[kernel] r4773 - people/dannf/patchinfo

Dann Frazier dannf at costa.debian.org
Thu Nov 10 06:18:41 UTC 2005 

Author: dannf
Date: Thu Nov 10 06:18:39 2005
New Revision: 4773

Modified:
   people/dannf/patchinfo/nptl-signal-delivery-deadlock-fix
Log:
add a description, some references & note that 2.4 is probably
immune.  this guy is probably ready for a mitre submission


Modified: people/dannf/patchinfo/nptl-signal-delivery-deadlock-fix
==============================================================================
--- people/dannf/patchinfo/nptl-signal-delivery-deadlock-fix	(original)
+++ people/dannf/patchinfo/nptl-signal-delivery-deadlock-fix	Thu Nov 10 06:18:39 2005
@@ -1,33 +1,19 @@
-## Lines beginning with '##' are just for this boilerplate - they shouldn't be
-## transferred to patch track files
-## A list of valid fields for patch description files, with examples
-Candidate: ##NEEDED## | CAN/CVE-XXXX-XXXX | N/A
+Candidate: ##NEEDED##
 References:
- CONFIRM:##URL##
- MISC:##URL## 
-Description: 
- Summary of the issue
- .
- Might be used for requesting a CVE, or included in a DSA
+ CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=dd12f48d4e8774415b528d3991ae47c28f26e1ac;hp=ade6648b3b11a5d81f6f28135193ab6d85d621db
+ MISC:http://groups.google.com/group/linux.kernel/browse_thread/thread/74683bcc8dbf0df3/bf540370894d3de0%23bf540370894d3de0?sa=X&oi=groupsr&start=0&num=3
+Description:
+ Bhavesh P. Davda reported a race condition that exists in Linux 2.6 kernels prior to
+ 2.6.13 and 2.6.12.6.  A deadlock can occur when a SIGKILL signal is sent to a real-time
+ threaded process that is dumping core, which can be used by a local user to initiate
+ a denial of service attack.
 Notes:
- Notes for internal use by the kernel team
-Bug: 123456, 123457
-## per-tree status.
-##  pending: fix has been committed to svn
-##  released: we've cut a version with this fix in it
-##  needed: bug is applicable to this tree and needs a fix
-##  An empty value means that someone needs to determine the relevancy for this tree
-## 
-##
-## status maybe followed by a version string in ()'s, and/or a patchname in []'s
-## Prerequisite patches maybe listed in [] as well, even though they may not be
-## directly part of the fix.
-upstream: released (2.6.12, 2.4.29-rc3), pending (2.6.11.3)
-2.6.13: pending
-2.6.12: pending (2.6.12-9)
-2.6.8-sarge-security: released (2.6.8-16sarge1) [patchname.patch, prerequisite.dpatch, prerequisite2.dpatch]
-2.4.27-sarge-security: needed
+ handle_stop_signal() in 2.4 looks significantly different, and since this bug
+ is associated with NPTL, I don't think we ned to worry about in 2.4.
+Bug:
+upstream: released (2.6.12.6, 2.6.13)
+2.6.14: N/A
+2.6.8-sarge-security: pending (2.6.8-16sarge2) [nptl-signal-delivery-deadlock-fix.dpatch]
+2.6.8: needed
+2.4.27-sarge-security: N/A
 2.4.27: N/A
-
-
-## Should released tag be renamed to fixed?

More information about the Kernel-svn-changes mailing list