[kernel-sec-discuss] r2470 - active

Dann Frazier dannf at alioth.debian.org
Thu Sep 1 06:20:11 UTC 2011 

Author: dannf
Date: 2011-09-01 06:20:10 +0000 (Thu, 01 Sep 2011)
New Revision: 2470

Modified:
   active/CVE-2009-4067
   active/CVE-2011-1020
   active/CVE-2011-2494
   active/CVE-2011-2695
   active/CVE-2011-2928
Log:
status updates

Modified: active/CVE-2009-4067
===================================================================
--- active/CVE-2009-4067	2011-08-31 15:38:08 UTC (rev 2469)
+++ active/CVE-2009-4067	2011-09-01 06:20:10 UTC (rev 2470)
@@ -7,5 +7,5 @@
 upstream: N/A "Driver was removed in 2.6.27"
 2.6.32-upstream-stable: N/A "Driver was removed in 2.6.27"
 sid: N/A "Driver was removed in 2.6.27"
-2.6.26-lenny-security: needed
+2.6.26-lenny-security: pending (2.6.26-26lenny4) [bugfix/all/usb-misc-auerswald-overflow-fix.patch]
 2.6.32-squeeze-security: N/A "Driver was removed in 2.6.27"

Modified: active/CVE-2011-1020
===================================================================
--- active/CVE-2011-1020	2011-08-31 15:38:08 UTC (rev 2469)
+++ active/CVE-2011-1020	2011-09-01 06:20:10 UTC (rev 2470)
@@ -15,5 +15,5 @@
 upstream: needed
 2.6.32-upstream-stable: needed
 sid: needed 
-2.6.26-lenny-security: needed 
+2.6.26-lenny-security: pending (2.6.32-35squeeze1) [bugfix/all/pagemap-close-races-with-suid-execve.patch, bugfix/all/proc-map-report-errors-sanely.patch, bugfix/all/close-race-in-proc-pid-environ.patch, bugfix/all/auxv-require-the-target-or-self-to-be-traceable.patch]
 2.6.32-squeeze-security: pending (2.6.32-35squeeze1) [bugfix/all/pagemap-close-races-with-suid-execve.patch, bugfix/all/proc-map-report-errors-sanely.patch, bugfix/all/close-race-in-proc-pid-environ.patch, bugfix/all/auxv-require-the-target-or-self-to-be-traceable.patch, bugfix/all/proc-syscall-stack-personality-races.patch]

Modified: active/CVE-2011-2494
===================================================================
--- active/CVE-2011-2494	2011-08-31 15:38:08 UTC (rev 2469)
+++ active/CVE-2011-2494	2011-09-01 06:20:10 UTC (rev 2470)
@@ -6,5 +6,5 @@
 upstream: needed "no upstream fix as of 2011.08.08"
 2.6.32-upstream-stable:
 sid: needed "no upstream fix as of 2011.08.08"
-2.6.26-lenny-security:
+2.6.26-lenny-security: needed "no upstream fix as of 2011.08.08"
 2.6.32-squeeze-security: needed "no upstream fix as of 2011.08.08"

Modified: active/CVE-2011-2695
===================================================================
--- active/CVE-2011-2695	2011-08-31 15:38:08 UTC (rev 2469)
+++ active/CVE-2011-2695	2011-09-01 06:20:10 UTC (rev 2470)
@@ -1,6 +1,9 @@
 Description: ext4: kernel panic when writing data to the last block of sparse file
 References:
 Notes:
+ dannf> I used the reproducer in the commit on a loopback device and was
+ dannf> not able to reproduce on a squeeze system. Though, I also couldn't
+ dannf> reproduce w/ 2.6.39, so maybe a PEBKAC
 Bugs:
 upstream: released (3.0) [f17722f917b2f21497deb6edc62fb1683daa08e6]
 2.6.32-upstream-stable: needed

Modified: active/CVE-2011-2928
===================================================================
--- active/CVE-2011-2928	2011-08-31 15:38:08 UTC (rev 2469)
+++ active/CVE-2011-2928	2011-09-01 06:20:10 UTC (rev 2470)
@@ -6,5 +6,5 @@
 upstream: pending (3.1-rc3) [338d0f0a6fbc82407864606f5b64b75aeb3c70f2]
 2.6.32-upstream-stable: released (2.6.32.46)
 sid: released (3.0.0-2)
-2.6.26-lenny-security: needed
+2.6.26-lenny-security: pending (2.6.26-26lenny4) [bugfix/all/befs-validate-length-of-long-symbolic-links.patch]
 2.6.32-squeeze-security: pending (2.6.32-35squeeze1) [bugfix/all/befs-validate-length-of-long-symbolic-links.patch]

More information about the kernel-sec-discuss mailing list