[kernel] r8563 - in dists/etch/linux-2.6/debian: . patches/bugfix patches/series

Dann Frazier dannf at alioth.debian.org
Fri May 4 21:16:53 UTC 2007 

Author: dannf
Date: Fri May  4 21:16:53 2007
New Revision: 8563

Added:
   dists/etch/linux-2.6/debian/patches/bugfix/netlink-infinite-recursion.patch
      - copied unchanged from r8562, releases/linux-2.6/2.6.18.dfsg.1-12etch2/debian/patches/bugfix/netlink-infinite-recursion.patch
   dists/etch/linux-2.6/debian/patches/bugfix/nf_conntrack-set-nfctinfo.patch
      - copied unchanged from r8562, releases/linux-2.6/2.6.18.dfsg.1-12etch2/debian/patches/bugfix/nf_conntrack-set-nfctinfo.patch
   dists/etch/linux-2.6/debian/patches/bugfix/nfnetlink_log-null-deref.patch
      - copied unchanged from r8562, releases/linux-2.6/2.6.18.dfsg.1-12etch2/debian/patches/bugfix/nfnetlink_log-null-deref.patch
   dists/etch/linux-2.6/debian/patches/bugfix/nl_fib_lookup-oops.patch
      - copied unchanged from r8562, releases/linux-2.6/2.6.18.dfsg.1-12etch2/debian/patches/bugfix/nl_fib_lookup-oops.patch
   dists/etch/linux-2.6/debian/patches/series/12etch2
      - copied unchanged from r8562, releases/linux-2.6/2.6.18.dfsg.1-12etch2/debian/patches/series/12etch2
Modified:
   dists/etch/linux-2.6/debian/changelog
Log:
merge in 2.6.18.dfsg.1-12etch2

Modified: dists/etch/linux-2.6/debian/changelog
==============================================================================
--- dists/etch/linux-2.6/debian/changelog	(original)
+++ dists/etch/linux-2.6/debian/changelog	Fri May  4 21:16:53 2007
@@ -36,6 +36,24 @@
 
  -- dann frazier <dannf at debian.org>  Tue, 01 May 2007 19:11:48 -0600
 
+linux-2.6 (2.6.18.dfsg.1-12etch2) stable-security; urgency=high
+
+  * bugfix/nfnetlink_log-null-deref.patch
+    [SECURITY] Fix remotely exploitable NULL pointer dereference in
+    nfulnl_recv_config()
+    See CVE-2007-1496
+  * bugfix/nf_conntrack-set-nfctinfo.patch
+    [SECURITY] Fix incorrect classification of IPv6 fragments as ESTABLISHED,
+    which allows remote attackers to bypass certain rulesets
+    See CVE-2007-1497
+  * bugfix/netlink-infinite-recursion.patch
+    [SECURITY] Fix infinite recursion bug in netlink
+    See CVE-2007-1861
+  * bugfix/nl_fib_lookup-oops.patch
+    Add fix for oops bug added by previous patch
+
+ -- dann frazier <dannf at debian.org>  Tue, 01 May 2007 08:34:18 -0600
+
 linux-2.6 (2.6.18.dfsg.1-12etch1) stable-security; urgency=high
 
   * bugfix/core-dump-unreadable-PT_INTERP.patch

More information about the Kernel-svn-changes mailing list