[kernel] r6865 - patch-tracking

Moritz Muehlenhoff jmm-guest at costa.debian.org
Thu Jun 22 07:09:52 UTC 2006 

Author: jmm-guest
Date: Thu Jun 22 07:09:49 2006
New Revision: 6865

Modified:
   patch-tracking/CVE-2006-1343
   patch-tracking/CVE-2006-1528
   patch-tracking/CVE-2006-2275
   patch-tracking/CVE-2006-2444
   patch-tracking/CVE-2006-2445
   patch-tracking/CVE-2006-2448
   patch-tracking/CVE-2006-3085

Log:
more updates


Modified: patch-tracking/CVE-2006-1343
==============================================================================
--- patch-tracking/CVE-2006-1343	(original)
+++ patch-tracking/CVE-2006-1343	Thu Jun 22 07:09:49 2006
@@ -13,7 +13,7 @@
  jmm> It's now fixed upstream in 2.6 as well, let's include it in sarge4
 Bugs: 
 upstream: released (2.4.33-pre3), released (2.6.16.19)
-linux-2.6: 
+linux-2.6: released (2.6.16-15)
 2.6.8-sarge-security: ignored (2.6.8-16sarge3)
 2.4.27-sarge-security: released (2.4.27-10sarge3)
 2.4.19-woody-security: 

Modified: patch-tracking/CVE-2006-1528
==============================================================================
--- patch-tracking/CVE-2006-1528	(original)
+++ patch-tracking/CVE-2006-1528	Thu Jun 22 07:09:49 2006
@@ -1,10 +1,15 @@
-Candidate: 
+Candidate: CVE-2006-1528 
 References: 
-Description: 
+ https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=168791 
+ http://linux.bkbits.net:8080/linux-2.6/cset@43220081yu9ClBQNuqSSnW_9amW7iQ 
+ http://marc.theaimsgroup.com/?l=linux-scsi&m=112540053711489&w=2
+Description:
+ Linux kernel before 2.6.13 allows local users to cause a denial of service (crash) via
+ a dio transfer from the sg driver to memory mapped (mmap) IO space. 
 Notes: 
 Bugs: 
-upstream: 
-linux-2.6:
+upstream: released (2.6.13) 
+linux-2.6: released (2.6.13-1)
 2.6.8-sarge-security: 
 2.4.27-sarge-security: 
 2.4.27:

Modified: patch-tracking/CVE-2006-2275
==============================================================================
--- patch-tracking/CVE-2006-2275	(original)
+++ patch-tracking/CVE-2006-2275	Thu Jun 22 07:09:49 2006
@@ -8,12 +8,13 @@
  enough, which leads to "spillover of the receive buffer."
 Notes: 
  jmm> Seems like an ABI-breaker, the sctp_chunk struct is changed in the
- jmm> upstream fix
+ jmm> upstream fix, this issue alone is not worth an ABI bump, a fix will
+ jmm> be postponed for now
 Bugs: 
 upstream: released (2.6.16.15)
 linux-2.6: released (2.6.16-13)
-2.6.8-sarge-security: 
-2.4.27-sarge-security: 
+2.6.8-sarge-security: ignored (2.6.8-16sarge4) 
+2.4.27-sarge-security: ignored (2.4.27-10sarge4)
 2.4.27:
 2.4.19-woody-security: 
 2.4.18-woody-security: 

Modified: patch-tracking/CVE-2006-2444
==============================================================================
--- patch-tracking/CVE-2006-2444	(original)
+++ patch-tracking/CVE-2006-2444	Thu Jun 22 07:09:49 2006
@@ -4,7 +4,7 @@
 Notes: 
 Bugs: 
 upstream: released (2.6.16.18)
-linux-2.6:
+linux-2.6: released (2.6.16-15)
 2.6.8-sarge-security: 
 2.4.27-sarge-security: 
 2.4.27:

Modified: patch-tracking/CVE-2006-2445
==============================================================================
--- patch-tracking/CVE-2006-2445	(original)
+++ patch-tracking/CVE-2006-2445	Thu Jun 22 07:09:49 2006
@@ -9,7 +9,7 @@
  jmm> 2.6.8 most probably not affected, but there was a reproducer posted to vendor-sec, should be double-checked
 Bugs: 
 upstream: 
-linux-2.6:
+linux-2.6: released (2.6.16-15)
 2.6.8-sarge-security: 
 2.4.27-sarge-security: 
 2.4.27:

Modified: patch-tracking/CVE-2006-2448
==============================================================================
--- patch-tracking/CVE-2006-2448	(original)
+++ patch-tracking/CVE-2006-2448	Thu Jun 22 07:09:49 2006
@@ -4,8 +4,8 @@
 Description: 
 Notes: 
 Bugs: 
-upstream: 
-linux-2.6:
+upstream: released (2.6.16.21)
+linux-2.6: released (2.6.16-15)
 2.6.8-sarge-security: 
 2.4.27-sarge-security: 
 2.4.27:

Modified: patch-tracking/CVE-2006-3085
==============================================================================
--- patch-tracking/CVE-2006-3085	(original)
+++ patch-tracking/CVE-2006-3085	Thu Jun 22 07:09:49 2006
@@ -1,9 +1,9 @@
-Candidate: 
+Candidate: CVE-2006-3085
 References: 
 Description: 
 Notes: 
 Bugs: 
-upstream: 
-linux-2.6:
+upstream: released (2.6.16.21)
+linux-2.6: released (2.6.16-15)
 2.6.8-sarge-security: 
 2.4.27-sarge-security:
\ No newline at end of file

More information about the Kernel-svn-changes mailing list