[kernel] r5002 - patch-tracking
Dann Frazier
dannf at costa.debian.org
Mon Dec 12 02:49:49 UTC 2005
Author: dannf
Date: Mon Dec 12 02:49:47 2005
New Revision: 5002
Added:
patch-tracking/mremap
- copied, changed from r5001, patch-tracking/00boilerplate
Modified:
patch-tracking/CVE-2004-0138
patch-tracking/CVE-2004-0394
patch-tracking/CVE-2004-0427
patch-tracking/CVE-2004-0447
patch-tracking/CVE-2004-0554
patch-tracking/CVE-2004-0565
patch-tracking/CVE-2004-0685
patch-tracking/CVE-2004-0883
patch-tracking/CVE-2004-0949
patch-tracking/CVE-2004-0997
patch-tracking/CVE-2004-1016
patch-tracking/CVE-2004-1017
patch-tracking/CVE-2004-1068
patch-tracking/CVE-2004-1070
patch-tracking/CVE-2004-1071
patch-tracking/CVE-2004-1072
patch-tracking/CVE-2004-1073
patch-tracking/CVE-2004-1074
patch-tracking/CVE-2004-1234
patch-tracking/CVE-2004-1235
patch-tracking/CVE-2004-1333
patch-tracking/CVE-2004-1335
patch-tracking/CVE-2005-0001
patch-tracking/CVE-2005-0003
patch-tracking/CVE-2005-0124
patch-tracking/CVE-2005-0135
patch-tracking/CVE-2005-0384
patch-tracking/CVE-2005-0489
patch-tracking/CVE-2005-0504
Log:
update issues from 2.4.18-14.4
Modified: patch-tracking/CVE-2004-0138
==============================================================================
--- patch-tracking/CVE-2004-0138 (original)
+++ patch-tracking/CVE-2004-0138 Mon Dec 12 02:49:47 2005
@@ -1,16 +1,17 @@
-Candidate:
+Candidate: CVE-2004-0138
References:
Description:
Notes:
+ Still marked **RESERVED**
Bugs:
upstream:
2.6.14:
2.6.8-sarge-security:
2.4.27-sarge-security:
2.6.8:
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
+2.4.19-woody-security: pending (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-14.4)
+2.4.17-woody-security: pending (2.4.17-1woody4)
+2.4.16-woody-security: pending (2.4.16-1woody3)
+2.4.17-woody-security-hppa: pending (32.5)
+2.4.17-woody-security-ia64: pending (011226.18)
Modified: patch-tracking/CVE-2004-0394
==============================================================================
--- patch-tracking/CVE-2004-0394 (original)
+++ patch-tracking/CVE-2004-0394 Mon Dec 12 02:49:47 2005
@@ -1,6 +1,26 @@
-Candidate:
+Candidate: CVE-2004-0394
References:
+ CONECTIVA:CLA-2004:846
+ URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000846
+ GENTOO:GLSA-200407-02
+ URL:http://security.gentoo.org/glsa/glsa-200407-02.xml
+ MANDRAKE:MDKSA-2004:037
+ URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:037
+ MLIST:[fedora-announce] 20040422 Fedora alert FEDORA-2004-111 (kernel)
+ URL:http://lwn.net/Articles/81773/
+ ENGARDE:ESA-20040428-004
+ URL:http://www.linuxsecurity.com/advisories/engarde_advisory-4285.html
+ SGI:20040504-01-U
+ URL:ftp://patches.sgi.com/support/free/security/advisories/20040504-01-U.asc
+ SGI:20040505-01-U
+ URL:ftp://patches.sgi.com/support/free/security/advisories/20040505-01-U.asc
+ SUSE:SuSE-SA:2004:010
+ URL:http://www.novell.com/linux/security/advisories/2004_10_kernel.html
+ XF:linux-panic-bo(15953)
+ URL:http://xforce.iss.net/xforce/xfdb/15953
Description:
+ A "potential" buffer overflow exists in the panic() function in Linux 2.4.x,
+ although it may not be exploitable due to the functionality of panic.
Notes:
Bugs:
upstream:
@@ -8,9 +28,9 @@
2.6.8-sarge-security:
2.4.27-sarge-security:
2.6.8:
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
+2.4.19-woody-security: pending (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-14.4)
+2.4.17-woody-security: pending (2.4.17-1woody4)
+2.4.16-woody-security: pending (2.4.16-1woody3)
+2.4.17-woody-security-hppa: pending (32.5)
+2.4.17-woody-security-ia64: pending (011226.18)
Modified: patch-tracking/CVE-2004-0427
==============================================================================
--- patch-tracking/CVE-2004-0427 (original)
+++ patch-tracking/CVE-2004-0427 Mon Dec 12 02:49:47 2005
@@ -62,9 +62,9 @@
2.6.8-sarge-security: N/A
2.4.27-sarge-security: N/A
2.6.8: N/A
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
+2.4.19-woody-security: pending (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-14.4)
+2.4.17-woody-security: pending (2.4.17-1woody4)
+2.4.16-woody-security: pending (2.4.16-1woody3)
+2.4.17-woody-security-hppa: pending (32.5)
+2.4.17-woody-security-ia64: pending (011226.18)
Modified: patch-tracking/CVE-2004-0447
==============================================================================
--- patch-tracking/CVE-2004-0447 (original)
+++ patch-tracking/CVE-2004-0447 Mon Dec 12 02:49:47 2005
@@ -26,9 +26,9 @@
2.6.8-sarge-security:
2.4.27-sarge-security:
2.6.8:
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
+2.4.19-woody-security: pending (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-14.4)
+2.4.17-woody-security: pending (2.4.17-1woody4)
+2.4.16-woody-security: pending (2.4.16-1woody3)
+2.4.17-woody-security-hppa: pending (32.5)
+2.4.17-woody-security-ia64: pending (011226.18)
Modified: patch-tracking/CVE-2004-0554
==============================================================================
--- patch-tracking/CVE-2004-0554 (original)
+++ patch-tracking/CVE-2004-0554 Mon Dec 12 02:49:47 2005
@@ -44,9 +44,9 @@
2.6.8-sarge-security:
2.4.27-sarge-security:
2.6.8:
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
+2.4.19-woody-security: pending (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-14.4)
+2.4.17-woody-security: pending (2.4.17-1woody4)
+2.4.16-woody-security: pending (2.4.16-1woody3)
+2.4.17-woody-security-hppa: pending (32.5)
+2.4.17-woody-security-ia64: pending (011226.18)
Modified: patch-tracking/CVE-2004-0565
==============================================================================
--- patch-tracking/CVE-2004-0565 (original)
+++ patch-tracking/CVE-2004-0565 Mon Dec 12 02:49:47 2005
@@ -18,9 +18,9 @@
2.6.8-sarge-security:
2.4.27-sarge-security: N/A
2.6.8:
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
+2.4.19-woody-security: pending (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-14.4)
+2.4.17-woody-security: pending (2.4.17-1woody4)
+2.4.16-woody-security: pending (2.4.16-1woody3)
+2.4.17-woody-security-hppa: pending (32.5)
+2.4.17-woody-security-ia64: pending (011226.18)
Modified: patch-tracking/CVE-2004-0685
==============================================================================
--- patch-tracking/CVE-2004-0685 (original)
+++ patch-tracking/CVE-2004-0685 Mon Dec 12 02:49:47 2005
@@ -25,9 +25,9 @@
2.6.8-sarge-security:
2.4.27-sarge-security: N/A
2.6.8:
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
+2.4.19-woody-security: pending (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-14.4)
+2.4.17-woody-security: pending (2.4.17-1woody4)
+2.4.16-woody-security: pending (2.4.16-1woody3)
+2.4.17-woody-security-hppa: pending (32.5)
+2.4.17-woody-security-ia64: pending (011226.18)
Modified: patch-tracking/CVE-2004-0883
==============================================================================
--- patch-tracking/CVE-2004-0883 (original)
+++ patch-tracking/CVE-2004-0883 Mon Dec 12 02:49:47 2005
@@ -40,9 +40,9 @@
2.6.8-sarge-security:
2.4.27-sarge-security:
2.6.8:
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
+2.4.19-woody-security: pending (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-14.4)
+2.4.17-woody-security: pending (2.4.17-1woody4)
+2.4.16-woody-security: pending (2.4.16-1woody3)
+2.4.17-woody-security-hppa: pending (32.5)
+2.4.17-woody-security-ia64: pending (011226.18)
Modified: patch-tracking/CVE-2004-0949
==============================================================================
--- patch-tracking/CVE-2004-0949 (original)
+++ patch-tracking/CVE-2004-0949 Mon Dec 12 02:49:47 2005
@@ -32,9 +32,9 @@
2.6.8-sarge-security:
2.4.27-sarge-security:
2.6.8:
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
+2.4.19-woody-security: pending (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-14.4)
+2.4.17-woody-security: pending (2.4.17-1woody4)
+2.4.16-woody-security: pending (2.4.16-1woody3)
+2.4.17-woody-security-hppa: pending (32.5)
+2.4.17-woody-security-ia64: pending (011226.18)
Modified: patch-tracking/CVE-2004-0997
==============================================================================
--- patch-tracking/CVE-2004-0997 (original)
+++ patch-tracking/CVE-2004-0997 Mon Dec 12 02:49:47 2005
@@ -1,16 +1,17 @@
-Candidate:
+Candidate: CVE-2004-0997
References:
Description:
Notes:
+ Still marked **RESERVED**
Bugs:
upstream:
2.6.14:
2.6.8-sarge-security:
2.4.27-sarge-security:
2.6.8:
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
+2.4.19-woody-security: pending (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-14.4)
+2.4.17-woody-security: pending (2.4.17-1woody4)
+2.4.16-woody-security: pending (2.4.16-1woody3)
+2.4.17-woody-security-hppa: pending (32.5)
+2.4.17-woody-security-ia64: pending (011226.18)
Modified: patch-tracking/CVE-2004-1016
==============================================================================
--- patch-tracking/CVE-2004-1016 (original)
+++ patch-tracking/CVE-2004-1016 Mon Dec 12 02:49:47 2005
@@ -27,9 +27,9 @@
2.6.8-sarge-security: released (2.6.8-11) [scm_send-dos-fix.dpatch, scm_send-dos-fix2.dpatch]
2.4.27-sarge-security:
2.6.8: released (2.6.8-11) [scm_send-dos-fix.dpatch, scm_send-dos-fix2.dpatch]
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
+2.4.19-woody-security: pending (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-14.4)
+2.4.17-woody-security: pending (2.4.17-1woody4)
+2.4.16-woody-security: pending (2.4.16-1woody3)
+2.4.17-woody-security-hppa: pending (32.5)
+2.4.17-woody-security-ia64: pending (011226.18)
Modified: patch-tracking/CVE-2004-1017
==============================================================================
--- patch-tracking/CVE-2004-1017 (original)
+++ patch-tracking/CVE-2004-1017 Mon Dec 12 02:49:47 2005
@@ -16,9 +16,9 @@
2.6.8-sarge-security:
2.4.27-sarge-security: released (2.4.27-9) [137_io_edgeport_overflow.diff]
2.6.8:
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
+2.4.19-woody-security: pending (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-14.4)
+2.4.17-woody-security: pending (2.4.17-1woody4)
+2.4.16-woody-security: pending (2.4.16-1woody3)
+2.4.17-woody-security-hppa: pending (32.5)
+2.4.17-woody-security-ia64: pending (011226.18)
Modified: patch-tracking/CVE-2004-1068
==============================================================================
--- patch-tracking/CVE-2004-1068 (original)
+++ patch-tracking/CVE-2004-1068 Mon Dec 12 02:49:47 2005
@@ -25,9 +25,9 @@
2.6.8-sarge-security: released (2.6.8-11)
2.4.27-sarge-security: released (2.4.27-7)
2.6.8: released (2.6.8-11)
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
+2.4.19-woody-security: pending (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-14.4)
+2.4.17-woody-security: pending (2.4.17-1woody4)
+2.4.16-woody-security: pending (2.4.16-1woody3)
+2.4.17-woody-security-hppa: pending (32.5)
+2.4.17-woody-security-ia64: pending (011226.18)
Modified: patch-tracking/CVE-2004-1070
==============================================================================
--- patch-tracking/CVE-2004-1070 (original)
+++ patch-tracking/CVE-2004-1070 Mon Dec 12 02:49:47 2005
@@ -22,9 +22,9 @@
2.6.8-sarge-security: released (2.6.8-9) [elf-loader-fixes.dpatch, elf-loader-fixes-the-return.dpatch]
2.4.27-sarge-security: released (2.4.27-6) [097-elf_loader_overflow-1.diff, 097-elf_loader_overflow-2.diff, 097-elf_loader_overflow-3.diff, 097-elf_loader_overflow-4.diff]
2.6.8: released (2.6.8-9) [elf-loader-fixes.dpatch, elf-loader-fixes-the-return.dpatch]
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
+2.4.19-woody-security: pending (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-14.4)
+2.4.17-woody-security: pending (2.4.17-1woody4)
+2.4.16-woody-security: pending (2.4.16-1woody3)
+2.4.17-woody-security-hppa: pending (32.5)
+2.4.17-woody-security-ia64: pending (011226.18)
Modified: patch-tracking/CVE-2004-1071
==============================================================================
--- patch-tracking/CVE-2004-1071 (original)
+++ patch-tracking/CVE-2004-1071 Mon Dec 12 02:49:47 2005
@@ -21,9 +21,9 @@
2.6.8-sarge-security: released (2.6.8-9) [elf-loader-fixes.dpatch, elf-loader-fixes-the-return.dpatch]
2.4.27-sarge-security: released (2.4.27-6) [097-elf_loader_overflow-1.diff, 097-elf_loader_overflow-2.diff, 097-elf_loader_overflow-3.diff, 097-elf_loader_overflow-4.diff]
2.6.8: released (2.6.8-9) [elf-loader-fixes.dpatch, elf-loader-fixes-the-return.dpatch]
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
+2.4.19-woody-security: pending (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-14.4)
+2.4.17-woody-security: pending (2.4.17-1woody4)
+2.4.16-woody-security: pending (2.4.16-1woody3)
+2.4.17-woody-security-hppa: pending (32.5)
+2.4.17-woody-security-ia64: pending (011226.18)
Modified: patch-tracking/CVE-2004-1072
==============================================================================
--- patch-tracking/CVE-2004-1072 (original)
+++ patch-tracking/CVE-2004-1072 Mon Dec 12 02:49:47 2005
@@ -24,9 +24,9 @@
2.6.8-sarge-security: released (2.6.8-9) [elf-loader-fixes.dpatch, elf-loader-fixes-the-return.dpatch]
2.4.27-sarge-security: released (2.4.27-6) [097-elf_loader_overflow-1.diff, 097-elf_loader_overflow-2.diff, 097-elf_loader_overflow-3.diff, 097-elf_loader_overflow-4.diff]
2.6.8: released (2.6.8-9) [elf-loader-fixes.dpatch, elf-loader-fixes-the-return.dpatch]
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
+2.4.19-woody-security: pending (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-14.4)
+2.4.17-woody-security: pending (2.4.17-1woody4)
+2.4.16-woody-security: pending (2.4.16-1woody3)
+2.4.17-woody-security-hppa: pending (32.5)
+2.4.17-woody-security-ia64: pending (011226.18)
Modified: patch-tracking/CVE-2004-1073
==============================================================================
--- patch-tracking/CVE-2004-1073 (original)
+++ patch-tracking/CVE-2004-1073 Mon Dec 12 02:49:47 2005
@@ -20,9 +20,9 @@
2.6.8-sarge-security: released (2.6.8-9) [elf-loader-fixes.dpatch, elf-loader-fixes-the-return.dpatch]
2.4.27-sarge-security: released (2.4.27-6) [097-elf_loader_overflow-1.diff, 097-elf_loader_overflow-2.diff, 097-elf_loader_overflow-3.diff, 097-elf_loader_overflow-4.diff]
2.6.8: released (2.6.8-9) [elf-loader-fixes.dpatch, elf-loader-fixes-the-return.dpatch]
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
+2.4.19-woody-security: pending (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-14.4)
+2.4.17-woody-security: pending (2.4.17-1woody4)
+2.4.16-woody-security: pending (2.4.16-1woody3)
+2.4.17-woody-security-hppa: pending (32.5)
+2.4.17-woody-security-ia64: pending (011226.18)
Modified: patch-tracking/CVE-2004-1074
==============================================================================
--- patch-tracking/CVE-2004-1074 (original)
+++ patch-tracking/CVE-2004-1074 Mon Dec 12 02:49:47 2005
@@ -19,15 +19,20 @@
enabled, allows local users to cause a denial of service (kernel oops) via a
malformed a.out binary.
Notes:
+ From Joey's 2.4.18-14.4 changelog:
+ * Applied patch by Chris Wright to not insert overlapping regions in
+ setup_arg_pages() [fs/exec.c, associated to CAN-2004-1074]
+ * Applied patch by Chris Wright to fix error handling in do_brk() when
+ setting up bss in a.out [fs/binfmt_aout.c, CAN-2004-1074]
Bugs:
upstream:
2.6.14:
2.6.8-sarge-security: released (2.6.8-11) [binfmt-huge-vma-dos.dpatch, binfmt-huge-vma-dos2.dpatch]
2.4.27-sarge-security: released (2.4.27-7) [114-binfmt_aout-CVE-2004-1074.diff]
2.6.8: released (2.6.8-11) [binfmt-huge-vma-dos.dpatch, binfmt-huge-vma-dos2.dpatch]
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
+2.4.19-woody-security: pending (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-14.4)
+2.4.17-woody-security: pending (2.4.17-1woody4)
+2.4.16-woody-security: pending (2.4.16-1woody3)
+2.4.17-woody-security-hppa: pending (32.5)
+2.4.17-woody-security-ia64: pending (011226.18)
Modified: patch-tracking/CVE-2004-1234
==============================================================================
--- patch-tracking/CVE-2004-1234 (original)
+++ patch-tracking/CVE-2004-1234 Mon Dec 12 02:49:47 2005
@@ -21,9 +21,9 @@
2.6.8-sarge-security:
2.4.27-sarge-security:
2.6.8:
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
+2.4.19-woody-security: pending (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-14.4)
+2.4.17-woody-security: pending (2.4.17-1woody4)
+2.4.16-woody-security: pending (2.4.16-1woody3)
+2.4.17-woody-security-hppa: pending (32.5)
+2.4.17-woody-security-ia64: pending (011226.18)
Modified: patch-tracking/CVE-2004-1235
==============================================================================
--- patch-tracking/CVE-2004-1235 (original)
+++ patch-tracking/CVE-2004-1235 Mon Dec 12 02:49:47 2005
@@ -35,9 +35,9 @@
2.6.8-sarge-security: released (2.6.8-12) [028-do_brk_security_fixes.dpatch]
2.4.27-sarge-security: released (2.4.27-8) [122_sec_brk-locked.diff]
2.6.8: released (2.6.8-12) [028-do_brk_security_fixes.dpatch]
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
+2.4.19-woody-security: pending (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-14.4)
+2.4.17-woody-security: pending (2.4.17-1woody4)
+2.4.16-woody-security: pending (2.4.16-1woody3)
+2.4.17-woody-security-hppa: pending (32.5)
+2.4.17-woody-security-ia64: pending (011226.18)
Modified: patch-tracking/CVE-2004-1333
==============================================================================
--- patch-tracking/CVE-2004-1333 (original)
+++ patch-tracking/CVE-2004-1333 Mon Dec 12 02:49:47 2005
@@ -24,9 +24,9 @@
2.6.8-sarge-security: released (2.6.8-11) [vt-of-death.dpatch]
2.4.27-sarge-security: released (2.4.27-9) [136_vc_resizing_overflow.diff]
2.6.8: released (2.6.8-11) [vt-of-death.dpatch]
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
+2.4.19-woody-security: pending (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-14.4)
+2.4.17-woody-security: pending (2.4.17-1woody4)
+2.4.16-woody-security: pending (2.4.16-1woody3)
+2.4.17-woody-security-hppa: pending (32.5)
+2.4.17-woody-security-ia64: pending (011226.18)
Modified: patch-tracking/CVE-2004-1335
==============================================================================
--- patch-tracking/CVE-2004-1335 (original)
+++ patch-tracking/CVE-2004-1335 Mon Dec 12 02:49:47 2005
@@ -20,9 +20,9 @@
2.6.8-sarge-security: released (2.6.8-11) [fix-ip-options-leak.dpatch]
2.4.27-sarge-security: released (2.4.27-9) [135_fix_ip_options_leak.diff]
2.6.8: released (2.6.8-11) [fix-ip-options-leak.dpatch]
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
+2.4.19-woody-security: pending (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-14.4)
+2.4.17-woody-security: pending (2.4.17-1woody4)
+2.4.16-woody-security: pending (2.4.16-1woody3)
+2.4.17-woody-security-hppa: pending (32.5)
+2.4.17-woody-security-ia64: pending (011226.18)
Modified: patch-tracking/CVE-2005-0001
==============================================================================
--- patch-tracking/CVE-2005-0001 (original)
+++ patch-tracking/CVE-2005-0001 Mon Dec 12 02:49:47 2005
@@ -34,9 +34,9 @@
2.6.8-sarge-security: released (2.6.8-13) [034-stack_resize_exploit.dpatch]
2.4.27-sarge-security: released (2.4.27-8) [131_expand_stack_race.diff]
2.6.8: released (2.6.8-13) [034-stack_resize_exploit.dpatch]
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
+2.4.19-woody-security: pending (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-14.4)
+2.4.17-woody-security: pending (2.4.17-1woody4)
+2.4.16-woody-security: pending (2.4.16-1woody3)
+2.4.17-woody-security-hppa: pending (32.5)
+2.4.17-woody-security-ia64: pending (011226.18)
Modified: patch-tracking/CVE-2005-0003
==============================================================================
--- patch-tracking/CVE-2005-0003 (original)
+++ patch-tracking/CVE-2005-0003 Mon Dec 12 02:49:47 2005
@@ -26,9 +26,9 @@
2.6.8-sarge-security:
2.4.27-sarge-security: released (2.4.27-9) [145_insert_vm_struct-no-BUG.patch]
2.6.8:
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
+2.4.19-woody-security: pending (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-14.4)
+2.4.17-woody-security: pending (2.4.17-1woody4)
+2.4.16-woody-security: pending (2.4.16-1woody3)
+2.4.17-woody-security-hppa: pending (32.5)
+2.4.17-woody-security-ia64: pending (011226.18)
Modified: patch-tracking/CVE-2005-0124
==============================================================================
--- patch-tracking/CVE-2005-0124 (original)
+++ patch-tracking/CVE-2005-0124 Mon Dec 12 02:49:47 2005
@@ -1,6 +1,18 @@
-Candidate:
+Candidate: CVE-2005-0124
References:
+ MLIST:[linux-kernel] 20041216 [Coverity] Untrusted user data in kernel
+ URL:http://seclists.org/lists/linux-kernel/2004/Dec/3914.html
+ MLIST:[linux-kernel] 20050105 Re: [Coverity] Untrusted user data in kernel
+ URL:http://seclists.org/lists/linux-kernel/2005/Jan/1089.html
+ MLIST:[linux-kernel] 20050107 [PATCH 2.4.29-pre3-bk4] fs/coda Re: [Coverity] Untrusted user data in kernel
+ URL:http://seclists.org/lists/linux-kernel/2005/Jan/2018.html
+ MLIST:[linux-kernel] 20050107 [PATCH 2.6.10-mm2] fs/coda Re: [Coverity] Untrusted user data in kernel
+ URL:http://seclists.org/lists/linux-kernel/2005/Jan/2020.html
Description:
+ The coda_pioctl function in the coda functionality (pioctl.c) for Linux
+ kernel 2.6.9 and 2.4.x before 2.4.29 may allow local users to cause a denial
+ of service (crash) or execute arbitrary code via negative vi.in_size or
+ vi.out_size values, which may trigger a buffer overflow.
Notes:
Bugs:
upstream:
@@ -8,9 +20,9 @@
2.6.8-sarge-security:
2.4.27-sarge-security:
2.6.8:
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
+2.4.19-woody-security: pending (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-14.4)
+2.4.17-woody-security: pending (2.4.17-1woody4)
+2.4.16-woody-security: pending (2.4.16-1woody3)
+2.4.17-woody-security-hppa: pending (32.5)
+2.4.17-woody-security-ia64: pending (011226.18)
Modified: patch-tracking/CVE-2005-0135
==============================================================================
--- patch-tracking/CVE-2005-0135 (original)
+++ patch-tracking/CVE-2005-0135 Mon Dec 12 02:49:47 2005
@@ -19,9 +19,9 @@
2.6.8-sarge-security: released (2.6.8-14) [ia64-unwind-fix.dpatch]
2.4.27-sarge-security:
2.6.8: released (2.6.8-14) [ia64-unwind-fix.dpatch]
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
+2.4.19-woody-security: pending (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-14.4)
+2.4.17-woody-security: pending (2.4.17-1woody4)
+2.4.16-woody-security: pending (2.4.16-1woody3)
+2.4.17-woody-security-hppa: pending (32.5)
+2.4.17-woody-security-ia64: pending (011226.18)
Modified: patch-tracking/CVE-2005-0384
==============================================================================
--- patch-tracking/CVE-2005-0384 (original)
+++ patch-tracking/CVE-2005-0384 Mon Dec 12 02:49:47 2005
@@ -23,9 +23,9 @@
2.6.8-sarge-security: released (2.6.8-15) [drivers-net-ppp_async-fix-dos.dpatch]
2.4.27-sarge-security: released (2.4.27-9) [153_ppp_async_dos.diff]
2.6.8: released (2.6.8-15) [drivers-net-ppp_async-fix-dos.dpatch]
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
+2.4.19-woody-security: pending (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-14.4)
+2.4.17-woody-security: pending (2.4.17-1woody4)
+2.4.16-woody-security: pending (2.4.16-1woody3)
+2.4.17-woody-security-hppa: pending (32.5)
+2.4.17-woody-security-ia64: pending (011226.18)
Modified: patch-tracking/CVE-2005-0489
==============================================================================
--- patch-tracking/CVE-2005-0489 (original)
+++ patch-tracking/CVE-2005-0489 Mon Dec 12 02:49:47 2005
@@ -1,16 +1,19 @@
-Candidate:
+Candidate: CVE-2005-0489
References:
Description:
+ Applied patch by Marcelo Tosatti <marcelo.tosatti at cyclades.com> to fix
+ potential memory access to free memory in /proc handling
Notes:
+ still marked **RESERVED**
Bugs:
upstream:
2.6.14:
2.6.8-sarge-security:
2.4.27-sarge-security:
2.6.8:
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
+2.4.19-woody-security: pending (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-14.4)
+2.4.17-woody-security: pending (2.4.17-1woody4)
+2.4.16-woody-security: pending (2.4.16-1woody3)
+2.4.17-woody-security-hppa: pending (32.5)
+2.4.17-woody-security-ia64: pending (011226.18)
Modified: patch-tracking/CVE-2005-0504
==============================================================================
--- patch-tracking/CVE-2005-0504 (original)
+++ patch-tracking/CVE-2005-0504 Mon Dec 12 02:49:47 2005
@@ -11,9 +11,9 @@
2.6.8-sarge-security: released (2.6.8-12) [030-moxa_user_copy_checking.dpatch]
2.4.27-sarge-security: released (2.4.27-8) [125_moxa_bound_checking.diff]
2.6.8: released (2.6.8-12) [030-moxa_user_copy_checking.dpatch]
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
+2.4.19-woody-security: pending (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-14.4)
+2.4.17-woody-security: pending (2.4.17-1woody4)
+2.4.16-woody-security: pending (2.4.16-1woody3)
+2.4.17-woody-security-hppa: pending (32.5)
+2.4.17-woody-security-ia64: pending (011226.18)
Copied: patch-tracking/mremap (from r5001, patch-tracking/00boilerplate)
==============================================================================
--- patch-tracking/00boilerplate (original)
+++ patch-tracking/mremap Mon Dec 12 02:49:47 2005
@@ -1,16 +1,19 @@
-Candidate:
+Candidate: needed
References:
Description:
Notes:
+ From Joey's 2.4.18-14.4 changelog:
+ * Applied patch by Andrea Arcangeli from 2.4.24 to fix privilege
+ escalation in the mremap() syscall [mm/mremap.c, CAN-2004-nnnn]
Bugs:
upstream:
2.6.14:
2.6.8-sarge-security:
2.4.27-sarge-security:
2.6.8:
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
+2.4.19-woody-security: pending (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-14.4)
+2.4.17-woody-security: pending (2.4.17-1woody4)
+2.4.16-woody-security: pending (2.4.16-1woody3)
+2.4.17-woody-security-hppa: pending (32.5)
+2.4.17-woody-security-ia64: pending (011226.18)
More information about the Kernel-svn-changes
mailing list