[kernel-sec-discuss] r988 - active

jmm at alioth.debian.org jmm at alioth.debian.org
Wed Oct 3 16:38:35 UTC 2007


Author: jmm
Date: 2007-10-03 16:38:35 +0000 (Wed, 03 Oct 2007)
New Revision: 988

Modified:
   active/CVE-2006-5755
   active/CVE-2007-4133
   active/CVE-2007-4573
   active/CVE-2007-5093
Log:
fixes from latest DSA


Modified: active/CVE-2006-5755
===================================================================
--- active/CVE-2006-5755	2007-10-03 16:34:16 UTC (rev 987)
+++ active/CVE-2006-5755	2007-10-03 16:38:35 UTC (rev 988)
@@ -18,10 +18,11 @@
  jmm> http://www.mail-archive.com/kgdb-bugreport@lists.sourceforge.net/msg00559.html
  dannf> marking sarge/2.4 N/A since we released no sarge/2.4/amd64 kernel
  dannf> ignoring for sarge7 because backport is non-trivial
+ jmm> Affects xen
 Bugs: 
 upstream: released (2.6.18)
 linux-2.6: released (2.6.18-1)
-2.6.18-etch-security: N/A
+2.6.18-etch-security: released (2.6.18.dfsg.1-13etch4)
 2.6.8-sarge-security: ignored (2.6.8-16sarge7)
 2.4.27-sarge-security: N/A
 2.6.12-breezy-security: released (2.6.12-10.43)

Modified: active/CVE-2007-4133
===================================================================
--- active/CVE-2007-4133	2007-10-03 16:34:16 UTC (rev 987)
+++ active/CVE-2007-4133	2007-10-03 16:38:35 UTC (rev 988)
@@ -8,7 +8,7 @@
 Bugs: 
 upstream: 
 linux-2.6: 
-2.6.18-etch-security: pending (2.6.18.dfsg.1-13etch4) [bugfix/hugetlb-prio_tree-unit-fix.patch]
+2.6.18-etch-security: released (2.6.18.dfsg.1-13etch4) [bugfix/hugetlb-prio_tree-unit-fix.patch]
 2.6.8-sarge-security: 
 2.4.27-sarge-security: 
 2.6.15-dapper-security: 

Modified: active/CVE-2007-4573
===================================================================
--- active/CVE-2007-4573	2007-10-03 16:34:16 UTC (rev 987)
+++ active/CVE-2007-4573	2007-10-03 16:38:35 UTC (rev 988)
@@ -7,10 +7,11 @@
  emulation in x86_64 kernels did not correctly clear the high bits of
  registers.  Local attackers could exploit this to gain root privileges.
 Notes: 
+ jmm> Fix in etch3 didn't fix the problem for Xen guests
 Bugs: 
 upstream: released (2.6.22.7)
 linux-2.6: 
-2.6.18-etch-security: released (2.6.18.dfsg.1-13etch3) [bugfix/amd64-zero-extend-32bit-ptrace.patch]
+2.6.18-etch-security: released (2.6.18.dfsg.1-13etch4) [bugfix/amd64-zero-extend-32bit-ptrace.patch]
 2.6.8-sarge-security: 
 2.4.27-sarge-security: N/A
 2.6.15-dapper-security: released (2.6.15-29.59)

Modified: active/CVE-2007-5093
===================================================================
--- active/CVE-2007-5093	2007-10-03 16:34:16 UTC (rev 987)
+++ active/CVE-2007-5093	2007-10-03 16:38:35 UTC (rev 988)
@@ -19,7 +19,7 @@
 Bugs: 
 upstream: 
 linux-2.6: 
-2.6.18-etch-security: pending (2.6.18.dfsg.1-13etch4) [bugfix/usb-pwc-disconnect-block.patch]
+2.6.18-etch-security: released (2.6.18.dfsg.1-13etch4) [bugfix/usb-pwc-disconnect-block.patch]
 2.6.8-sarge-security: 
 2.4.27-sarge-security: 
 2.6.15-dapper-security: 




More information about the kernel-sec-discuss mailing list