[kernel] r4977 - patch-tracking
Dann Frazier
dannf at costa.debian.org
Tue Dec 6 08:59:08 UTC 2005
Author: dannf
Date: Tue Dec 6 08:59:07 2005
New Revision: 4977
Modified:
patch-tracking/CVE-2003-0462
patch-tracking/CVE-2003-0501
Log:
more updates...
Modified: patch-tracking/CVE-2003-0462
==============================================================================
--- patch-tracking/CVE-2003-0462 (original)
+++ patch-tracking/CVE-2003-0462 Tue Dec 6 08:59:07 2005
@@ -16,15 +16,29 @@
on Linux 2.4 allows local users to cause a denial of service
(crash).
Notes:
+ The fix for 2.4 went into a larger patch:
+ http://linux.bkbits.net:8080/linux-2.4/cset@41c68e9bogrpceA9rUJa-xHwBd-P6g?nav=index.html|src/|src/fs|src/fs/proc|related/fs/proc/base.c
+ However, the patch for 2.6 is much simpler:
+ http://linux.bkbits.net:8080/linux-2.6/cset@3ff1101fZfOZMtqtcvKc_s-agJpLrQ?nav=index.html|src/|src/fs|src/fs/proc|related/fs/proc/base.c
+ Unfortunately, it doesn't apply cleanly to 2.4. It looks like
+ the fix included in 2.4.18-10 just re-typed len in
+ proc_pid_environ; while in 2.6 len was also retyped in
+ proc_pid_cmdline. Only the former deals with evn_end/env_start
+ pointers and the latter doesn't apply cleanly to 2.4, so I'm
+ just making the proc_pid_environ change.
+ .
+ hrm.. maybe there was an earlier patch to 2.4; the above 2.4
+ patch didn't go in till 2.4.29, yet it looks like this was
+ already fixed in our 2.4.27 .orig.tar.gz
Bugs:
-upstream:
-2.6.14:
-2.6.8-sarge-security:
-2.4.27-sarge-security:
-2.6.8:
-2.4.19-woody-security:
+upstream: released (2.6.1)
+2.6.14: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.6.8: N/A
+2.4.19-woody-security: pending (2.4.19-4.woody3)
2.4.18-woody-security: released (2.4.18-10)
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
+2.4.17-woody-security: pending (2.4.17-1woody4)
+2.4.16-woody-security: pending (2.4.16-1woody3)
+2.4.17-woody-security-hppa: pending (32.5)
2.4.17-woody-security-ia64: released (011226.14.1)
Modified: patch-tracking/CVE-2003-0501
==============================================================================
--- patch-tracking/CVE-2003-0501 (original)
+++ patch-tracking/CVE-2003-0501 Tue Dec 6 08:59:07 2005
@@ -19,17 +19,15 @@
before executing a setuid program, which causes the program to
fail to change the ownership and permissions of those entries.
Notes:
- Here's a link to the patch; but bkbits is currently busted.
- http://bkbits.net:8080/linux-2.4/cset@3f2946f3RQGVjd-F2uGG6ifd8nHJNg?nav=index.html|src/|src/fs|src/fs/proc|related/fs/proc/proc_misc.c
Bugs:
upstream:
-2.6.14:
-2.6.8-sarge-security:
-2.4.27-sarge-security:
-2.6.8:
-2.4.19-woody-security:
+2.6.14: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.6.8: N/A
+2.4.19-woody-security: pending (2.4.19-4.woody3)
2.4.18-woody-security: released (2.4.18-10)
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
+2.4.17-woody-security: pending (2.4.17-1woody4)
+2.4.16-woody-security: pending (2.4.16-1woody3)
+2.4.17-woody-security-hppa: pending (32.5)
2.4.17-woody-security-ia64: released (011226.14.1)
More information about the Kernel-svn-changes
mailing list