[kernel] r5662 - patch-tracking
Simon Horman
horms at costa.debian.org
Wed Feb 1 03:49:58 UTC 2006
Author: horms
Date: Wed Feb 1 03:49:57 2006
New Revision: 5662
Modified:
patch-tracking/CVE-2004-0813
Log:
I'm pretty sure CVE-2004-0813 is fixed in all our 2.6 kernels. And I'm not convinced it is applicable to our 2.4 kernels
Modified: patch-tracking/CVE-2004-0813
==============================================================================
--- patch-tracking/CVE-2004-0813 (original)
+++ patch-tracking/CVE-2004-0813 Wed Feb 1 03:49:57 2006
@@ -11,10 +11,18 @@
dannf> RedHat is still vulnerable, but there has been recent activity:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=133098
dannf> I wonder if one of the patches listed for CVE-2004-1190 fixes this?
+ horms> I'm pretty sure this is fixed by the series of patches for SG_IO
+ added upstream in 2.6.8 and the immediately following period.
+ http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=300162
+ That should clean things up for 2.6.
+ 2.4 doesn't suffer this problem exactly, unless
+ the permisions of /dev/sg* are botched.
+ Alan Cox seems to think that is bad, but I'm not so sure.
+ https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=133098
Bugs:
-upstream:
-linux-2.6:
-2.6.8-sarge-security:
+upstream: fixed (2.6.10)
+linux-2.6: N/A
+2.6.8-sarge-security: fixed (2.6.8-14)
2.4.27-sarge-security:
2.4.19-woody-security:
2.4.18-woody-security:
More information about the Kernel-svn-changes
mailing list