[kernel] r12747 - in dists/etch-security/linux-2.6/debian: . patches/bugfix/all patches/series

Dann Frazier dannf at alioth.debian.org
Tue Feb 10 06:28:02 UTC 2009 

Author: dannf
Date: Tue Feb 10 06:28:01 2009
New Revision: 12747

Log:
* dell_rbu: use scnprintf instead of less secure sprintf
   - bugfix/all/dell_rbu-use-scnprintf-instead-of-sprintf.patch
  See CVE-2009-0322

Added:
   dists/etch-security/linux-2.6/debian/patches/bugfix/all/dell_rbu-use-scnprintf-instead-of-sprintf.patch
      - copied, changed from r12745, /dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/dell_rbu-use-scnprintf-instead-of-sprintf.patch
Modified:
   dists/etch-security/linux-2.6/debian/changelog
   dists/etch-security/linux-2.6/debian/patches/series/24etch1

Modified: dists/etch-security/linux-2.6/debian/changelog
==============================================================================
--- dists/etch-security/linux-2.6/debian/changelog	(original)
+++ dists/etch-security/linux-2.6/debian/changelog	Tue Feb 10 06:28:01 2009
@@ -15,8 +15,11 @@
   * security: introduce missing kfree
      - bugfix/all/security-keyctl-missing-kfree.patch
     See CVE-2009-0031
+  * dell_rbu: use scnprintf instead of less secure sprintf
+     - bugfix/all/dell_rbu-use-scnprintf-instead-of-sprintf.patch
+    See CVE-2009-0322
 
- -- dann frazier <dannf at debian.org>  Mon, 09 Feb 2009 23:19:02 -0700
+ -- dann frazier <dannf at debian.org>  Mon, 09 Feb 2009 23:25:32 -0700
 
 linux-2.6 (2.6.18.dfsg.1-24) stable; urgency=high
 

Copied: dists/etch-security/linux-2.6/debian/patches/bugfix/all/dell_rbu-use-scnprintf-instead-of-sprintf.patch (from r12745, /dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/dell_rbu-use-scnprintf-instead-of-sprintf.patch)
==============================================================================
--- /dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/dell_rbu-use-scnprintf-instead-of-sprintf.patch	(original)
+++ dists/etch-security/linux-2.6/debian/patches/bugfix/all/dell_rbu-use-scnprintf-instead-of-sprintf.patch	Tue Feb 10 06:28:01 2009
@@ -11,12 +11,12 @@
     Signed-off-by: Pavel Roskin <proski at gnu.org>
     Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
 
-Adjusted to apply to Debian's 2.6.26 by dann frazier <dannf at debian.org>
+Adjusted to apply to Debian's 2.6.18 by dann frazier <dannf at debian.org>
 
-diff -urpN linux-source-2.6.26.orig/drivers/firmware/dell_rbu.c linux-source-2.6.26/drivers/firmware/dell_rbu.c
---- linux-source-2.6.26.orig/drivers/firmware/dell_rbu.c	2008-07-13 15:51:29.000000000 -0600
-+++ linux-source-2.6.26/drivers/firmware/dell_rbu.c	2009-02-09 21:44:12.000000000 -0700
-@@ -598,7 +598,7 @@ static ssize_t read_rbu_image_type(struc
+diff -urpN linux-source-2.6.18.orig/drivers/firmware/dell_rbu.c linux-source-2.6.18/drivers/firmware/dell_rbu.c
+--- linux-source-2.6.18.orig/drivers/firmware/dell_rbu.c	2006-09-19 21:42:06.000000000 -0600
++++ linux-source-2.6.18/drivers/firmware/dell_rbu.c	2009-02-09 23:23:28.000000000 -0700
+@@ -596,7 +596,7 @@ static ssize_t read_rbu_image_type(struc
  {
  	int size = 0;
  	if (!pos)
@@ -25,7 +25,7 @@
  	return size;
  }
  
-@@ -670,7 +670,7 @@ static ssize_t read_rbu_packet_size(stru
+@@ -666,7 +666,7 @@ static ssize_t read_rbu_packet_size(stru
  	int size = 0;
  	if (!pos) {
  		spin_lock(&rbu_data.lock);

Modified: dists/etch-security/linux-2.6/debian/patches/series/24etch1
==============================================================================
--- dists/etch-security/linux-2.6/debian/patches/series/24etch1	(original)
+++ dists/etch-security/linux-2.6/debian/patches/series/24etch1	Tue Feb 10 06:28:01 2009
@@ -54,3 +54,4 @@
 + bugfix/all/CVE-2009-0029/0090-i386-remove-sys_pipe-proto.patch
 + bugfix/all/CVE-2009-0029/0091-avoid-abi-change.patch
 + bugfix/all/security-keyctl-missing-kfree.patch
++ bugfix/all/dell_rbu-use-scnprintf-instead-of-sprintf.patch

More information about the Kernel-svn-changes mailing list