[kernel] r6635 - patch-tracking
Dann Frazier
dannf at costa.debian.org
Sat May 20 06:21:28 UTC 2006
Author: dannf
Date: Sat May 20 06:21:26 2006
New Revision: 6635
Modified:
patch-tracking/CVE-2006-1342
patch-tracking/CVE-2006-1343
Log:
corrections for 1342 & 1343
Modified: patch-tracking/CVE-2006-1342
==============================================================================
--- patch-tracking/CVE-2006-1342 (original)
+++ patch-tracking/CVE-2006-1342 Sat May 20 06:21:26 2006
@@ -9,12 +9,14 @@
potentially sensitive memory.
Notes:
jmm> getorigdst() requires the fix in 2.6.8, inet_getname() is already fixed
- troyh> This isn't fixed upstream in 2.6 yet, at least not in the same way as 2.4
+ dannf> both CVE-2006-1342 & CVE-2006-1343 were fixed by the same patch;
+ however we actually coincidentally already fixed 1343 in the
+ 043_ipsec.diff patch
Bugs:
-upstream:
-linux-2.6:
-2.6.8-sarge-security:
-2.4.27-sarge-security: pending (2.4.27-10sarge3)
+upstream: released (2.4.33-pre3)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: released (2.4.27-1)
2.4.27: needed
2.4.19-woody-security:
2.4.18-woody-security:
Modified: patch-tracking/CVE-2006-1343
==============================================================================
--- patch-tracking/CVE-2006-1343 (original)
+++ patch-tracking/CVE-2006-1343 Sat May 20 06:21:26 2006
@@ -8,11 +8,12 @@
getsockopt function with SO_ORIGINAL_DST, which allows local users to
obtain portions of potentially sensitive memory.
Notes:
+ troyh> This isn't fixed upstream in 2.6 yet, at least not in the same way as 2.4
Bugs:
upstream:
linux-2.6:
2.6.8-sarge-security:
-2.4.27-sarge-security:
+2.4.27-sarge-security: pending (2.4.27-10sarge3)
2.4.27:
2.4.19-woody-security:
2.4.18-woody-security:
More information about the Kernel-svn-changes
mailing list