[kernel] r4742 - in people/dannf/patchinfo: . scripts
Dann Frazier
dannf at costa.debian.org
Tue Nov 8 08:09:10 UTC 2005
Author: dannf
Date: Tue Nov 8 08:09:09 2005
New Revision: 4742
Added:
people/dannf/patchinfo/scripts/
people/dannf/patchinfo/scripts/deb822.py (contents, props changed)
people/dannf/patchinfo/scripts/sync-pkg-list (contents, props changed)
Modified:
people/dannf/patchinfo/168_fs_ext3_64bit_offset.diff
people/dannf/patchinfo/184_arch-x86_64-ia32-ptrace32-oops.diff
people/dannf/patchinfo/CAN-2005-1764
people/dannf/patchinfo/CAN-2005-1768
people/dannf/patchinfo/CAN-2005-1913
people/dannf/patchinfo/CAN-2005-2098
people/dannf/patchinfo/CAN-2005-2099
people/dannf/patchinfo/CAN-2005-2457
people/dannf/patchinfo/CAN-2005-2458
people/dannf/patchinfo/CAN-2005-2459
people/dannf/patchinfo/CAN-2005-2490
people/dannf/patchinfo/CAN-2005-2492
people/dannf/patchinfo/CAN-2005-2548
people/dannf/patchinfo/CAN-2005-2553
people/dannf/patchinfo/CAN-2005-2872
people/dannf/patchinfo/CAN-2005-2873
people/dannf/patchinfo/CAN-2005-3044
people/dannf/patchinfo/CAN-2005-3053
people/dannf/patchinfo/CAN-2005-3055
people/dannf/patchinfo/CAN-2005-3105
people/dannf/patchinfo/CAN-2005-3106
people/dannf/patchinfo/CAN-2005-3107
people/dannf/patchinfo/CAN-2005-3108
people/dannf/patchinfo/CAN-2005-3109
people/dannf/patchinfo/CAN-2005-3110
people/dannf/patchinfo/CAN-2005-3119
people/dannf/patchinfo/CAN-2005-3179
people/dannf/patchinfo/CAN-2005-3180
people/dannf/patchinfo/CAN-2005-3181
people/dannf/patchinfo/fix-dst-leak-in-icmp_push_reply
people/dannf/patchinfo/fs-exec-posix-timers-leak-1.dpatch
people/dannf/patchinfo/fs_ext2_ext3_xattr-sharing.dpatch
people/dannf/patchinfo/net-bridge-forwarding-poison-2.dpatch
people/dannf/patchinfo/net-ipv4-ipvs-conn_tab-race.dpatch
people/dannf/patchinfo/net-ipv6-udp_v6_get_port-loop.patch
people/dannf/patchinfo/net-rose-ndigis-verify.dpatch
people/dannf/patchinfo/netfilter-NAT-memory-corruption.dpatch
people/dannf/patchinfo/plug-names_cache-memleak.dpatch
people/dannf/patchinfo/setkeys-needs-root.patch
people/dannf/patchinfo/sys_get_thread_area-leak.dpatch
Log:
run everything through the (probably poorly named) sync-pkg-list script.
That makes sure that every file has a field for every tree listed in 00pkglist
Modified: people/dannf/patchinfo/168_fs_ext3_64bit_offset.diff
==============================================================================
--- people/dannf/patchinfo/168_fs_ext3_64bit_offset.diff (original)
+++ people/dannf/patchinfo/168_fs_ext3_64bit_offset.diff Tue Nov 8 08:09:09 2005
@@ -1,2 +1,11 @@
Candidate: ##NEEDED##
2.4.27-sarge-security: pending (2.4.27-10sarge1)
+2.6.14:
+2.6.8-sarge-security:
+2.6.8:
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
Modified: people/dannf/patchinfo/184_arch-x86_64-ia32-ptrace32-oops.diff
==============================================================================
--- people/dannf/patchinfo/184_arch-x86_64-ia32-ptrace32-oops.diff (original)
+++ people/dannf/patchinfo/184_arch-x86_64-ia32-ptrace32-oops.diff Tue Nov 8 08:09:09 2005
@@ -1,17 +1,25 @@
Candidate: CVE-2005-2553
-References:
+References:
URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2553
CONFIRM:http://lkml.org/lkml/2005/1/5/245
CONFIRM:http://linux.bkbits.net:8080/linux-2.4/cset@41dd3455GwQPufrGvBJjcUOXQa3WXA
-Description:
+Description:
The find_target function in ptrace32.c in the Linux kernel 2.4.x
before 2.4.29 does not properly handle a NULL return value from
another function, which allows local users to cause a denial of
service (kernel crash/oops) by running a 32-bit ltrace program with
the -i option on a 64-bit executable program.
-Bugs:
+Bugs:
upstream: (2.4.29)
2.6.13: N/A
2.6.12: N/A
2.6.8-sarge-security: N/A
2.4.27-sarge-security: pending (2.4.27-10sarge1)
+2.6.14:
+2.6.8:
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
Modified: people/dannf/patchinfo/CAN-2005-1764
==============================================================================
--- people/dannf/patchinfo/CAN-2005-1764 (original)
+++ people/dannf/patchinfo/CAN-2005-1764 Tue Nov 8 08:09:09 2005
@@ -1,5 +1,5 @@
Candidate: CAN-2005-1764
-References:
+References:
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1764
Final-Decision:
Interim-Decision:
@@ -10,11 +10,11 @@
CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=637716a3825e186555361574aa1fa3c0ebf8018b
CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=637716a3825e186555361574aa1fa3c0ebf8018bReference: SUSE:SUSE-SA:2005:029
URL:http://freshmeat.net/articles/view/1678/
-Description:
+Description:
Linux 2.6.11 on 64-bit x86 (x86_64) platforms does not use a guard
page for the 47-bit address page to protect against an AMD K8 bug,
which allows local users to cause a denial of service.
-Notes:
+Notes:
horms> I believe that only 2.6.11 is vulnerable to this
upstream: released (2.6.11.11)
2.6.13: N/A
@@ -23,3 +23,11 @@
2.6.8-sarge-security: N/A
2.4.27-sid/sarge: N/A
2.4.27-sarge-security: N/A
+2.6.14:
+2.6.8:
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
Modified: people/dannf/patchinfo/CAN-2005-1768
==============================================================================
--- people/dannf/patchinfo/CAN-2005-1768 (original)
+++ people/dannf/patchinfo/CAN-2005-1768 Tue Nov 8 08:09:09 2005
@@ -1,5 +1,5 @@
Candidate: CAN-2005-1768
-References:
+References:
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1768
Final-Decision:
Interim-Decision:
@@ -10,7 +10,7 @@
BUGTRAQ:20050711 [ Suresec Advisories ] - Linux kernel ia32 compatibility (ia64/x86-64)
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=112110120216116&w=2
MISC:http://www.suresec.org/advisories/adv4.pdf
-Description:
+Description:
Race condition in the ia32 compatibility code for the execve system
call in Linux kernel 2.4 before 2.4.31 and 2.6 before 2.6.6 allows
local users to cause a denial of service (kernel panic) and possibly
@@ -18,7 +18,7 @@
pointer count after the nargs function has counted the pointers, but
before the count is copied from user space to kernel space, which
leads to a buffer overflow.
-Notes:
+Notes:
167_arch-ia64-x86_64_execve.diff (note 2.4 is not supported for amd64)
upstream: released (2.4.31, 2.6.6)
2.6.13: N/A
@@ -27,6 +27,11 @@
2.6.8-sarge-security: N/A
2.4.27-sid/sarge: released (2.4.27-11)
2.4.27-sarge-security: released (2.4.27-10sarge1)
-
-
-
+2.6.14:
+2.6.8:
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
Modified: people/dannf/patchinfo/CAN-2005-1913
==============================================================================
--- people/dannf/patchinfo/CAN-2005-1913 (original)
+++ people/dannf/patchinfo/CAN-2005-1913 Tue Nov 8 08:09:09 2005
@@ -1,5 +1,5 @@
Candidate: CAN-2005-1913
-References:
+References:
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1913
Final-Decision:
Interim-Decision:
@@ -16,16 +16,24 @@
URL:http://secunia.com/advisories/15786/
XF:kernel-subthread-dos(21138)
URL:http://xforce.iss.net/xforce/xfdb/21138
-Description:
+Description:
The Linux kernel 2.6 before 2.6.12.1 allows local users to cause a
denial of service (kernel panic) via a non group-leader thread
executing a different program than was pending in itimer, which causes
the signal to be delivered to the old group-leader task, which does
not exist.
-Notes:
+Notes:
upstream: released (2.6.12.1)
2.6.12: released (2.6.12-1) [linux-2.6.12.1.patch]
2.6.8-sarge: N/A
2.6.8-sarge-security: N/A
2.4.27-sid/sarge: N/A
2.4.27-sarge-security: N/A
+2.6.14:
+2.6.8:
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
Modified: people/dannf/patchinfo/CAN-2005-2098
==============================================================================
--- people/dannf/patchinfo/CAN-2005-2098 (original)
+++ people/dannf/patchinfo/CAN-2005-2098 Tue Nov 8 08:09:09 2005
@@ -1,5 +1,5 @@
Candidate: CAN-2005-2098
-References:
+References:
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2098
Final-Decision:
Interim-Decision:
@@ -12,7 +12,7 @@
URL:http://www.ubuntulinux.org/support/documentation/usn/usn-169-1
SECUNIA:16355
URL:http://secunia.com/advisories/16355/
-Description:
+Description:
The KEYCTL_JOIN_SESSION_KEYRING operation in the Linux kernel before
2.6.12.5 contains an error path that does not properly release the
session management semaphore, which allows local users or remote
@@ -26,5 +26,11 @@
2.6.8-sarge-security: N/A
2.4.27-sid/sarge: N/A
2.4.27-sarge-security: N/A
-
-
+2.6.14:
+2.6.8:
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
Modified: people/dannf/patchinfo/CAN-2005-2099
==============================================================================
--- people/dannf/patchinfo/CAN-2005-2099 (original)
+++ people/dannf/patchinfo/CAN-2005-2099 Tue Nov 8 08:09:09 2005
@@ -1,5 +1,5 @@
Candidate: CAN-2005-2099
-References:
+References:
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2099
Final-Decision:
Interim-Decision:
@@ -12,7 +12,7 @@
URL:http://www.ubuntulinux.org/support/documentation/usn/usn-169-1
SECUNIA:16355
URL:http://secunia.com/advisories/16355/
-Description:
+Description:
The Linux kernel before 2.6.12.5 does not properly destroy a keyring
that is not instantiated properly, which allows local users or remote
attackers to cause a denial of service (kernel oops) via a keyring
@@ -25,3 +25,11 @@
2.6.8-sarge-security: N/A
2.4.27-sid/sarge: N/A
2.4.27-sarge-security: N/A
+2.6.14:
+2.6.8:
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
Modified: people/dannf/patchinfo/CAN-2005-2457
==============================================================================
--- people/dannf/patchinfo/CAN-2005-2457 (original)
+++ people/dannf/patchinfo/CAN-2005-2457 Tue Nov 8 08:09:09 2005
@@ -1,5 +1,5 @@
Candidate: CAN-2005-2457
-References:
+References:
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2457
Final-Decision:
Interim-Decision:
@@ -14,7 +14,7 @@
URL:http://www.securityfocus.com/bid/14614
SECUNIA:16355
URL:http://secunia.com/advisories/16355/
-Description:
+Description:
The driver for compressed ISO file systems (zisofs) in the Linux
kernel before 2.6.12.5 allows local users and remote attackers to
cause a denial of service (kernel crash) via a crafted compressed ISO
@@ -26,4 +26,11 @@
2.6.8-sarge-security: pending [zisofs.diff]
2.4.27-sid/sarge: pending [187_zisofs-2.diff]
2.4.27-sarge-security: pending [187_zisofs-2.diff]
-
+2.6.14:
+2.6.8:
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
Modified: people/dannf/patchinfo/CAN-2005-2458
==============================================================================
--- people/dannf/patchinfo/CAN-2005-2458 (original)
+++ people/dannf/patchinfo/CAN-2005-2458 Tue Nov 8 08:09:09 2005
@@ -1,5 +1,5 @@
Candidate: CAN-2005-2458
-References:
+References:
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2458
Final-Decision:
Interim-Decision:
@@ -14,7 +14,7 @@
URL:http://www.ubuntulinux.org/support/documentation/usn/usn-169-1
SECUNIA:16355
URL:http://secunia.com/advisories/16355/
-Description:
+Description:
inflate.c in the zlib routines in the Linux kernel before 2.6.12.5
allows remote attackers to cause a denial of service (kernel crash)
via a compressed file with "improper tables".
@@ -25,5 +25,11 @@
2.6.8-sarge-security: released (2.6.8-16sarge1) [linux-zlib-fixes.dpatch]
2.4.27-sid/sarge: released (2.4.27-11) [182_linux-zlib-fixes.diff]
2.4.27-sarge-security: released (2.4.27-10sarge1) [182_linux-zlib-fixes.diff]
-
-
+2.6.14:
+2.6.8:
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
Modified: people/dannf/patchinfo/CAN-2005-2459
==============================================================================
--- people/dannf/patchinfo/CAN-2005-2459 (original)
+++ people/dannf/patchinfo/CAN-2005-2459 Tue Nov 8 08:09:09 2005
@@ -1,5 +1,5 @@
Candidate: CAN-2005-2459
-References:
+References:
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2459
Final-Decision:
Interim-Decision:
@@ -13,13 +13,13 @@
URL:http://www.ubuntulinux.org/support/documentation/usn/usn-169-1
SECUNIA:16355
URL:http://secunia.com/advisories/16355/
-Description:
+Description:
The huft_build function in inflate.c in the zlib routines in the Linux
kernel before 2.6.12.5 returns the wrong value, which allows remote
attackers to cause a denial of service (kernel crash) via a certain
compressed file that leads to a null pointer dereference, a different
vulnerability than CAN-2005-2458.
-Notes:
+Notes:
This is a bogus fix that was applied in 2.6.12.5 and reverted in 2.6.12.6
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.12.6
upstream: released (2.6.12.6)
@@ -29,5 +29,11 @@
2.6.8-sarge-security: N/A
2.4.27-sid/sarge: N/A
2.4.27-sarge-security: N/A
-
-
+2.6.14:
+2.6.8:
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
Modified: people/dannf/patchinfo/CAN-2005-2490
==============================================================================
--- people/dannf/patchinfo/CAN-2005-2490 (original)
+++ people/dannf/patchinfo/CAN-2005-2490 Tue Nov 8 08:09:09 2005
@@ -1,5 +1,5 @@
Candidate: CAN-2005-2490
-References
+References:
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2490
Final-Decision:
Interim-Decision:
@@ -17,7 +17,7 @@
URL:http://secunia.com/advisories/16747/
XF:kernel-sendmsg-bo(22217)
URL:http://xforce.iss.net/xforce/xfdb/22217
-Description:
+Description:
Stack-based buffer overflow in the sendmsg function call in the Linux
kernel 2.6 before 2.6.13.1 allows local users execute arbitrary code
by calling sendmsg and modifying the message contents in another
@@ -29,4 +29,11 @@
2.6.8-sarge-security: pending
2.4.27-sid/sarge: N/A
2.4.27-sarge-security: N/A
-
+2.6.14:
+2.6.8:
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
Modified: people/dannf/patchinfo/CAN-2005-2492
==============================================================================
--- people/dannf/patchinfo/CAN-2005-2492 (original)
+++ people/dannf/patchinfo/CAN-2005-2492 Tue Nov 8 08:09:09 2005
@@ -1,5 +1,5 @@
Candidate: CAN-2005-2492
-References:
+References:
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2492
Final-Decision:
Interim-Decision:
@@ -17,7 +17,7 @@
URL:http://secunia.com/advisories/16747/
XF:kernel-rawsendmsg-obtain-information(22218)
URL:http://xforce.iss.net/xforce/xfdb/22218
-Description:
+Description:
The raw_sendmsg function in the Linux kernel 2.6 before 2.6.13.1
allows local users to cause a denial of service (change hardware
state) or read from arbitrary memory via crafted input.
@@ -28,3 +28,11 @@
2.6.8-sarge-security: N/A
2.4.27-sid/sarge: N/A
2.4.27-sarge-security: N/A
+2.6.14:
+2.6.8:
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
Modified: people/dannf/patchinfo/CAN-2005-2548
==============================================================================
--- people/dannf/patchinfo/CAN-2005-2548 (original)
+++ people/dannf/patchinfo/CAN-2005-2548 Tue Nov 8 08:09:09 2005
@@ -1,5 +1,5 @@
Candidate: CAN-2005-2548
-References:
+References:
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2548
Final-Decision:
Interim-Decision:
@@ -8,7 +8,7 @@
Assigned: 20050812
Category: SF
CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=309308
-Description:
+Description:
vlan_dev.c in Linux kernel 2.6.8 allows remote attackers to cause a
denial of service (kernel oops from null dereference) via certain UDP
packets that lead to a function call with the wrong argument, as
@@ -20,6 +20,11 @@
2.6.8-sarge-security: released (2.6.8-16sarge1) [vlan-mii-ioctl.dpatch]
2.4.27-sid/sarge: N/A
2.4.27-sarge-security: N/A
-
-
-
+2.6.14:
+2.6.8:
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
Modified: people/dannf/patchinfo/CAN-2005-2553
==============================================================================
--- people/dannf/patchinfo/CAN-2005-2553 (original)
+++ people/dannf/patchinfo/CAN-2005-2553 Tue Nov 8 08:09:09 2005
@@ -1,5 +1,5 @@
Candidate: CAN-2005-2553
-References:
+References:
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2553
Final-Decision:
Interim-Decision:
@@ -9,7 +9,7 @@
Category: SF
CONFIRM:http://lkml.org/lkml/2005/1/5/245
CONFIRM:http://linux.bkbits.net:8080/linux-2.4/cset@41dd3455GwQPufrGvBJjcUOXQa3WXA
-Description:
+Description:
The find_target function in ptrace32.c in the Linux kernel 2.4.x
before 2.4.29 does not properly handle a NULL return value from
another function, which allows local users to cause a denial of
@@ -22,5 +22,11 @@
2.6.8-sarge-security: N/A
2.4.27-sid/sarge: pending [184_arch-x86_64-ia32-ptrace32-oops.diff]
2.4.27-sarge-security: pending [184_arch-x86_64-ia32-ptrace32-oops.diff]
-
-
+2.6.14:
+2.6.8:
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
Modified: people/dannf/patchinfo/CAN-2005-2872
==============================================================================
--- people/dannf/patchinfo/CAN-2005-2872 (original)
+++ people/dannf/patchinfo/CAN-2005-2872 Tue Nov 8 08:09:09 2005
@@ -1,5 +1,5 @@
Candidate: CAN-2005-2872
-References:
+References:
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2872
Final-Decision:
Interim-Decision:
@@ -10,7 +10,7 @@
Reference: CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=322237
Reference:
CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/chrisw/lsm-2.6.git;a=commit;h=bcfff0b471a60df350338bcd727fc9b8a6aa54b2
-Description:
+Description:
The ipt_recent kernel module (ipt_recent.c) in Linux kernel before
2.6.12, when running on 64-bit processors such as AMD64, allows remote
attackers to cause a denial of service (kernel panic) via certain
@@ -24,7 +24,11 @@
2.6.8-sarge-security: pending [net-ipv4-netfilter-ip_recent-last_pkts.dpatch]
2.4.27-sid/sarge: released (2.4.27-11) [179_net-ipv4-netfilter-ip_recent-last_pkts.diff]
2.4.27-sarge-security: pending [179_net-ipv4-netfilter-ip_recent-last_pkts.diff]
-
-
-
-
+2.6.14:
+2.6.8:
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
Modified: people/dannf/patchinfo/CAN-2005-2873
==============================================================================
--- people/dannf/patchinfo/CAN-2005-2873 (original)
+++ people/dannf/patchinfo/CAN-2005-2873 Tue Nov 8 08:09:09 2005
@@ -1,5 +1,5 @@
Candidate: CAN-2005-2873
-References:
+References:
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2873
Final-Decision:
Interim-Decision:
@@ -8,13 +8,13 @@
Assigned: 20050909
Category: SF
MISC:http://blog.blackdown.de/2005/05/09/fixing-the-ipt_recent-netfilter-module/
-Description:
+Description:
The ipt_recent kernel module (ipt_recent.c) in Linux kernel 2.6.12 and
earlier does not properly perform certain time tests when the jiffies
value is greater than LONG_MAX, which can cause ipt_recent netfilter
rules to block too early, a different vulnerability than
CAN-2005-2872.
-Notes:
+Notes:
horms> No patch that is acceptable upstream is available
http://lists.debian.org/debian-kernel/2005/09/msg00257.html
upstream: vulnerable
@@ -25,3 +25,11 @@
2.6.8-sarge-security: needed
2.4.27-sid/sarge: needed
2.4.27-sarge-security: needed
+2.6.14:
+2.6.8:
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
Modified: people/dannf/patchinfo/CAN-2005-3044
==============================================================================
--- people/dannf/patchinfo/CAN-2005-3044 (original)
+++ people/dannf/patchinfo/CAN-2005-3044 Tue Nov 8 08:09:09 2005
@@ -1,5 +1,5 @@
Candidate: CAN-2005-3044
-References:
+References:
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3044
Final-Decision:
Interim-Decision:
@@ -8,12 +8,12 @@
Assigned: 20050922
Category: SF
Reference: CONFIRM:http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.13.2
-Description:
+Description:
Multiple vulnerabilities in Linux kernel before 2.6.13.2 allow loal
users to cause a denial of service (kernel OOPS from null dereference)
via (1) fput in a 32-bit ioctl on 64-bit x86 systems or (2) sockfd_put
in the 32-bit routing_ioctl function on 64-bit systems.
-Notes:
+Notes:
http://lkml.org/lkml/2005/9/30/218
horms> 2.4.27 code is vulnerable but there is no amd64 for 2.4 in Sarge
dannf> Though, I guess its possible that someone would try to build an amd64
@@ -26,3 +26,11 @@
2.6.8-sarge-security: pending [lost-fput-in-32bit-ioctl-on-x86-64.dpatch]
2.4.27-sid/sarge: needed
2.4.27-sarge-security: needed
+2.6.14:
+2.6.8:
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
Modified: people/dannf/patchinfo/CAN-2005-3053
==============================================================================
--- people/dannf/patchinfo/CAN-2005-3053 (original)
+++ people/dannf/patchinfo/CAN-2005-3053 Tue Nov 8 08:09:09 2005
@@ -1,5 +1,5 @@
Candidate: CAN-2005-3053
-References:
+References:
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3053
Final-Decision:
Interim-Decision:
@@ -8,11 +8,11 @@
Assigned: 20050926
Category: SF
Reference: CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@42eef8b09C5r6iI0LuMe5Uy3k05c5g
-Description:
+Description:
The sys_set_mempolicy function in mempolicy.c in Linux kernel 2.6.x
allows local users to cause a denial of service (kernel BUG()) via a
negative first argument.
-Notes:
+Notes:
horms> http://lkml.org/lkml/2005/9/30/218
upstream: released (2.6.12.5)
2.6.12: released (2.6.12-3)
@@ -20,4 +20,11 @@
2.6.8-sarge-security: pending [mempolicy-check-mode.dpatch]
2.4.27-sid/sarge: N/A
2.4.27-sarge-security: N/A
-
+2.6.14:
+2.6.8:
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
Modified: people/dannf/patchinfo/CAN-2005-3055
==============================================================================
--- people/dannf/patchinfo/CAN-2005-3055 (original)
+++ people/dannf/patchinfo/CAN-2005-3055 Tue Nov 8 08:09:09 2005
@@ -1,5 +1,5 @@
Candidate: CAN-2005-3055
-References:
+References:
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3055
Final-Decision:
Interim-Decision:
@@ -9,12 +9,12 @@
Category: SF
MLIST:[linux-kernel] 20050925 [BUG/PATCH/RFC] Oops while completing async USB via usbdevio
URL:http://marc.theaimsgroup.com/?l=linux-kernel&m=112766129313883
-Description:
+Description:
Linux kernel 2.6.8 to 2.6.14-rc2 allows local users to cause a denial
of service (kernel OOPS) via a userspace process that issues a USB
Request Block (URB) to a USB device and terminates before the URB is
finished, which leads to a stale pointer reference.
-Notes:
+Notes:
horms> http://lkml.org/lkml/mbox/2005/10/11/90
horms> http://lkml.org/lkml/2005/10/11/90
horms> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330287;msg=21
@@ -26,3 +26,11 @@
2.6.8-sarge-security: needed
2.4.27-sid/sarge: N/A
2.4.27-sarge-security: N/A
+2.6.14:
+2.6.8:
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
Modified: people/dannf/patchinfo/CAN-2005-3105
==============================================================================
--- people/dannf/patchinfo/CAN-2005-3105 (original)
+++ people/dannf/patchinfo/CAN-2005-3105 Tue Nov 8 08:09:09 2005
@@ -1,5 +1,5 @@
Candidate: CAN-2005-3105
-References:
+References:
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3105
Final-Decision:
Interim-Decision:
@@ -10,7 +10,7 @@
Reference: MISC:http://www.intel.com/cd/ids/developer/asmo-na/eng/215766.htm
Reference: MISC:http://cache-www.intel.com/cd/00/00/21/57/215792_215792.pdf
Reference: CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@4248d4019z8HvgrPAji51TKrWiV2uw?nav=index.html|src/|src/mm|related/mm/mprotect.c
-Description:
+Description:
The mrpotect code (mprotect.c) in Linux 2.6 on Itanium IA64 Montecito
processors does not properly maintain cache coherency as required by
the architecture, which allows local users to cause a denial of
@@ -28,3 +28,11 @@
2.6.8-sarge-security: released (2.6.8-16sarge1) [mckinley_icache.dpatch]
2.4.27-sid/sarge: needed
2.4.27-sarge-security: needed
+2.6.14:
+2.6.8:
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
Modified: people/dannf/patchinfo/CAN-2005-3106
==============================================================================
--- people/dannf/patchinfo/CAN-2005-3106 (original)
+++ people/dannf/patchinfo/CAN-2005-3106 Tue Nov 8 08:09:09 2005
@@ -1,5 +1,5 @@
Candidate: CAN-2005-3106
-References:
+References:
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3106
Final-Decision:
Interim-Decision:
@@ -8,7 +8,7 @@
Assigned: 20050930
Category: SF
CONFIRM:http://linux.bkbits.net:8080/linux-2.6/diffs/fs/exec.c@1.156?nav=index.html|src/|src/fs|hist/fs/exec.c
-Description:
+Description:
Race condition in Linux 2.6, when threads are sharing memory mapping
via CLONE_VM (such as linuxthreads and vfork), might allow local users
to cause a denial of service (deadlock) by triggering a core dump
@@ -26,3 +26,11 @@
2.6.8-sarge-security: released (2.6.8-16sarge1) [fs-exec-ptrace-core-exec-race.dpatch]
2.4.27-sid/sarge: N/A
2.4.27-sarge-security: N/A
+2.6.14:
+2.6.8:
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
Modified: people/dannf/patchinfo/CAN-2005-3107
==============================================================================
--- people/dannf/patchinfo/CAN-2005-3107 (original)
+++ people/dannf/patchinfo/CAN-2005-3107 Tue Nov 8 08:09:09 2005
@@ -1,5 +1,5 @@
Candidate: CAN-2005-3107
-References:
+References:
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3107
Final-Decision:
Interim-Decision:
@@ -9,7 +9,7 @@
Category: SF
CONFIRM:http://www.kernel.org/pub/linux/kernel/people/akpm/patches/2.6/2.6.11-rc1/2.6.11-rc1-mm1/broken-out/fix-coredump_wait-deadlock-with-ptracer-tracee-on-shared-mm.patch
CONFIRM:http://linux.bkbits.net:8080/linux-2.6/diffs/fs/exec.c@1.155?nav=index.html|src/|src/fs|hist/fs/exec.c
-Description:
+Description:
fs/exec.c in Linux 2.6, when one thread is tracing another thread that
shares the same memory map, might allow local users to cause a denial
of service (deadlock) by forcing a core dump when the traced thread is
@@ -26,3 +26,11 @@
2.6.8-sarge-security: released (2.6.8-16sarge1) [fs-exec-ptrace-deadlock.dpatch]
2.4.27-sid/sarge: N/A
2.4.27-sarge-security: N/A
+2.6.14:
+2.6.8:
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
Modified: people/dannf/patchinfo/CAN-2005-3108
==============================================================================
--- people/dannf/patchinfo/CAN-2005-3108 (original)
+++ people/dannf/patchinfo/CAN-2005-3108 Tue Nov 8 08:09:09 2005
@@ -1,5 +1,5 @@
Candidate: CAN-2005-3108
-References:
+References:
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3108
Final-Decision:
Interim-Decision:
@@ -8,12 +8,12 @@
Assigned: 20050930
Category: SF
CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=93ef70a217637ade3f335303a112b22a134a1ec2
-Description:
+Description:
mm/ioremap.c in Linux 2.6 on 64-bit x86 systems allows local users to
cause a denial of service or an information leak via an iremap on a
certain memory map that causes the iounmap to perform a lookup of a
page that does not exist.
-Notes:
+Notes:
Extra information from Moritz Muehlenhof:
DoS and potential information leak in ioremap (seemingly specific to amd64)
http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=93ef70a217637ade3f335303a112b22a134a1ec2
@@ -24,3 +24,11 @@
2.6.8-sarge-security: released (2.6.8-16sarge1) [arch-x86_64-mm-ioremap-page-lookup.dpatch]
2.4.27-sid/sarge: N/A
2.4.27-sarge-security: N/A
+2.6.14:
+2.6.8:
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
Modified: people/dannf/patchinfo/CAN-2005-3109
==============================================================================
--- people/dannf/patchinfo/CAN-2005-3109 (original)
+++ people/dannf/patchinfo/CAN-2005-3109 Tue Nov 8 08:09:09 2005
@@ -8,11 +8,11 @@
Assigned: 20050930
Category: SF
CONFIRM:http://www.kernel.org/git/gitweb.cgi?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=945b092011c6af71a0107be96e119c8c08776f3f
-Description::
+Description:
The HFS and HFS+ (hfsplus) modules in Linux 2.6 allows attackers to
cause a denial of service (oops) by using hfsplus to mount a
filesystem that is not hfsplus.
-Notes:
+Notes:
Extra information from Moritz Muehlenhof:
Local DoS through oops by mounting a non-HFS+ filesystem as HFS+.
Asking upstream about 2.4: http://lkml.org/lkml/2005/10/7/3/index.html
@@ -22,5 +22,12 @@
2.6.8-sarge: pending [fs-hfs-oops-and-leak.dpatch]
2.6.8-sarge-security: released (2.6.8-16sarge1) [fs-hfs-oops-and-leak.dpatch]
2.4.27-sid/sarge:
-2.4.27-sarge-security:
-
+2.4.27-sarge-security:
+2.6.14:
+2.6.8:
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
Modified: people/dannf/patchinfo/CAN-2005-3110
==============================================================================
--- people/dannf/patchinfo/CAN-2005-3110 (original)
+++ people/dannf/patchinfo/CAN-2005-3110 Tue Nov 8 08:09:09 2005
@@ -1,5 +1,5 @@
Candidate: CAN-2005-3110
-References:
+References:
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3110
Final-Decision:
Interim-Decision:
@@ -8,13 +8,13 @@
Assigned: 20050930
Category: SF
Reference: CONFIRM:http://sourceforge.net/mailarchive/forum.php?thread_id=6800453&forum_id=8572
-Description:
+Description:
Race condition in ebtables netfilter module (ebtables.c) in Linux 2.6,
when running on an SMP system that is operating under a heavy load,
might allow remote attackers to cause a denial of service (crash) via
a series of packets that cause a value to be modified after it has
been read but before it has been locked.
-Notes:
+Notes:
Extra information from Moritz Muehlenhof:
DoS on SMP, potentially 2.4 and 2.6
http://sourceforge.net/mailarchive/forum.php?thread_id=6800453&forum_id=8572
@@ -25,3 +25,11 @@
2.6.8-sarge-security: released (2.6.8-16sarge1) [net-bridge-netfilter-etables-smp-race.dpatch]
2.4.27-sid/sarge: N/A
2.4.27-sarge-security: N/A
+2.6.14:
+2.6.8:
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
Modified: people/dannf/patchinfo/CAN-2005-3119
==============================================================================
--- people/dannf/patchinfo/CAN-2005-3119 (original)
+++ people/dannf/patchinfo/CAN-2005-3119 Tue Nov 8 08:09:09 2005
@@ -1,5 +1,5 @@
Candidate: CAN-2005-3119
-References:
+References:
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3119
Final-Decision:
Interim-Decision:
@@ -8,16 +8,24 @@
Assigned:
Category:
Reference:
-Description:
+Description:
** RESERVED **
-Notes:
+Notes:
Plug request_key_auth memleak. This can be triggered by unprivileged
users, so is local DoS.
http://www.ussg.iu.edu/hypermail/linux/kernel/0510.0/1860.html
upstream: released (2.6.13.4)
2.6.13: needed
-2.6.12:
-2.6.8-sarge:
-2.6.8-sarge-security:
-2.4.27-sid/sarge:
-2.4.27-sarge-security:
+2.6.12:
+2.6.8-sarge:
+2.6.8-sarge-security:
+2.4.27-sid/sarge:
+2.4.27-sarge-security:
+2.6.14:
+2.6.8:
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
Modified: people/dannf/patchinfo/CAN-2005-3179
==============================================================================
--- people/dannf/patchinfo/CAN-2005-3179 (original)
+++ people/dannf/patchinfo/CAN-2005-3179 Tue Nov 8 08:09:09 2005
@@ -1,13 +1,13 @@
Candidate: CAN-2005-3179
-References:
+References:
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3179
Reference: CONFIRM:http://www.kernel.org/hg/linux-2.6/?cmd=changeset;node=d7067d7d1f92cba14963a430cfbd53098cbbc8fd
Reference: CONFIRM:http://bugs.gentoo.org/show_bug.cgi?id=107893
-Description:
+Description:
drm.c in Linux kernel 2.6.13 and earlier creates a debug file in sysfs
with world-readable and world-writable permissions, which allows local
users to enable DRM debugging and obtain sensitive information.
-Notes:
+Notes:
(from Horms)
> > From: Dave Jones <davej at redhat.com>
> >
@@ -20,3 +20,11 @@
2.6.8-sarge-security: N/A
2.4.27-sid/sarge: N/A
2.4.27-sarge-security: N/A
+2.6.14:
+2.6.8:
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
Modified: people/dannf/patchinfo/CAN-2005-3180
==============================================================================
--- people/dannf/patchinfo/CAN-2005-3180 (original)
+++ people/dannf/patchinfo/CAN-2005-3180 Tue Nov 8 08:09:09 2005
@@ -1,13 +1,13 @@
Candidate: CAN-2005-3180
-References:
+References:
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3180
CONFIRM:http://www.kernel.org/hg/linux-2.6/?cmd=changeset;node=feecb2ffde28639e60ede769c6f817dc536c677b
-Description:
+Description:
The Orinoco driver (orinoco.c) in Linux kernel 2.6.13 and earlier does
not properly clear memory from a previously used packet whose length
is increased, which allows remote attackers to obtain sensitive
information.
-Notes:
+Notes:
> > From: Pavel Roskin <proski at gnu.org>
> >
> > The orinoco driver can send uninitialized data exposing random pieces of
@@ -20,4 +20,11 @@
2.6.8-sarge-security: pending [orinoco-info-leak.dpatch]
2.4.27-sid/sarge: pending [192_orinoco-info-leak.diff]
2.4.27-sarge-security: pending [192_orinoco-info-leak.diff]
-
+2.6.14:
+2.6.8:
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
Modified: people/dannf/patchinfo/CAN-2005-3181
==============================================================================
--- people/dannf/patchinfo/CAN-2005-3181 (original)
+++ people/dannf/patchinfo/CAN-2005-3181 Tue Nov 8 08:09:09 2005
@@ -1,5 +1,5 @@
Candidate: CAN-2005-3181
-References:
+References:
URL: http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CAN-2005-3181
Reference:
CONFIRM: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=829841146878e082613a49581ae252c071057c23
@@ -8,13 +8,20 @@
incorrect function to free names_cache memory, which prevents the memory
from being tracked by AUDITSYSCALL code and leads to a memory leak that
allows attackers to cause a denial of service (memory consumption).
-Notes:
+Notes:
2.4 isn't vulnerable because AUDITSYSCALL doesn't exist in 2.4
-Bugs:
+Bugs:
upstream: released (2.6.13.4)
2.6.13: released (2.6.13+2.6.14-rc4-0experimental.1)
2.6.8-sarge-security: pending (2.6.8-16sarge2)
2.6.8-sarge: pending (2.6.8-17)
2.4.27-sarge-security: N/A
2.4.27-sarge/sid: N/A
-
+2.6.14:
+2.6.8:
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
Modified: people/dannf/patchinfo/fix-dst-leak-in-icmp_push_reply
==============================================================================
--- people/dannf/patchinfo/fix-dst-leak-in-icmp_push_reply (original)
+++ people/dannf/patchinfo/fix-dst-leak-in-icmp_push_reply Tue Nov 8 08:09:09 2005
@@ -1,12 +1,20 @@
Candidate: ##NEEDED##
-References:
+References:
URL:
CONFIRM:http://lkml.org/lkml/2005/8/26/173
-Description:
+Description:
upstream: released (2.6.12.6)
-2.6.13:
-2.6.12:
-2.6.8-sarge:
+2.6.13:
+2.6.12:
+2.6.8-sarge:
2.6.8-sarge-security: pending [fix-dst-leak-in-icmp_push_reply.dpatch]
-2.4.27-sid/sarge:
-2.4.27-sarge-security:
+2.4.27-sid/sarge:
+2.4.27-sarge-security:
+2.6.14:
+2.6.8:
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
Modified: people/dannf/patchinfo/fs-exec-posix-timers-leak-1.dpatch
==============================================================================
--- people/dannf/patchinfo/fs-exec-posix-timers-leak-1.dpatch (original)
+++ people/dannf/patchinfo/fs-exec-posix-timers-leak-1.dpatch Tue Nov 8 08:09:09 2005
@@ -1,18 +1,26 @@
Candidate: CVE-2005-3271
-References:
+References:
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3271
MLIST:[linux-kernel] 20040911 [PATCH] exec: fix posix-timers leak and pending signal loss
URL:http://www.ussg.iu.edu/hypermail/linux/kernel/0409.1/1107.html
CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@414b332fsZQvEUsfzKJIo-q2_ZH0hg
-Description:
+Description:
Exec in Linux kernel 2.6 does not properly clear posix-timers in
multi-threaded environments, which results in a resource leak and
could allow a large number of multiple local users to cause a denial
of service by using more posix-timers than specified by the quota for
a single user.
-Bugs:
+Bugs:
upstream: released (2.6.9)
2.6.13: N/A
2.6.12: N/A
2.6.8-sarge-security: released (2.6.8-16sarge1)
2.4.27-sarge-security: N/A
+2.6.14:
+2.6.8:
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
Modified: people/dannf/patchinfo/fs_ext2_ext3_xattr-sharing.dpatch
==============================================================================
--- people/dannf/patchinfo/fs_ext2_ext3_xattr-sharing.dpatch (original)
+++ people/dannf/patchinfo/fs_ext2_ext3_xattr-sharing.dpatch Tue Nov 8 08:09:09 2005
@@ -1,5 +1,5 @@
Candidate: CVE-2005-2801
-References:
+References:
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2801
MLIST:[Acl-Devel] 20050205 [FIX] Long-standing xattr sharing bug
URL:http://acl.bestbits.at/pipermail/acl-devel/2005-February/001848.html
@@ -7,13 +7,21 @@
URL:http://lists.debian.org/debian-kernel/2005/08/msg00238.html
SUSE:SUSE-SA:2005:018
URL:http://www.novell.com/linux/security/advisories/2005_18_kernel.html
-Description:
+Description:
xattr.c in the ext2 and ext3 file system code for Linux kernel 2.6
does not properly compare the name_index fields when sharing xattr
blocks, which could prevent default ACLs from being applied.
-Bugs:
+Bugs:
upstream: released (2.6.11)
-2.6.13:
-2.6.12:
+2.6.13:
+2.6.12:
2.6.8-sarge-security: released (2.6.8-16-sarge1)
2.4.27-sarge-security: released (2.4.27-10sarge1)
+2.6.14:
+2.6.8:
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
Modified: people/dannf/patchinfo/net-bridge-forwarding-poison-2.dpatch
==============================================================================
--- people/dannf/patchinfo/net-bridge-forwarding-poison-2.dpatch (original)
+++ people/dannf/patchinfo/net-bridge-forwarding-poison-2.dpatch Tue Nov 8 08:09:09 2005
@@ -1,14 +1,22 @@
Candidate: CVE-2005-3272
-References:
+References:
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3272
CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@1.3097.18.19?nav=index.html|src/|src/net|src/net/bridge|related/net/bridge/br_input.c
-Description:
+Description:
Linux kernel before 2.6.12 allows remote attackers to poison the
bridge forwarding table using frames that have already been dropped by
filtering, which can cause the bridge to forward spoofed packets.
-Bugs:
+Bugs:
upstream: released (2.6.12)
-2.6.13:
-2.6.12:
+2.6.13:
+2.6.12:
2.6.8-sarge-security: released (2.6.8-16sarge1) [net-bridge-forwarding-poison-1.dpatch, net-bridge-mangle-oops-1.dpatch, net-bridge-mangle-oops-2.dpatch]
2.4.27-sarge-security: N/A
+2.6.14:
+2.6.8:
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
Modified: people/dannf/patchinfo/net-ipv4-ipvs-conn_tab-race.dpatch
==============================================================================
--- people/dannf/patchinfo/net-ipv4-ipvs-conn_tab-race.dpatch (original)
+++ people/dannf/patchinfo/net-ipv4-ipvs-conn_tab-race.dpatch Tue Nov 8 08:09:09 2005
@@ -1,5 +1,5 @@
Candidate: CVE-2005-3274
-References:
+References:
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3274
CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/marcelo/linux-2.4.git;a=commit;h=e684f066dff5628bb61ad1912de6e8058b5b4c7d
CONFIRM:http://lkml.org/lkml/2005/6/23/249
@@ -10,9 +10,17 @@
cause a denial of service (null dereference) by causing a connection
timer to expire while the connection table is being flushed before the
appropriate lock is acquired.
-Bugs:
+Bugs:
upstream: released (2.6.13, 2.4.32-pre2)
2.6.13: N/A
-2.6.12:
+2.6.12:
2.6.8-sarge-security: released (2.6.8-sarge1)
2.4.27-sarge-security: pending (2.4.27-10sarge1)
+2.6.14:
+2.6.8:
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
Modified: people/dannf/patchinfo/net-ipv6-udp_v6_get_port-loop.patch
==============================================================================
--- people/dannf/patchinfo/net-ipv6-udp_v6_get_port-loop.patch (original)
+++ people/dannf/patchinfo/net-ipv6-udp_v6_get_port-loop.patch Tue Nov 8 08:09:09 2005
@@ -1,11 +1,11 @@
Candidate: CVE-2005-2973
-References:
+References:
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2973
CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@4342df67SNhRx_3FGhUrrU-FXLlQIA
-Description:
+Description:
Fix infinite loop in udp_v6_get_port().
-Bugs:
-Notes:
+Bugs:
+Notes:
submitted for inclusion in 2.4.32-rc2
upstream: released (2.6.14-rc4)
2.6.13: released (2.6.13+2.6.14-rc4-0experimental.1)
@@ -13,3 +13,11 @@
2.6.8-sarge: pending (2.6.8-17)
2.4.27-sarge-security: pending (2.4.27-10sarge2)
2.4.27-sarge/sid: pending (2.4.27-12)
+2.6.14:
+2.6.8:
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
Modified: people/dannf/patchinfo/net-rose-ndigis-verify.dpatch
==============================================================================
--- people/dannf/patchinfo/net-rose-ndigis-verify.dpatch (original)
+++ people/dannf/patchinfo/net-rose-ndigis-verify.dpatch Tue Nov 8 08:09:09 2005
@@ -1,16 +1,24 @@
Candidate: CVE-2005-3273
-References:
+References:
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3273
CONFIRM:http://linux.bkbits.net:8080/linux-2.6/diffs/net/rose/rose_route.c@1.16?nav=index.html|src/|src/net|src/net/rose|related/net/rose/rose_route.c|cset@1.2009.1.46
CONFIRM:http://lkml.org/lkml/2005/5/23/169
-Description:
+Description:
The rose_rt_ioctl function in rose_route.c for ROSE in Linux 2.6
kernels prior to 2.6.12 does not properly verify the ndigis argument
for a new route, which allows attackers to trigger array out-of-bounds
errors with a large number of digipeats.
-Bugs:
+Bugs:
upstream: released (2.6.12)
2.6.13: N/A
2.6.12: N/A
2.6.8-sarge-security: pending (2.6.8-16sarge2)
2.4.27-sarge-security: N/A
+2.6.14:
+2.6.8:
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
Modified: people/dannf/patchinfo/netfilter-NAT-memory-corruption.dpatch
==============================================================================
--- people/dannf/patchinfo/netfilter-NAT-memory-corruption.dpatch (original)
+++ people/dannf/patchinfo/netfilter-NAT-memory-corruption.dpatch Tue Nov 8 08:09:09 2005
@@ -1,17 +1,25 @@
Candidate: CVE-2005-3275
-References:
+References:
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3275
CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@1.3596.79.34?nav=index.html|src/|src/net|src/net/ipv4|src/net/ipv4/netfilter|related/net/ipv4/netfilter/ip_nat_proto_udp.c
-Description:
+Description:
The NAT code (1) ip_nat_proto_tcp.c and (2) ip_nat_proto_udp.c in
Linux kernel 2.6 before 2.6.13 and 2.4 before 2.4.32-rc1 incorrectly
declares a variable to be static, which allows remote attackers to
cause a denial of service (memory corruption) by causing two packets
for the same protocol to be NATed at the same time, which leads to
memory corruption.
-Bugs:
+Bugs:
upstream: released (2.6.12.3)
-2.6.13:
-2.6.12:
+2.6.13:
+2.6.12:
2.6.8-sarge-security: released (2.6.8-16sarge1)
2.4.27-sarge-security: pending (2.4.27-10sarge1)
+2.6.14:
+2.6.8:
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
Modified: people/dannf/patchinfo/plug-names_cache-memleak.dpatch
==============================================================================
--- people/dannf/patchinfo/plug-names_cache-memleak.dpatch (original)
+++ people/dannf/patchinfo/plug-names_cache-memleak.dpatch Tue Nov 8 08:09:09 2005
@@ -1,5 +1,5 @@
Candidate: CVE-2005-3257
-References:
+References:
URL: http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CVE-2005-3257
CONFIRM: http://article.gmane.org/gmane.linux.debian.devel.bugs.general/8533
Description:
@@ -7,13 +7,20 @@
users to use the KDSKBSENT ioctl on terminals of other users and gain
privileges, as demonstrated by modifying key bindings using loadkeys.
Bugs: 334113
-Notes:
+Notes:
Not upstream yet, but in -mm tree
upstream: pending
-2.6.13:
-2.6.12:
-2.6.8-sarge-security:
-2.6.8-sarge:
-2.4.27-sarge-security:
-2.4.27-sarge/sid:
-
+2.6.13:
+2.6.12:
+2.6.8-sarge-security:
+2.6.8-sarge:
+2.4.27-sarge-security:
+2.4.27-sarge/sid:
+2.6.14:
+2.6.8:
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
Added: people/dannf/patchinfo/scripts/deb822.py
==============================================================================
--- (empty file)
+++ people/dannf/patchinfo/scripts/deb822.py Tue Nov 8 08:09:09 2005
@@ -0,0 +1,182 @@
+#!/usr/bin/python
+
+## Version: 0.20051107
+
+import re, string
+
+class deb822:
+ def __init__(self, fp):
+ self.map = {}
+ self.keys = []
+ single = re.compile("^(?P<key>\S+):\s+(?P<data>\S.*)$")
+ multi = re.compile("^(?P<key>\S+):\s*$")
+ multidata = re.compile("^\s(?P<data>.*)$")
+ ws = re.compile("^\s*$")
+
+ curkey = None
+ content = ""
+ for line in fp.readlines():
+ if ws.match(line):
+ if curkey:
+ self.map[curkey] = content[:-1]
+ curkey = None
+ content = ""
+ continue
+
+ m = single.match(line)
+ if m:
+ if curkey:
+ self.map[curkey] = content[:-1]
+ curkey = m.group('key')
+ self.keys.append(curkey)
+ self.map[curkey] = m.group('data')
+ curkey = None
+ content = ""
+ continue
+
+ m = multi.match(line)
+ if m:
+ if curkey:
+ self.map[curkey] = content[:-1]
+ curkey = m.group('key')
+ self.keys.append(curkey)
+ content = "\n"
+ continue
+
+ m = multidata.match(line)
+ if m:
+ content = content + line
+ continue
+
+ if curkey:
+ self.map[curkey] = content[:-1]
+
+ def dump(self, fd):
+ for key in self.keys:
+ fd.write(key + ": " + self.map[key] + "\n")
+
+ def isSingleLine(self, s):
+ if s.count("\n"):
+ return False
+ else:
+ return True
+
+ def isMultiLine(self, s):
+ return not self.isSingleLine(s)
+
+ def _mergeFields(self, s1, s2):
+ if not s2:
+ return s1
+ if not s1:
+ return s2
+
+ if self.isSingleLine(s1) and self.isSingleLine(s2):
+ ## some fields are delimited by a single space, others
+ ## a comma followed by a space. this heuristic assumes
+ ## that there are multiple items in one of the string fields
+ ## so that we can pick up on the delimiter being used
+ delim = ' '
+ if (s1 + s2).count(', '):
+ delim = ', '
+
+ L = (s1 + delim + s2).split(delim)
+ L.sort()
+
+ prev = merged = L[0]
+
+ for item in L[1:]:
+ ## skip duplicate entries
+ if item == prev:
+ continue
+ merged = merged + delim + item
+ prev = item
+ return merged
+
+ if self.isMultiLine(s1) and self.isMultiLine(s2):
+ for item in s2.splitlines(True):
+ if item not in s1.splitlines(True):
+ s1 = s1 + "\n" + item
+ return s1
+
+ raise ValueError
+
+ def mergeFields(self, key, d1, d2 = None):
+ ## this method can work in two ways - abstract that away
+ if d2 == None:
+ x1 = self
+ x2 = d1
+ else:
+ x1 = d1
+ x2 = d2
+
+ ## we only have to do work if both objects contain our key
+ ## otherwise, we just take the one that does, or raise an
+ ## exception if neither does
+ if key in x1.keys and key in x1.keys:
+ merged = self._mergeFields(x1.map[key], x2.map[key])
+ elif key in x1.keys:
+ merged = x1[key]
+ elif key in x2.keys:
+ merged = x2[key]
+ else:
+ raise KeyError
+
+ ## back to the two different ways - if this method was called
+ ## upon an object, update that object in place.
+ ## return nothing in this case, to make the author notice a
+ ## problem if she assumes the object itself will not be modified
+ if d2 == None:
+ self.map[key] = merged
+ return None
+
+ return merged
+
+ def hasField(self, key):
+ if key in self.keys:
+ return True
+ return False
+
+ def addField(self, key, value):
+ if key in self.keys:
+ ## key is already there
+ raise KeyError
+ else:
+ self.keys.append(key)
+ self.map[key] = value
+
+## methods that changes and dsc files have in common
+class _dscchanges(deb822):
+ """A base class; not intended for direct use"""
+
+## Specialty class for dealing with .dsc files
+class dsc(_dscchanges):
+ def files(self):
+ fileList = []
+
+ for fileEntry in self.map["Files"].splitlines():
+ file = {}
+ if fileEntry:
+ fields = fileEntry.split()
+ file["md5sum"] = fields[0]
+ file["size"] = fields[1]
+ file["name"] = fields[2]
+ fileList.append(file)
+
+ return fileList
+
+class changes(_dscchanges):
+ def files(self):
+ fileList = []
+
+ for fileEntry in self.map["Files"].splitlines():
+ file = {}
+ if fileEntry:
+ fields = fileEntry.split()
+ file["md5sum"] = fields[0]
+ file["size"] = fields[1]
+ file["section"] = fields[2]
+ file["priority"] = fields[3]
+ file["name"] = fields[4]
+ fileList.append(file)
+
+ return fileList
Added: people/dannf/patchinfo/scripts/sync-pkg-list
==============================================================================
--- (empty file)
+++ people/dannf/patchinfo/scripts/sync-pkg-list Tue Nov 8 08:09:09 2005
@@ -0,0 +1,27 @@
+#!/usr/bin/python
+
+import sys
+import deb822
+from optparse import OptionParser
+
+if __name__ == '__main__':
+ parser = OptionParser()
+ parser.add_option("-p", "--pkglist", dest="pkglist",
+ help="File containing list of packages being tracked",
+ metavar="PACKAGELIST")
+ (options, args) = parser.parse_args()
+
+ if not options.pkglist:
+ sys.stderr.write("A package list must be specified, see --help")
+ sys.exit(1)
+
+ f = open(options.pkglist, 'r')
+ pkglist = f.read().split()
+ f.close()
+
+ for file in args:
+ d = deb822.deb822(open(file, 'r'))
+ for pkg in pkglist:
+ if not d.hasField(pkg):
+ d.addField(pkg, "")
+ d.dump(sys.stdout)
Modified: people/dannf/patchinfo/setkeys-needs-root.patch
==============================================================================
--- people/dannf/patchinfo/setkeys-needs-root.patch (original)
+++ people/dannf/patchinfo/setkeys-needs-root.patch Tue Nov 8 08:09:09 2005
@@ -1,5 +1,5 @@
Candidate: CAN-2005-3181
-References:
+References:
URL: http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CAN-2005-3181
CONFIRM: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=829841146878e082613a49581ae252c071057c23
Description:
@@ -7,13 +7,20 @@
incorrect function to free names_cache memory, which prevents the memory
from being tracked by AUDITSYSCALL code and leads to a memory leak that
allows attackers to cause a denial of service (memory consumption).
-Notes:
+Notes:
2.4 isn't vulnerable because AUDITSYSCALL doesn't exist in 2.4
-Bugs:
+Bugs:
upstream: released (2.6.13.4)
2.6.13: released (2.6.13+2.6.14-rc4-0experimental.1)
2.6.8-sarge-security: pending (2.6.8-16sarge2)
2.6.8-sarge: pending (2.6.8-17)
2.4.27-sarge-security: N/A
2.4.27-sarge/sid: N/A
-
+2.6.14:
+2.6.8:
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
Modified: people/dannf/patchinfo/sys_get_thread_area-leak.dpatch
==============================================================================
--- people/dannf/patchinfo/sys_get_thread_area-leak.dpatch (original)
+++ people/dannf/patchinfo/sys_get_thread_area-leak.dpatch Tue Nov 8 08:09:09 2005
@@ -1,15 +1,23 @@
Candidate: CVE-2005-3276
-References:
+References:
CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@1.3700.4.106?nav=index.html|src/|src/arch|src/arch/i386|src/arch/i386/kernel|related/arch/i386/kernel/process.c
CONFIRM: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=71ae18ec690953e9ba7107c7cc44589c2cc0d9f1
URL:http://lkml.org/lkml/2005/8/3/36
-Description:
+Description:
The sys_get_thread_area function in Linux 2.6 kernels prior to 2.6.12.4 and
2.6.13 does not entirely clear a user_desc structure before copying it
to userspace, resulting in a small information leak.
-Bugs:
+Bugs:
upstream: released (2.6.12.4)
-2.6.13:
-2.6.12:
+2.6.13:
+2.6.12:
2.6.8-sarge-security: pending (2.6.8-16sarge2)
2.4.27-sarge-security: N/A
+2.6.14:
+2.6.8:
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
More information about the Kernel-svn-changes
mailing list