[kernel] r6865 - patch-tracking
Moritz Muehlenhoff
jmm-guest at costa.debian.org
Thu Jun 22 07:09:52 UTC 2006
Author: jmm-guest
Date: Thu Jun 22 07:09:49 2006
New Revision: 6865
Modified:
patch-tracking/CVE-2006-1343
patch-tracking/CVE-2006-1528
patch-tracking/CVE-2006-2275
patch-tracking/CVE-2006-2444
patch-tracking/CVE-2006-2445
patch-tracking/CVE-2006-2448
patch-tracking/CVE-2006-3085
Log:
more updates
Modified: patch-tracking/CVE-2006-1343
==============================================================================
--- patch-tracking/CVE-2006-1343 (original)
+++ patch-tracking/CVE-2006-1343 Thu Jun 22 07:09:49 2006
@@ -13,7 +13,7 @@
jmm> It's now fixed upstream in 2.6 as well, let's include it in sarge4
Bugs:
upstream: released (2.4.33-pre3), released (2.6.16.19)
-linux-2.6:
+linux-2.6: released (2.6.16-15)
2.6.8-sarge-security: ignored (2.6.8-16sarge3)
2.4.27-sarge-security: released (2.4.27-10sarge3)
2.4.19-woody-security:
Modified: patch-tracking/CVE-2006-1528
==============================================================================
--- patch-tracking/CVE-2006-1528 (original)
+++ patch-tracking/CVE-2006-1528 Thu Jun 22 07:09:49 2006
@@ -1,10 +1,15 @@
-Candidate:
+Candidate: CVE-2006-1528
References:
-Description:
+ https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=168791
+ http://linux.bkbits.net:8080/linux-2.6/cset@43220081yu9ClBQNuqSSnW_9amW7iQ
+ http://marc.theaimsgroup.com/?l=linux-scsi&m=112540053711489&w=2
+Description:
+ Linux kernel before 2.6.13 allows local users to cause a denial of service (crash) via
+ a dio transfer from the sg driver to memory mapped (mmap) IO space.
Notes:
Bugs:
-upstream:
-linux-2.6:
+upstream: released (2.6.13)
+linux-2.6: released (2.6.13-1)
2.6.8-sarge-security:
2.4.27-sarge-security:
2.4.27:
Modified: patch-tracking/CVE-2006-2275
==============================================================================
--- patch-tracking/CVE-2006-2275 (original)
+++ patch-tracking/CVE-2006-2275 Thu Jun 22 07:09:49 2006
@@ -8,12 +8,13 @@
enough, which leads to "spillover of the receive buffer."
Notes:
jmm> Seems like an ABI-breaker, the sctp_chunk struct is changed in the
- jmm> upstream fix
+ jmm> upstream fix, this issue alone is not worth an ABI bump, a fix will
+ jmm> be postponed for now
Bugs:
upstream: released (2.6.16.15)
linux-2.6: released (2.6.16-13)
-2.6.8-sarge-security:
-2.4.27-sarge-security:
+2.6.8-sarge-security: ignored (2.6.8-16sarge4)
+2.4.27-sarge-security: ignored (2.4.27-10sarge4)
2.4.27:
2.4.19-woody-security:
2.4.18-woody-security:
Modified: patch-tracking/CVE-2006-2444
==============================================================================
--- patch-tracking/CVE-2006-2444 (original)
+++ patch-tracking/CVE-2006-2444 Thu Jun 22 07:09:49 2006
@@ -4,7 +4,7 @@
Notes:
Bugs:
upstream: released (2.6.16.18)
-linux-2.6:
+linux-2.6: released (2.6.16-15)
2.6.8-sarge-security:
2.4.27-sarge-security:
2.4.27:
Modified: patch-tracking/CVE-2006-2445
==============================================================================
--- patch-tracking/CVE-2006-2445 (original)
+++ patch-tracking/CVE-2006-2445 Thu Jun 22 07:09:49 2006
@@ -9,7 +9,7 @@
jmm> 2.6.8 most probably not affected, but there was a reproducer posted to vendor-sec, should be double-checked
Bugs:
upstream:
-linux-2.6:
+linux-2.6: released (2.6.16-15)
2.6.8-sarge-security:
2.4.27-sarge-security:
2.4.27:
Modified: patch-tracking/CVE-2006-2448
==============================================================================
--- patch-tracking/CVE-2006-2448 (original)
+++ patch-tracking/CVE-2006-2448 Thu Jun 22 07:09:49 2006
@@ -4,8 +4,8 @@
Description:
Notes:
Bugs:
-upstream:
-linux-2.6:
+upstream: released (2.6.16.21)
+linux-2.6: released (2.6.16-15)
2.6.8-sarge-security:
2.4.27-sarge-security:
2.4.27:
Modified: patch-tracking/CVE-2006-3085
==============================================================================
--- patch-tracking/CVE-2006-3085 (original)
+++ patch-tracking/CVE-2006-3085 Thu Jun 22 07:09:49 2006
@@ -1,9 +1,9 @@
-Candidate:
+Candidate: CVE-2006-3085
References:
Description:
Notes:
Bugs:
-upstream:
-linux-2.6:
+upstream: released (2.6.16.21)
+linux-2.6: released (2.6.16-15)
2.6.8-sarge-security:
2.4.27-sarge-security:
\ No newline at end of file
More information about the Kernel-svn-changes
mailing list