r4351 - in people: . micah

Micah Anderson micah at costa.debian.org
Fri Oct 7 13:58:08 UTC 2005 

Author: micah
Date: 2005-10-07 13:58:07 +0000 (Fri, 07 Oct 2005)
New Revision: 4351

Added:
   people/micah/
   people/micah/pending_CVE_requests
Log:
Added pending CVE list


Added: people/micah/pending_CVE_requests
===================================================================
--- people/micah/pending_CVE_requests	2005-10-07 13:04:43 UTC (rev 4350)
+++ people/micah/pending_CVE_requests	2005-10-07 13:58:07 UTC (rev 4351)
@@ -0,0 +1,63 @@
+waiting on dannf:
+A local denial of service was discovered in the ptrace code for ia64 in
+linux-2.6.8 enabling unprivledged users to trigger an oops when
+CONFIG_PREEMPT is enabled in the kernel configuration.
+
+from 2.6.8-16sarge1:
+  * fs-exec-posix-timers-leak-1.dpatch,
+    [Security] fs-exec-posix-timers-leak-2.dpatch
+    Make exec clean up posix timers.
+M: dannf tracked
+
+  * net-bridge-forwarding-poison-2.dpatch,
+    net-bridge-forwarding-poison-2.dpatch:
+    [Security] Avoid poisoning of the bridge forwarding table by frames that
+    have been dropped by filtering. This prevents spoofed source addresses on
+    hostile side of bridge from causing packet leakage, a small but possible
+    security risk.
+M: dannf tracked
+
+  * [Security] net-rose-ndigis-verify.dpatch
+    Verify ndigis argument of a new route.
+M: dannf tracked
+
+  * sound-usb-usbaudio-unplug-oops.dpatch
+    [Security] Prevent oops & dead keyboard on usb unplugging while the device
+    is being used.
+M: dannf tracked
+
+  * net-ipv4-ipvs-conn_tab-race.dpatch
+    [Security] Fix race condition on ip_vs_conn_tab list modification
+M: dannf tracked
+
+  * asm-i386-mem-clobber.dpatch:
+    Make sure netlink_autobind() propagates the error return from
+    netlink_insert().  Otherwise, callers will not see the error as they
+    should and thus try to operate on a socket with a zero pid, which is very
+    bad.
+M: dannf tracked
+
+  * arch-ia64-ptrace-getregs-putregs.dpatch
+    [Security, ia64] Fix unchecked user-memory accesses in ptrage_getregs()
+    and ptrace_setregs.
+M: dannf tracked
+
+  [ dann frazier ]
+  * Merge in applicable fixes from 2.6.12.3
+     - [Security] ppc32-time_offset-misuse.dpatch
+M: dannf tracked
+
+  * Merge in applicable fixes from 2.6.12.4
+     - [Security] netfilter-NAT-memory-corruption.dpatch
+M: dannf tracked
+
+     - [Security] netfilter-ip_conntrack_untracked-refcount.dpatch
+M: dannf tracked
+
+     - [Security] sys_get_thread_area-leak.dpatch
+M: dannf tracked
+
+  [ Simon Horman ]
+  * fs_ext2_ext3_xattr-sharing.dpatch
+    [Security] Xattr sharing bug
+    See http://lists.debian.org/debian-kernel/2005/08/msg00238.html

More information about the Kernel-svn-changes mailing list