r4589 - people/horms/patch_notes/cve
Micah Anderson
micah at costa.debian.org
Fri Oct 21 18:02:20 UTC 2005
Author: micah
Date: 2005-10-21 18:02:20 +0000 (Fri, 21 Oct 2005)
New Revision: 4589
Added:
people/horms/patch_notes/cve/fs_ext2_ext3_xattr-sharing.dpatch
Log:
Added patch for CVE-2005-2801
Added: people/horms/patch_notes/cve/fs_ext2_ext3_xattr-sharing.dpatch
===================================================================
--- people/horms/patch_notes/cve/fs_ext2_ext3_xattr-sharing.dpatch 2005-10-21 17:58:14 UTC (rev 4588)
+++ people/horms/patch_notes/cve/fs_ext2_ext3_xattr-sharing.dpatch 2005-10-21 18:02:20 UTC (rev 4589)
@@ -0,0 +1,20 @@
+======================================================
+Candidate: CVE-2005-2801
+URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2801
+Reference: MLIST:[Acl-Devel] 20050205 [FIX] Long-standing xattr sharing bug
+Reference: URL:http://acl.bestbits.at/pipermail/acl-devel/2005-February/001848.html
+Reference: MLIST:[debian-kernel] 20050809 Re: ACL patches in Debian 2.4 series kernel.
+Reference: URL:http://lists.debian.org/debian-kernel/2005/08/msg00238.html
+Reference: SUSE:SUSE-SA:2005:018
+Reference: URL:http://www.novell.com/linux/security/advisories/2005_18_kernel.html
+Description:
+ xattr.c in the ext2 and ext3 file system code for Linux kernel 2.6
+ does not properly compare the name_index fields when sharing xattr
+ blocks, which could prevent default ACLs from being applied.
+
+Bug: [id, id, ...]
+fixed-upstream: [2.6.11]
+2.6.13: (pending [(version)]|released [(version)]|N/A)[, backported][pre-requisite.dpatch(, pre-requisite.dpatch)*]
+2.6.12: (pending [(version)]|released [(version)]|N/A)[, backported][pre-requisite.dpatch(, pre-requisite.dpatch)*]
+2.6.8-sarge-security: (pending [(2.6.8-16sarge2)]|released [(2.6.8-16-sarge1)])[, backported][pre-requisite.dpatch(, pre-requisite.dpatch)*]
+2.4.27-sarge-security: (N/A)
More information about the Kernel-svn-changes
mailing list