r4347 - people/horms/patch_notes
Simon Horman
horms at costa.debian.org
Fri Oct 7 10:07:51 UTC 2005
Author: horms
Date: 2005-10-07 10:07:50 +0000 (Fri, 07 Oct 2005)
New Revision: 4347
Modified:
people/horms/patch_notes/2.6.13.1
people/horms/patch_notes/2.6.13.2
people/horms/patch_notes/newcve-2005-09-30
Log:
Everything in newcve-2005-09-30 should now be annotated
Modified: people/horms/patch_notes/2.6.13.1
===================================================================
--- people/horms/patch_notes/2.6.13.1 2005-10-07 08:29:35 UTC (rev 4346)
+++ people/horms/patch_notes/2.6.13.1 2005-10-07 10:07:50 UTC (rev 4347)
@@ -4,6 +4,7 @@
Description: Kconfig: saa7134-dvb must select tda1004x
File: saa7134-dvb-must-select-tda1004x.patch
Security: No
+2.6.13: fixed in 2.6.13-1: linux-2.6.13.1.patch
2.6.12: applied
2.6.8-sarge: not applicable; driver not present in 2.6.12
2.6.8-sarge-security: not applicable; see above; not a security patch
@@ -11,6 +12,7 @@
Description: aacraid bad BUG_ON fix
File: aacraid-bad-BUG_ON-fix.patch
Security: No
+2.6.13: fixed in 2.6.13-1: linux-2.6.13.1.patch
2.6.12: not applicable; introduced in the variable FIB code that
was introduced between 2.6.12 and 2.6.13. Linus's Git tree
7c00ffa314bf0fb0e23858bbebad33b48b6abbb9
@@ -20,6 +22,7 @@
Description: Fix PCI ROM mapping
File: fix-pci-rom-mapping.patch
Security: No
+2.6.13: fixed in 2.6.13-1: linux-2.6.13.1.patch
2.6.12: applied
2.6.8-sarge: not applicable
2.6.8-sarge-security: not applicable; see above; not a security patch
@@ -27,6 +30,7 @@
Description: [i386] pci_assign_unassigned_resources() update
File: pci_assign_unassigned_resources-update.patch
Security: No
+2.6.13: fixed in 2.6.13-1: linux-2.6.13.1.patch
2.6.12: not applicable; introduced between 2.6.12 and 2.6.13
2.6.8-sarge: not applicable; see above
2.6.8-sarge-security: not applicable; see above; not a security patch
@@ -34,6 +38,7 @@
Description: 2.6.13 breaks libpcap (and tcpdump)
File: fix-socket-filter-regression.patch
Security: No
+2.6.13: fixed in 2.6.13-1: linux-2.6.13.1.patch
2.6.12: applied rediff
2.6.8-sarge: not applicable;
2.6.8-sarge-security: not applicable; not a security patch
@@ -41,6 +46,7 @@
Description: [SECURITY] Fix boundary check in standard multi-block cipher processors
File: ipsec-oops-fix.patch
Security: Maybe; Could be a local DoS
+2.6.13: fixed in 2.6.13-1: linux-2.6.13.1.patch
Reference: http://bugzilla.kernel.org/show_bug.cgi?id=5194 (down)
2.6.12: not applicable; introduced between 2.6.12 and 2.6.13
2.6.8-sarge: not applicable; see above
@@ -49,6 +55,7 @@
Description: Use SA_SHIRQ in sparc specific code.
File: sparc-request_irq-in-RTC-fix.patch
Security: No
+2.6.13: fixed in 2.6.13-1: linux-2.6.13.1.patch
2.6.12: applied
2.6.8-sarge: applied
2.6.8-sarge-security: not a security patch
@@ -56,6 +63,7 @@
Description: Reassembly trim not clearing CHECKSUM_HW
File: ipv4-fragmentation-csum-handling.patch
Security: No
+2.6.13: fixed in 2.6.13-1: linux-2.6.13.1.patch
2.6.12: applied
2.6.8-sarge: applied
2.6.8-sarge-security: not a security patch
@@ -64,14 +72,23 @@
See CAN-2005-2490
File: sendmsg-stackoverflow.patch
Security: Yes; CAN-2005-2490
-2.6.12: applied
+2.6.13: fixed in 2.6.13-1: linux-2.6.13.1.patch
+2.6.13: fixed in 2.6.13-1
+2.6.12: fixed in 2.6.12-7
2.6.8-sarge: applied
-2.6.8-sarge-security: not a security patch
+2.6.8-sarge-security: applied
+2.4.27-sid/sarge: not applicable
+2.4.27-sarge-security: not applicable
Description: [SECURITY] raw_sendmsg DoS.
See CAN-2005-2492
File: sendmsg-DoS.patch
Security: Yes; CAN-2005-2492
-2.6.12: applied
+2.6.13: fixed in 2.6.13-1: linux-2.6.13.1.patch
+2.6.13: fixed in 2.6.13-1
+2.6.12: fixed in 2.6.12-7
2.6.8-sarge: not applicable
2.6.8-sarge-security: not applicable
+2.4.27-sid/sarge: not applicable
+2.4.27-sarge-security: not applicable
+
Modified: people/horms/patch_notes/2.6.13.2
===================================================================
--- people/horms/patch_notes/2.6.13.2 2005-10-07 08:29:35 UTC (rev 4346)
+++ people/horms/patch_notes/2.6.13.2 2005-10-07 10:07:50 UTC (rev 4347)
@@ -3,14 +3,18 @@
Description: [SECURITY] lost fput in 32bit ioctl on x86-64
File: lost-fput-in-32bit-ioctl-on-x86-64.patch
-Security: Yes; local DoS
-2.6.12: applied
-2.6.8-sarge: applied
-2.6.8-sarge-security: applied
+Security: Yes; local DoS; CAN-2005-3044
+2.6.13: fixed in 2.6.13-1: linux-2.6.13.2.patch
+2.6.12: fixed in 2.6.12-7: lost-fput-in-32bit-ioctl-on-x86-64.patch
+2.6.8-sarge: in svn: lost-fput-in-32bit-ioctl-on-x86-64.dpatch
+2.6.8-sarge-security: in svn: lost-fput-in-32bit-ioctl-on-x86-64.dpatch
+2.4.27-sid/sarge: code is vulnerable but there is no amd64 for 2.4 in Sarge
+2.4.27-sarge-security: vulnerable but there is no amd64 for 2.4 in Sarge
Description: [SECURITY] lost sockfd_put() in routing_ioctl()
File: lost-sockfd_put-in-32bit-compat-routing_ioctl.patch
Security: Yes; local DoS
+2.6.13: fixed in 2.6.13-1: linux-2.6.13.2.patch
2.6.12: applied
2.6.8-sarge: applied
2.6.8-sarge-security: applied
@@ -18,6 +22,7 @@
Description: forcedeth: Initialize link settings in every nv_open()
File: forcedeth-init-link-settings-in-nv_open.patch
Security: No
+2.6.13: fixed in 2.6.13-1: linux-2.6.13.2.patch
2.6.12: applied
2.6.8-sarge: applied
2.6.8-sarge-security: not a security patch
@@ -25,6 +30,7 @@
Description: hpt366: write the full 4 bytes of ROM address, not just low 1 byte
File: hpt366-write-dword-not-byte-for-ROM-resource.patch
Security: No
+2.6.13: fixed in 2.6.13-1: linux-2.6.13.2.patch
2.6.12: not applicable; seems to have been introduced between 2.6.12 and 2.6.13
2.6.8-sarnot applicable; seems to have been introduced between 2.6.12 and 2.6.13ge:
2.6.8-sarge-security: not applicable; seems to have been introduced between 2.6.12 and 2.6.13; not a security patch
@@ -32,6 +38,7 @@
Description: Sun GEM ethernet: enable and map PCI ROM properly
File: sungem-enable-and-map-pci-rom-properly.patch
Security: No
+2.6.13: fixed in 2.6.13-1: linux-2.6.13.2.patch
2.6.12: applied; #322734
2.6.8-sarge: applied
2.6.8-sarge-security: not a security patch
@@ -39,6 +46,7 @@
Description: Sun HME: enable and map PCI ROM properly
File: sunhme-enable-and-map-pci-rom-properly.patch
Security: No
+2.6.13: fixed in 2.6.13-1: linux-2.6.13.2.patch
2.6.12: applied
2.6.8-sarge: applied
2.6.8-sarge-security: not a security patch
@@ -46,6 +54,7 @@
Description: Fix DHCP + MASQUERADE problem
File: netfilter-fix-dhcp-masquerade-problem.patch
Security: No
+2.6.13: fixed in 2.6.13-1: linux-2.6.13.2.patch
2.6.12: not applicable; introduced between 2.6.12 and 2.6.13
2.6.8-sarge: not applicable; introduced between 2.6.12 and 2.6.13
2.6.8-sarge-security: not applicable; introduced between 2.6.12 and 2.6.13; not a security patch
@@ -53,6 +62,7 @@
Description: jfs_delete_inode must call clear_inode
File: jfs_delete_inode-must-call-clear_inode.patch
Security: No
+2.6.13: fixed in 2.6.13-1: linux-2.6.13.2.patch
2.6.12: not applicable; introduced between 2.6.12 and 2.6.13
2.6.8-sarge: not applicable; introduced between 2.6.12 and 2.6.13
2.6.8-sarge-security: not applicable; introduced between 2.6.12 and 2.6.13; not a security patch
@@ -60,6 +70,7 @@
Description: Fix MPOL_F_VERIFY
File: fix-MPOL_F_VERIFY.patch
Security: No
+2.6.13: fixed in 2.6.13-1: linux-2.6.13.2.patch
2.6.12: applied; backported to use verify_pages() instead of check_pgd_range()
Alternative is to pre-patch with
91612e0df20a52f61db3cac280c153311b36df7a from upstream,
@@ -70,6 +81,7 @@
Description: Fix up more strange byte writes to the PCI_ROM_ADDRESS config word
File: fix-more-byte-to-dword-writes-to-PCI_ROM_ADDRESS-config-word.patch
Security: No
+2.6.13: fixed in 2.6.13-1: linux-2.6.13.2.patch
2.6.12: applied
2.6.8-sarge: applied
2.6.8-sarge-security: not a security patch
@@ -77,6 +89,7 @@
Description: USB: ftdi_sio: custom baud rate fix
File: usb-ftdi_sio-baud-fix.patch
Security: No
+2.6.13: fixed in 2.6.13-1: linux-2.6.13.2.patch
2.6.12: not applicable; introduced between 2.6.12 and 2.6.13
2.6.8-sarnot applicable; seems to have been introduced between 2.6.12 and 2.6.13ge:
2.6.8-sarge-security: not applicable; seems to have been introduced between 2.6.12 and 2.6.13; not a security patch
Modified: people/horms/patch_notes/newcve-2005-09-30
===================================================================
--- people/horms/patch_notes/newcve-2005-09-30 2005-10-07 08:29:35 UTC (rev 4346)
+++ people/horms/patch_notes/newcve-2005-09-30 2005-10-07 10:07:50 UTC (rev 4347)
@@ -19,9 +19,18 @@
before the count is copied from user space to kernel space, which
leads to a buffer overflow.
+Notes by Horms:
+upstream: 2.4.31 / 2.6.6
+2.6.13: not vulnerable
+2.6.12: not vulnerable
+2.6.8-sarge: not vulnerable
+2.6.8-sarge-security: not vulnerable
+2.4.27-sid/sarge: fixed in 2.4.27-11: 167_arch-ia64-x86_64_execve.diff (note 2.4 is not supported for amd64)
+2.4.27-sarge-security: fixed in 2.4.27-10sarge1: 167_arch-ia64-x86_64_execve.diff (note 2.4 is not supported for amd64)
+
======================================================
Candidate: CAN-2005-2548
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2548
@@ -38,8 +47,17 @@
packets that lead to a function call with the wrong argument, as
demonstrated using snmpwalk on snmpd.
+Notes by Horms:
+upstream: 2.4.29
+2.6.13: not vulnerable
+2.6.12: not vulnerable
+2.6.8-sarge: in svn: vlan-mii-ioctl.dpatch
+2.6.8-sarge-security: fixed in 2.6.8-16sarge1: vlan-mii-ioctl.dpatch
+2.4.27-sid/sarge: not vulnerable
+2.4.27-sarge-security: not vulnerable
+
======================================================
Candidate: CAN-2005-2553
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2553
@@ -58,8 +76,17 @@
service (kernel crash/oops) by running a 32-bit ltrace program with
the -i option on a 64-bit executable program.
+Notes by Horms:
+upstream: 2.4.29
+2.6.13: not vulnerable
+2.6.12: not vulnerable
+2.6.8-sarge: not vulnerable
+2.6.8-sarge-security: not vulnerable
+2.4.27-sid/sarge: in svn: 184_arch-x86_64-ia32-ptrace32-oops.diff
+2.4.27-sarge-security: in svn: 184_arch-x86_64-ia32-ptrace32-oops.diff
+
======================================================
Candidate: CAN-2005-2098
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2098
@@ -82,8 +109,17 @@
session keyring (1) with an empty name string, (2) with a long name
string, (3) with the key quota reached, or (4) ENOMEM.
+Notes by Horms:
+upstream: 2.6.12.5
+2.6.13: not vulnerable
+2.6.12: fixed in 2.6.12-3: linux-2.6.12.5.patch
+2.6.8-sarge: not vulnerable
+2.6.8-sarge-security: not vulnerable
+2.4.27-sid/sarge: not vulnerable
+2.4.27-sarge-security: not vulnerable
+
======================================================
Candidate: CAN-2005-2099
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2099
@@ -105,6 +141,14 @@
with a payload that is not empty, which causes the creation to fail,
leading toa null dereference in the keyring destructor.
+Notes by Horms:
+upstream: 2.6.12.5
+2.6.13: not vulnerable
+2.6.12: fixed in 2.6.12-3: linux-2.6.12.5.patch
+2.6.8-sarge: not vulnerable
+2.6.8-sarge-security: not vulnerable
+2.4.27-sid/sarge: not vulnerable
+2.4.27-sarge-security: not vulnerable
======================================================
@@ -129,6 +173,14 @@
cause a denial of service (kernel crash) via a crafted compressed ISO
file system.
+Notes by Horms:
+upstream: 2.6.12.5
+2.6.13: not vulnerable
+2.6.12: fixed in 2.6.12-3: linux-2.6.12.5.patch
+2.6.8-sarge: in svn: zisofs.dpatch
+2.6.8-sarge-security: in svn: zisofs.diff
+2.4.27-sid/sarge: in svn: zisofs-2.diff
+2.4.27-sarge-security: in svn: zisofs-2.diff
======================================================
@@ -151,9 +203,19 @@
inflate.c in the zlib routines in the Linux kernel before 2.6.12.5
allows remote attackers to cause a denial of service (kernel crash)
via a compressed file with "improper tables".
+y}
+Notes by Horms:
+upstream: 2.6.12.5
+2.6.13: not vulnerable
+2.6.12: fixed in 2.6.12-3: linux-2.6.12.5.patch
+2.6.8-sarge: in svn: linux-zlib-fixes.dpatch
+2.6.8-sarge-security: fixed in 2.6.8-16sarge1: linux-zlib-fixes.dpatch
+2.4.27-sid/sarge: fixed in 2.4.27-11: 182_linux-zlib-fixes.diff
+2.4.27-sarge-security: fixed in 2.4.27-10sarge1: 182_linux-zlib-fixes.diff
+
======================================================
Candidate: CAN-2005-2459
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2459
@@ -176,9 +238,17 @@
compressed file that leads to a null pointer dereference, a different
vulnerbility than CAN-2005-2458.
+Notes by Horms:
+upstream: not vulnerable (a bogus fix was applied in 2.6.12.5 and reverted in 2.6.12.6)
+http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.12.6
+2.6.13: not vulnerable
+2.6.12: not vulnerable
+2.6.8-sarge: not vulnerable
+2.6.8-sarge-security: not vulnerable
+2.4.27-sid/sarge: in svn: not vulnerable
+2.4.27-sarge-security: not vulnerable
-
======================================================
Candidate: CAN-2005-2872
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2872
@@ -199,8 +269,18 @@
length based on the u_int32_t type, acting on an array of unsigned
long elements, a different vulnerability than CAN-2005-2873.
+Notes by Horms:
+upstream: 2.6.12
+2.6.13: not vulnerable
+2.6.12: not vulnerable
+2.6.8-sarge: in svn: net-ipv4-netfilter-ip_recent-last_pkts.dpatch
+2.6.8-sarge-security: in svn: net-ipv4-netfilter-ip_recent-last_pkts.dpatch
+2.4.27-sid/sarge: fixed in 2.4.27-11:179_net-ipv4-netfilter-ip_recent-last_pkts.diff
+2.4.27-sarge-security: in svn: 179_net-ipv4-netfilter-ip_recent-last_pkts.diff
+
+
======================================================
Candidate: CAN-2005-2873
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2873
@@ -218,8 +298,17 @@
rules to block too early, a different vulnerability than
CAN-2005-2872.
+Notes by horms:
+No patch that is acceptable upstream is available
+http://lists.debian.org/debian-kernel/2005/09/msg00257.html
+upstream: vulnerable
+2.6.13: vulnerable: #332381
+2.6.12: vulnerable: #332381
+2.6.8-sarge: vulnerable: #332231
+2.6.8-sarge-security: vulnerable: #332231
+2.4.27-sid/sarge: vulnerable: #332228
+2.4.27-sarge-security: vulnerable: #332228
-
======================================================
Candidate: CAN-2005-1913
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1913
@@ -245,8 +334,14 @@
the signal to be delivered to the old group-leader task, which does
not exist.
+Notes Horms:
+upstream: 2.6.12.1
+2.6.12: fixed in 2.6.12-1: linux-2.6.12.1.patch
+2.6.8-sarge: not applicable
+2.6.8-sarge-security: not applicable
+2.4.27-sid/sarge: not applicable
+2.4.27-sarge-security: not applicable
-
======================================================
Candidate: CAN-2005-2490
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2490
@@ -272,8 +367,15 @@
by calling sendmsg and modifying the message contents in another
thread.
+Notes Horms:
+upstream: 2.6.13.1
+2.6.13: fixed in 2.6.13-1: linux-2.6.13.1.patch
+2.6.12: fixed in 2.6.12-7: sendmsg-stackoverflow.patch
+2.6.8-sarge: applied
+2.6.8-sarge-security: applied
+2.4.27-sid/sarge: not applicable
+2.4.27-sarge-security: not applicable
-
======================================================
Candidate: CAN-2005-2492
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2492
@@ -298,8 +400,15 @@
allows local users to cause a denial of service (change hardware
state) or read from arbitrary memory via crafted input.
+Notes Horms:
+upstream: 2.6.13.1
+2.6.13: fixed in 2.6.13-1: linux-2.6.13.1.patch
+2.6.12: fixed in 2.6.12-7: sendmsg-DoS.patch
+2.6.8-sarge: not applicable
+2.6.8-sarge-security: not applicable
+2.4.27-sid/sarge: not applicable
+2.4.27-sarge-security: not applicable
-
======================================================
Candidate: CAN-2005-3044
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3044
@@ -316,7 +425,17 @@
via (1) fput in a 32-bit ioctl on 64-bit x86 systems or (2) sockfd_put
in the 32-bit routing_ioctl function on 64-bit systems.
+Notes Horms:
+http://lkml.org/lkml/2005/9/30/218
+upstream: 2.6.13.2
+2.6.13: fixed in 2.6.13-1: linux-2.6.13.2.patch
+2.6.12: fixed in 2.6.12-7: lost-fput-in-32bit-ioctl-on-x86-64.patch
+2.6.8-sarge: in svn: lost-fput-in-32bit-ioctl-on-x86-64.dpatch
+2.6.8-sarge-security: in svn: lost-fput-in-32bit-ioctl-on-x86-64.dpatch
+2.4.27-sid/sarge: code is vulnerable but there is no amd64 for 2.4 in Sarge
+2.4.27-sarge-security: vulnerable but there is no amd64 for 2.4 in Sarge
+
======================================================
Candidate: CAN-2005-3053
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3053
@@ -332,9 +451,15 @@
allows local users to cause a denial of service (kernel BUG()) via a
negative first argument.
+Notes Horms:
+http://lkml.org/lkml/2005/9/30/218
+upstream: 2.6.12.5
+2.6.12: fixed in 2.6.12-3
+2.6.8-sarge: in svn: mempolicy-check-mode.dpatch
+2.6.8-sarge-security: in svn: mempolicy-check-mode.dpatch
+2.4.27-sid/sarge: not applicable
+2.4.27-sarge-security: not applicable
-
-
======================================================
Candidate: CAN-2005-3055
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3055
@@ -355,10 +480,10 @@
Notes Horms:
http://lkml.org/lkml/2005/9/30/218
upstream: pending
-2.6.13: vulnerable
-2.6.12: vulnerable
-2.6.8-sarge: vulnerable
-2.6.8-sarge-security: vulnerable
+2.6.13: vulnerable: #330287
+2.6.12: vulnerable: #330287
+2.6.8-sarge: vulnerable: #332596
+2.6.8-sarge-security: vulnerable: #332596
2.4.27-sid/sarge: not applicable
2.4.27-sarge-security: not applicable
@@ -388,10 +513,12 @@
Notes from Micah and Horms:
upstream: fixed
+2.6.13: not vulnerable
+2.6.12: not vulnerable
2.6.8-sarge: in svn: mckinley_icache.dpatch
2.6.8-sarge-security: fixed in 2.6.8-16sarge1: mckinley_icache.dpatch
-2.4.27-sid/sarge: vulnerable
-2.4.27-sarge-security: vulnerable
+2.4.27-sid/sarge: vulnerable: #332569
+2.4.27-sarge-security: vulnerable: #332569
======================================================
@@ -417,7 +544,9 @@
http://linux.bkbits.net:8080/linux-2.6/diffs/fs/exec.c@1.156?nav=index.html|src/|src/fs|hist/fs/exec.c
Notes from Micah and Horms:
-upstream: fixed
+upstream: 2.6.11
+2.6.13: not vulnerable
+2.6.13: not vulnerable
2.6.8-sarge: in svn: fs-exec-ptrace-core-exec-race.dpatch
2.6.8-sarge-security: fixed in 2.6.8-16sarge1: fs-exec-ptrace-core-exec-race.dpatch
2.4.27-sid/sarge: not implemented
@@ -447,10 +576,12 @@
Notes from Micah and Horms:
upstream: 2.6.11
+2.6.13: not vulnerable
+2.6.13: not vulnerable
2.6.8-sarge: in svn: fs-exec-ptrace-deadlock.dpatch
2.6.8-sarge-security: fixed in 2.6.8-16sarge1: fs-exec-ptrace-deadlock.dpatch
-2.4.27-sid/sarge: not implemented
-2.4.27-sarge-security: not implemented
+2.4.27-sid/sarge: not vulnerable
+2.4.27-sarge-security: not vulnerable
======================================================
Candidate: CAN-2005-3108
@@ -474,11 +605,13 @@
Notes from Horms:
Fixed in:
- upstream: 2.6.11.12
- 2.6.8-sarge: applied to svn: arch-x86_64-mm-ioremap-page-lookup.dpatch
- 2.6.8-sarge-security: fixed in 2.6.8-16sarge1: arch-x86_64-mm-ioremap-page-lookup.dpatch
- 2.4.27-sid/sarge: not implemented
- 2.4.27-sarge-security: not implemented
+upstream: 2.6.11.12
+2.6.13: not vulnerable
+2.6.12: not vulnerable
+2.6.8-sarge: applied to svn: arch-x86_64-mm-ioremap-page-lookup.dpatch
+2.6.8-sarge-security: fixed in 2.6.8-16sarge1: arch-x86_64-mm-ioremap-page-lookup.dpatch
+2.4.27-sid/sarge: not implemented
+2.4.27-sarge-security: not implemented
======================================================
@@ -502,11 +635,13 @@
Notes from Horms:
Fixed in:
- upstream: 2.6.11.12: hfsplus-oops-hfs-leak-fix.patch
- 2.6.8-sarge: applied to svn: fs-hfs-oops-and-leak.dpatch
- 2.6.8-sarge-security: fixed in 2.6.8-16sarge1: fs-hfs-oops-and-leak.dpatch
- 2.4.27-sid/sarge: asking upstream: http://lkml.org/lkml/2005/10/7/3/index.html
- 2.4.27-sarge-security: asking upstream: http://lkml.org/lkml/2005/10/7/3/index.html
+upstream: 2.6.11.12
+2.6.13: not vulnerable
+2.6.12: not vulnerable
+2.6.8-sarge: applied to svn: fs-hfs-oops-and-leak.dpatch
+2.6.8-sarge-security: fixed in 2.6.8-16sarge1: fs-hfs-oops-and-leak.dpatch
+2.4.27-sid/sarge: asking upstream: http://lkml.org/lkml/2005/10/7/3/index.html
+2.4.27-sarge-security: asking upstream: http://lkml.org/lkml/2005/10/7/3/index.html
======================================================
Candidate: CAN-2005-3110
@@ -531,9 +666,11 @@
Notes from Horms:
Fixed in:
- upstream: 2.6.11.11: ebtables-fix-smp-race.patch
- 2.6.8-sarge: not applicable: net-bridge-netfilter-etables-smp-race.dpatch
- 2.6.8-sarge-security: fixed in 2.6.8-16sarge1: net-bridge-netfilter-etables-smp-race.dpatch
- 2.4.27-sid/sarge: not applicable
- 2.4.27-sarge-security: not applicable
+upstream: 2.6.11.11
+2.6.13: not vulnerable
+2.6.12: not vulnerable
+2.6.8-sarge: not applicable: net-bridge-netfilter-etables-smp-race.dpatch
+2.6.8-sarge-security: fixed in 2.6.8-16sarge1: net-bridge-netfilter-etables-smp-race.dpatch
+2.4.27-sid/sarge: not applicable
+2.4.27-sarge-security: not applicable
More information about the Kernel-svn-changes
mailing list