[kernel] r5233 - patch-tracking

Moritz Muehlenhoff jmm-guest at costa.debian.org
Wed Jan 4 13:13:05 UTC 2006 

Author: jmm-guest
Date: Wed Jan  4 13:13:04 2006
New Revision: 5233

Added:
   patch-tracking/sdla_capability_check
Modified:
   patch-tracking/CVE-2004-2607
Log:
A wrong fix has been merged for CVE-2004-2607


Modified: patch-tracking/CVE-2004-2607
==============================================================================
--- patch-tracking/CVE-2004-2607	(original)
+++ patch-tracking/CVE-2004-2607	Wed Jan  4 13:13:04 2006
@@ -8,12 +8,13 @@
  jmm> 2.6.6 was released on 2004-05-09, so Sarge seems not affected, should
  jmm> be double-checked against the source though, but my bandwidth is currently
  jmm> too slim to download 2.6.8
- jmm> I've requested a CVE assignment
+ jmm>
+ jmm> The fix below is for a completely different issue, I've split it out
 Bugs: 
 upstream: released (2.4.29-rc2)
 linux-2.6: 
 2.6.8-sarge-security: 
-2.4.27-sarge-security: released (2.4.27-8) [129_net_sdla_coverty.diff]
+2.4.27-sarge-security: 
 2.6.8: 
 2.4.19-woody-security: 
 2.4.18-woody-security: 

Added: patch-tracking/sdla_capability_check
==============================================================================
--- (empty file)
+++ patch-tracking/sdla_capability_check	Wed Jan  4 13:13:04 2006
@@ -0,0 +1,30 @@
+Candidate: needed
+References: 
+Description: 
+Notes: 
+ jmm> This was accidentally released as a fix for CVE-2004-2607 in 2.4.27-8:
+ jmm> 
+ jmm> diff -Nru a/drivers/net/wan/sdla.c b/drivers/net/wan/sdla.c
+ jmm> --- a/drivers/net/wan/sdla.c    2005-01-13 08:41:42 -08:00
+ jmm> +++ b/drivers/net/wan/sdla.c    2005-01-13 08:41:42 -08:00
+ jmm> @@ -1300,6 +1300,8 @@
+ jmm>
+ jmm>                case SDLA_WRITEMEM:
+ jmm>                case SDLA_READMEM:
+ jmm> +                       if(!capable(CAP_SYS_RAWIO))
+ jmm> +                               return -EPERM;
+ jmm>                         return(sdla_xfer(dev, (struct sdla_mem *)ifr->ifr_data, cmd == SDLA_READMEM));
+ jmm> 
+ jmm>                case SDLA_START:
+Bugs: 
+upstream: 
+linux-2.6:
+2.6.8-sarge-security: 
+2.4.27-sarge-security: released (2.4.27-8) [129_net_sdla_coverty.diff]
+2.6.8: 
+2.4.19-woody-security: 
+2.4.18-woody-security: 
+2.4.17-woody-security: 
+2.4.16-woody-security: 
+2.4.17-woody-security-hppa: 
+2.4.17-woody-security-ia64:

More information about the Kernel-svn-changes mailing list