make-argv-envp-memory-visible-to-oom-killer.patch, bugfix/all/exec-copy-and-paste-the-fixes-into-compat_do_execve-paths.patch]
 2.6.32-squeeze-security: released (2.6.32-30) [bugfix/all/exec-make-argv-envp-memory-visible-to-oom-killer.patch, bugfix/all/exec-copy-and-paste-the-fixes-into-compat_do_execve-paths.patch]

Modified: active/CVE-2010-4342
===================================================================
--- active/CVE-2010-4342	2011-03-29 22:50:49 UTC (rev 2249)
+++ active/CVE-2010-4342	2011-03-29 23:18:43 UTC (rev 2250)
@@ -7,6 +7,6 @@
 Bugs:
 upstream: released (2.6.37) [4e085e76cbe558b79b54cbab772f61185879bc64]
 2.6.32-upstream-stable: needed
-linux-2.6: released (2.6.32-30)
+linux-2.6: released (2.6.32-30) [bugfix/all/CVE-2010-4342.patch]
 2.6.26-lenny-security: released (2.6.26-26lenny2) [bugfix/all/econet-fix-crash-in-aun_incoming.patch]
-2.6.32-squeeze-security: released (2.6.32-30)
+2.6.32-squeeze-security: released (2.6.32-30) [bugfix/all/CVE-2010-4342.patch]

Modified: active/CVE-2010-4529
===================================================================
--- active/CVE-2010-4529	2011-03-29 22:50:49 UTC (rev 2249)
+++ active/CVE-2010-4529	2011-03-29 23:18:43 UTC (rev 2250)
@@ -5,7 +5,7 @@
 Notes:
 Bugs:
 upstream: released (2.6.37) [fdac1e0697356ac212259f2147aa60c72e334861]
-2.6.32-upstream-stable: needed "davem has it queued for stable"
+2.6.32-upstream-stable: needed
 linux-2.6: released (2.6.32-30) [bugfix/all/irda-prevent-integer-underflow-in-IRLMP_ENUMDEVICES.patch]
 2.6.26-lenny-security: released (2.6.26-26lenny2) [bugfix/all/irda-prevent-integer-underflow-in-IRLMP_ENUMDEVICES.patch]
 2.6.32-squeeze-security: released (2.6.32-30) [bugfix/all/irda-prevent-integer-underflow-in-IRLMP_ENUMDEVICES.patch]

Modified: active/CVE-2010-4565
===================================================================
--- active/CVE-2010-4565	2011-03-29 22:50:49 UTC (rev 2249)
+++ active/CVE-2010-4565	2011-03-29 23:18:43 UTC (rev 2250)
@@ -4,7 +4,7 @@
 Notes:
 Bugs:
 upstream: released (2.6.37) [9f260e0efa4766e56d0ac14f1aeea6ee5eb8fe83]
-2.6.32-upstream-stable: needed "stable@ was CCed"
+2.6.32-upstream-stable: needed
 linux-2.6: released (2.6.37-1)
 2.6.26-lenny-security: released (2.6.26-26lenny2) [bugfix/all/can-use-inode-instead-of-kernel-address-for-proc-file.patch]
 2.6.32-squeeze-security: pending (2.6.32-31) [bugfix/all/can-use-inode-instead-of-kernel-address-for-proc-file.patch]

More information about the kernel-sec-discuss mailing list