r4477 - people/micah
Dann Frazier
dannf at costa.debian.org
Sun Oct 16 16:19:03 UTC 2005
Author: dannf
Date: 2005-10-16 16:19:02 +0000 (Sun, 16 Oct 2005)
New Revision: 4477
Modified:
people/micah/pending_CVE_requests
Log:
looks like we smooshed two different patches together; fix & update autobind issue
Modified: people/micah/pending_CVE_requests
===================================================================
--- people/micah/pending_CVE_requests 2005-10-16 15:58:34 UTC (rev 4476)
+++ people/micah/pending_CVE_requests 2005-10-16 16:19:02 UTC (rev 4477)
@@ -86,11 +86,6 @@
URL: http://www.kernel.org/git/?p=linux/kernel/git/marcelo/linux-2.4.git;a=commit;h=e684f066dff5628bb61ad1912de6e8058b5b4c7d
* asm-i386-mem-clobber.dpatch:
-Draft CVE text:
- Make sure netlink_autobind() propagates the error return from
- netlink_insert(). Otherwise, callers will not see the error as they
- should and thus try to operate on a socket with a zero pid, which is very
- bad.
URL: http://lkml.org/lkml/2005/6/27/348
URL: http://linux.bkbits.net:8080/linux-2.6/cset@1.3349?nav=index.html|src/|src/include|src/include/asm-i386|related/include/asm-i386/string.h
TODO: CVE text
@@ -99,6 +94,15 @@
TODO: Fixed in Upstream 2.6.12.2
+* net-netlink-autobind-return.dpatch
+Draft CVE text:
+ Make sure netlink_autobind() propagates the error return from
+ netlink_insert(). Otherwise, callers will not see the error as they
+ should and thus try to operate on a socket with a zero pid, which is very
+ bad.
+TODO: How is this a security issue?
+dannf> I don't think it is
+
* arch-ia64-ptrace-getregs-putregs.dpatch
[Security, ia64] Fix unchecked user-memory accesses in ptrage_getregs()
and ptrace_setregs.
More information about the Kernel-svn-changes
mailing list