[kernel] r5054 - dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian

Simon Horman horms at costa.debian.org
Tue Dec 20 02:33:54 UTC 2005 

Author: horms
Date: Tue Dec 20 02:33:51 2005
New Revision: 5054

Modified:
   dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog
Log:
Revamped changelog

Modified: dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog
==============================================================================
--- dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog	(original)
+++ dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog	Tue Dec 20 02:33:51 2005
@@ -1,30 +1,34 @@
 kernel-source-2.4.27 (2.4.27-10sarge2) UNRELEASED; urgency=low
 
   [ Simon Horman ]
-  * 185_net-sockglue-cap.diff
-     [Security] Restrict socket policy loading to CAP_NET_ADMIN.
-     See CAN-2005-2555.
 
-  * 187_zisofs-2.diff
-    [Security] Check input buffer size in zisofs
+  * Errata for 2.4.27-10sarge1
+    - [SECURITY] Xattr sharing bug. See CAN-2005-2801
+      178_fs_ext2_ext3_xattr-sharing.diff, included in 2.4.27-10sarge1
+    - [SECURITY] Fixes remote DoS when using ipt_recent on a 64 bit machine.
+      See CAN-2005-2872 (See: #322237)
+      179_net-ipv4-netfilter-ip_recent-last_pkts.diff, included in 
+      2.4.27-10sarge1
+    - [SECURITY] x86_64: 32 bit ltrace oops when tracing 64 bit executable
+      http://lkml.org/lkml/2005/1/5/245
+      http://linux.bkbits.net:8080/linux-2.4/cset@41dd3455GwQPufrGvBJjcUOXQa3WXA
+      184_arch-x86_64-ia32-ptrace32-oops.diff, included in 2.4.27-10sarge1
+
+  * [Security] Restrict socket policy loading to CAP_NET_ADMIN.
+    See CAN-2005-2555.
+    185_net-sockglue-cap.diff
+
+  * [Security] Check input buffer size in zisofs
     From 2.6.12.5
     Omitted from the previous release, as I wasn't sure that it was a
     security bug. But now it has a CAN number, so its in.
     See CAN-2005-2457
+    187_zisofs-2.diff
 
-  * 186_zlib-revert-broken-change.diff
-    [Security] Revert huft_build() function fix
+  * [Security] Revert huft_build() function fix
     From 2.6.12.6
     See CAN-2005-2459
-
-  * 178_fs_ext2_ext3_xattr-sharing.diff
-    Included in 2.4.27-10sarge1 is CAN-2005-2801
-
-  * 179_net-ipv4-netfilter-ip_recent-last_pkts.diff
-    Included in 2.4.27-10sarge1 is CAN-2005-2872
-
-  * 184_arch-x86_64-ia32-ptrace32-oops.diff
-    Included in 2.4.27-10sarge1 is CAN-2005-2553
+    186_zlib-revert-broken-change.diff
 
   * [SECURITY] IPV4: Fix DST leak in icmp_push_reply(). Remote DoS.
     See CVE-2005-3848.
@@ -34,32 +38,32 @@
     See CVE-2005-3858.
     189_ipv6-skb-leak.diff
 
-  * 192_orinoco-info-leak.diff
-    [SECURITY] orinoco: Information leakage due to incorrect padding
+  * [SECURITY] orinoco: Information leakage due to incorrect padding
     See CAN-2005-3180
     From 2.6.13.4
+    192_orinoco-info-leak.diff
 
-  * 194_xfs-inode-race.diff
-     [SECURITY] XFS: Handle inode creation race
-     CAN-NOMATCH
-     Links in Patch file
+  * [SECURITY] XFS: Handle inode creation race
+    CAN-NOMATCH
+    Links in Patch file
+    194_xfs-inode-race.diff
 
-  * 198_fs-lock-lease-log-spam.diff
-     [SECURITY] VFS: local denial-of-service with file leases. See CVE-2005-3857
+  * [SECURITY] VFS: local denial-of-service with file leases. See CVE-2005-3857
+    198_fs-lock-lease-log-spam.diff
 
   [ dann frazier ]
-  * 195_net-ipv6-udp_v6_get_port-loop.diff
-    [SECURITY] Fix infinite loop in udp_v6_get_port().  See CVE-2005-2973
+  * [SECURITY] Fix infinite loop in udp_v6_get_port().  See CVE-2005-2973
+    195_net-ipv6-udp_v6_get_port-loop.diff
 
   # DISABLED DUE TO ABI CHANGE
-  # * 196_sysctl-unregistration-oops.patch
-  #  [SECURITY] Fix a potential local root exploit in the
-  #  /proc/sys/net/ipv4/conf interface.  See CVE-2005-2709
+  # * [SECURITY] Fix a potential local root exploit in the
+  #   /proc/sys/net/ipv4/conf interface.  See CVE-2005-2709
+  #   196_sysctl-unregistration-oops.patch
 
-  * setkeys-needs-root-1.diff, setkeys-needs-root-2.diff:
-    [SECURITY] Require root privilege to write the current
+  * [SECURITY] Require root privilege to write the current
     function key string entry of other user's terminals.
     See CVE-2005-3257
+    setkeys-needs-root-1.diff, setkeys-needs-root-2.diff:
 
  -- Simon Horman <horms at verge.net.au>  Tue, 20 Dec 2005 11:05:02 +0900

More information about the Kernel-svn-changes mailing list