[kernel-sec-discuss] r2808 - active

Ben Hutchings benh at alioth.debian.org
Mon Feb 18 14:40:09 UTC 2013 

Author: benh
Date: 2013-02-18 14:39:47 +0000 (Mon, 18 Feb 2013)
New Revision: 2808

Modified:
   active/CVE-2013-0190
   active/CVE-2013-0216
   active/CVE-2013-0217
   active/CVE-2013-0228
   active/CVE-2013-0268
   active/CVE-2013-0871
Log:
Update status for 2013 issues

Modified: active/CVE-2013-0190
===================================================================
--- active/CVE-2013-0190	2013-02-18 14:31:21 UTC (rev 2807)
+++ active/CVE-2013-0190	2013-02-18 14:39:47 UTC (rev 2808)
@@ -3,8 +3,8 @@
  http://www.openwall.com/lists/oss-security/2013/01/16/6
 Notes:
 Bugs:
-upstream: pending [9174adbee4a9a49d0139f5d71969852b36720809]
+upstream: released (3.8-rc7) [9174adbee4a9a49d0139f5d71969852b36720809]
 2.6.32-upstream-stable: needed
-sid: needed
+sid: pending (3.2.38-1)
 2.6.32-squeeze-security: released (2.6.32-47) [bugfix/x86/xen-Fix-stack-corruption-in-xen_failsafe_callback-fo.patch]
-3.2-upstream-stable: needed
+3.2-upstream-stable: released (3.2.38) [5c0ce9fed10a58f65fe2784b664e03bdeaaac650]

Modified: active/CVE-2013-0216
===================================================================
--- active/CVE-2013-0216	2013-02-18 14:31:21 UTC (rev 2807)
+++ active/CVE-2013-0216	2013-02-18 14:39:47 UTC (rev 2808)
@@ -3,8 +3,8 @@
  http://seclists.org/oss-sec/2013/q1/234
 Notes:
 Bugs:
-upstream: needed
+upstream: released (3.8-rc7) [48856286b64e4b66ec62b94e504d0b29c1ade664]
 2.6.32-upstream-stable:
 sid: needed
 2.6.32-squeeze-security: pending (2.6.32-46squeeze1) [features/all/xen/xsa39-classic-0001-xen-netback-garbage-ring.patch]
-3.2-upstream-stable:
+3.2-upstream-stable: pending (3.2.39-rc1) [xen-netback-shutdown-the-ring-if-it-contains-garbage.patch]

Modified: active/CVE-2013-0217
===================================================================
--- active/CVE-2013-0217	2013-02-18 14:31:21 UTC (rev 2807)
+++ active/CVE-2013-0217	2013-02-18 14:39:47 UTC (rev 2808)
@@ -3,8 +3,8 @@
  http://seclists.org/oss-sec/2013/q1/234
 Notes:
 Bugs:
-upstream: needed
+upstream: released (3.8-rc7) [b9149729ebdcfce63f853aa54a404c6a8f6ebbf3]
 2.6.32-upstream-stable:
 sid: needed
 2.6.32-squeeze-security: pending (2.6.32-46squeeze1) [features/all/xen/xsa39-classic-0002-xen-netback-wrap-around.patch]
-3.2-upstream-stable:
+3.2-upstream-stable: pending (3.2.39-rc1) [netback-correct-netbk_tx_err-to-handle-wrap-around.patch]

Modified: active/CVE-2013-0228
===================================================================
--- active/CVE-2013-0228	2013-02-18 14:31:21 UTC (rev 2807)
+++ active/CVE-2013-0228	2013-02-18 14:39:47 UTC (rev 2808)
@@ -3,8 +3,8 @@
  http://permalink.gmane.org/gmane.comp.security.oss.general/9371
 Notes:
 Bugs:
-upstream: needed
+upstream: pending [13d2b4d11d69a92574a55bfd985cfb0ca77aebdc]
 2.6.32-upstream-stable: needed
 sid: needed
 2.6.32-squeeze-security: pending (2.6.32-46squeeze1) [features/all/xen/xsa42-pvops-0001-x86-xen-don-t-assume-ds-is-usable-in-xen_iret-for-32.patch]
-3.2-upstream-stable: needed
+3.2-upstream-stable: pending (3.2.39-rc1) [x86-xen-don-t-assume-ds-is-usable-in-xen_iret-for-32-bit-pvops.patch]

Modified: active/CVE-2013-0268
===================================================================
--- active/CVE-2013-0268	2013-02-18 14:31:21 UTC (rev 2807)
+++ active/CVE-2013-0268	2013-02-18 14:39:47 UTC (rev 2808)
@@ -4,6 +4,6 @@
 Bugs:
 upstream: released (3.8-rc2) [c903f0456bc69176912dee6dd25c6a66ee1aed00]
 2.6.32-upstream-stable:
-sid: needed
+sid: pending (3.2.38-1)
 2.6.32-squeeze-security: pending (2.6.32-46squeeze1) [bugfix/x86/msr-add-capabilities-check.patch]
 3.2-upstream-stable: released (3.2.38)

Modified: active/CVE-2013-0871
===================================================================
--- active/CVE-2013-0871	2013-02-18 14:31:21 UTC (rev 2807)
+++ active/CVE-2013-0871	2013-02-18 14:39:47 UTC (rev 2808)
@@ -5,8 +5,8 @@
  There is a similar x86-specific ptrace race fixed by 848e8f5f0ad3169560c516fff6471be65f76e69f, 95cf00fa5d5e2a200a2c044c84bde8389a237e02.
  The fix for this issue at least textually depends on that.
 Bugs:
-upstream: 910ffdb18a6408e14febbb6e4b6840fd2c928c82, 9899d11f654474d2d54ea52ceaa2a1f4db3abd68, 9067ac85d533651b98c2ff903182a20cbb361fcb
+upstream: released (3.8-rc5) [910ffdb18a6408e14febbb6e4b6840fd2c928c82, 9899d11f654474d2d54ea52ceaa2a1f4db3abd68, 9067ac85d533651b98c2ff903182a20cbb361fcb]
 2.6.32-upstream-stable:
 sid:
 2.6.32-squeeze-security:
-3.2-upstream-stable: pending [ptrace-introduce-signal_wake_up_state-and-ptrace_signal_wake_up.patch, ptrace-ensure-arch_ptrace-ptrace_request-can-never-race-with.patch, wake_up_process-should-be-never-used-to-wakeup-a.patch]
+3.2-upstream-stable: pending (3.2.39-rc1) [ptrace-introduce-signal_wake_up_state-and-ptrace_signal_wake_up.patch, ptrace-ensure-arch_ptrace-ptrace_request-can-never-race-with.patch, wake_up_process-should-be-never-used-to-wakeup-a.patch]

More information about the kernel-sec-discuss mailing list