[kernel-sec-discuss] r1388 - active retired
Moritz Muehlenhoff
jmm at alioth.debian.org
Tue May 19 09:26:29 UTC 2009
Author: jmm
Date: 2009-05-19 09:26:29 +0000 (Tue, 19 May 2009)
New Revision: 1388
Added:
retired/CVE-2008-3272
retired/CVE-2008-3528
retired/CVE-2008-4113
retired/CVE-2008-4445
Removed:
active/CVE-2008-3272
active/CVE-2008-3528
active/CVE-2008-4113
active/CVE-2008-4445
Modified:
active/CVE-2008-4554
active/CVE-2008-4576
active/CVE-2008-4933
active/CVE-2008-4934
active/CVE-2008-5025
active/CVE-2008-5182
retired/CVE-2008-3275
Log:
add upstream status, retire issues
Deleted: active/CVE-2008-3272
===================================================================
--- active/CVE-2008-3272 2009-05-19 09:08:19 UTC (rev 1387)
+++ active/CVE-2008-3272 2009-05-19 09:26:29 UTC (rev 1388)
@@ -1,16 +0,0 @@
-Candidate: CVE-2008-3272
-Description:
-References:
-Ubuntu-Description:
-Notes:
-Bugs:
-upstream: released (2.6.25.15, 2.6.26.2, 2.6.27-rc2)
-linux-2.6: released (2.6.26-2) [bugfix/all/stable/2.6.26.2.patch]
-2.6.18-etch-security: released (2.6.18.dfsg.1-22etch2) [bugfix/sound-ensure-device-number-is-valid-in-snd_seq_oss_synth_make_info.patch]
-2.6.24-etch-security: released (2.6.24-6~etchnhalf.5) [bugfix/sound-ensure-device-number-is-valid-in-snd_seq_oss_synth_make_info.patch]
-2.6.26-lenny-security: released (2.6.26-2) [bugfix/all/stable/2.6.26.2.patch]
-2.6.15-dapper-security: released (2.6.15-52.71)
-2.6.20-feisty-security: released (2.6.20-17.39)
-2.6.22-gutsy-security: released (2.6.22-15.58)
-2.6.24-hardy-security: released (2.6.24-19.41)
-2.6.27-intrepid-security: released (2.6.27-2.3)
Deleted: active/CVE-2008-3528
===================================================================
--- active/CVE-2008-3528 2009-05-19 09:08:19 UTC (rev 1387)
+++ active/CVE-2008-3528 2009-05-19 09:26:29 UTC (rev 1388)
@@ -1,24 +0,0 @@
-Candidate: CVE-2008-3528
-Description:
-References:
- https://bugzilla.redhat.com/show_bug.cgi?id=459577
- http://lkml.org/lkml/2008/9/13/98
- http://lkml.org/lkml/2008/9/13/99
- http://lkml.org/lkml/2008/9/17/371
- cdbf6dba28e8e6268c8420857696309470009fd9
- bd39597cbd42a784105a04010100e27267481c67
- 9d9f177572d9e4eba0f2e18523b44f90dd51fe74
-Ubuntu-Description:
-Notes:
- dannf> very minor
-Bugs:
-upstream:
-linux-2.6: released (2.6.26-11) [bugfix/all/stable/2.6.26.8.patch]
-2.6.18-etch-security: released (2.6.18.dfsg.1-23etch1) [bugfix/ext2-avoid-corrupted-directory-printk-floods.patch, bugfix/ext3-avoid-corrupted-directory-printk-floods.patch]
-2.6.24-etch-security: released (2.6.24-6~etchnhalf.7) [bugfix/ext2-avoid-corrupted-directory-printk-floods.patch, bugfix/ext3-avoid-corrupted-directory-printk-floods.patch]
-2.6.26-lenny-security: released (2.6.26-11) [bugfix/all/stable/2.6.26.8.patch]
-2.6.15-dapper-security: ignored (negligible)
-2.6.20-feisty-security: ignored (EOL)
-2.6.22-gutsy-security: ignored (negligible)
-2.6.24-hardy-security: ignored (negligible)
-2.6.27-intrepid-security: N/A
Deleted: active/CVE-2008-4113
===================================================================
--- active/CVE-2008-4113 2009-05-19 09:08:19 UTC (rev 1387)
+++ active/CVE-2008-4113 2009-05-19 09:26:29 UTC (rev 1388)
@@ -1,18 +0,0 @@
-Candidate: CVE-2008-4113
-Description:
-References:
- http://marc.info/?l=linux-sctp&m=121986743009093&w=2
- http://marc.info/?l=linux-sctp&m=121986743209110&w=2
-Ubuntu-Description:
-Notes:
-Bugs:
-upstream: released (2.6.26.4)
-linux-2.6: released (2.6.26-5) [bugfix/all/stable/2.6.26.4.patch]
-2.6.18-etch-security: N/A
-2.6.24-etch-security: released (2.6.24-6~etchnhalf.6) [bugfix/sctp-fix-random-memory-dereference-with-SCTP_HMAC_I.patch]
-2.6.26-lenny-security: released (2.6.26-5) [bugfix/all/stable/2.6.26.4.patch]
-2.6.15-dapper-security: N/A
-2.6.20-feisty-security: N/A
-2.6.22-gutsy-security: N/A
-2.6.24-hardy-security: released (2.6.24-21.43)
-2.6.27-intrepid-security: N/A
Deleted: active/CVE-2008-4445
===================================================================
--- active/CVE-2008-4445 2009-05-19 09:08:19 UTC (rev 1387)
+++ active/CVE-2008-4445 2009-05-19 09:26:29 UTC (rev 1388)
@@ -1,17 +0,0 @@
-Candidate: CVE-2008-4445
-Description:
-References:
- http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.26.y.git;a=commit;h=d97240552cd98c4b07322f30f66fd9c3ba4171de
-Ubuntu-Description:
-Notes:
-Bugs:
-upstream: released (2.6.26.4)
-linux-2.6: released (2.6.26-5) [bugfix/all/stable/2.6.26.4.patch]
-2.6.18-etch-security: N/A
-2.6.24-etch-security: released (2.6.24-6~etchnhalf.6) [bugfix/sctp-fix-random-memory-dereference-with-SCTP_HMAC_I.patch]
-2.6.26-lenny-security: released (2.6.26-5) [bugfix/all/stable/2.6.26.4.patch]
-2.6.15-dapper-security: N/A
-2.6.20-feisty-security: N/A
-2.6.22-gutsy-security: N/A
-2.6.24-hardy-security: released (2.6.24-21.43)
-2.6.27-intrepid-security: N/A
Modified: active/CVE-2008-4554
===================================================================
--- active/CVE-2008-4554 2009-05-19 09:08:19 UTC (rev 1387)
+++ active/CVE-2008-4554 2009-05-19 09:26:29 UTC (rev 1388)
@@ -6,7 +6,7 @@
Ubuntu-Description:
Notes:
Bugs:
-upstream:
+upstream: released (2.6.27)
linux-2.6: released (2.6.26-9) [bugfix/all/dont-allow-splice-to-files-opened-with-O_APPEND.patch]
2.6.18-etch-security: released (2.6.18.dfsg.1-23etch1) [bugfix/dont-allow-splice-to-files-opened-with-O_APPEND.patch]
2.6.24-etch-security: released (2.6.24-6~etchnhalf.7) [bugfix/all/dont-allow-splice-to-files-opened-with-O_APPEND.patch]
Modified: active/CVE-2008-4576
===================================================================
--- active/CVE-2008-4576 2009-05-19 09:08:19 UTC (rev 1387)
+++ active/CVE-2008-4576 2009-05-19 09:26:29 UTC (rev 1388)
@@ -6,7 +6,7 @@
Ubuntu-Description:
Notes:
Bugs:
-upstream:
+upstream: released (2.6.27)
linux-2.6: released (2.6.26-9) [bugfix/all/stable/2.6.26.6.patch]
2.6.18-etch-security: released (2.6.18.dfsg.1-23etch1) [bugfix/sctp-fix-oops-when-INIT-ACK-indicates-that-peer-doesnt-support-AUTH.patch]
2.6.24-etch-security: released (2.6.24-6~etchnhalf.7) [bugfix/sctp-fix-oops-when-INIT-ACK-indicates-that-peer-doesnt-support-AUTH.patch]
Modified: active/CVE-2008-4933
===================================================================
--- active/CVE-2008-4933 2009-05-19 09:08:19 UTC (rev 1387)
+++ active/CVE-2008-4933 2009-05-19 09:26:29 UTC (rev 1388)
@@ -6,7 +6,7 @@
Ubuntu-Description:
Notes:
Bugs:
-upstream:
+upstream: released (2.6.28)
linux-2.6: released (2.6.26-11) [bugfix/all/hfsplus-fix-Buffer-overflow-with-a-corrupted-image.patch]
2.6.18-etch-security: released (2.6.18.dfsg.1-23etch1) [bugfix/hfsplus-fix-Buffer-overflow-with-a-corrupted-image.patch]
2.6.24-etch-security: released (2.6.24-6~etchnhalf.7) [bugfix/hfsplus-fix-Buffer-overflow-with-a-corrupted-image.patch]
Modified: active/CVE-2008-4934
===================================================================
--- active/CVE-2008-4934 2009-05-19 09:08:19 UTC (rev 1387)
+++ active/CVE-2008-4934 2009-05-19 09:26:29 UTC (rev 1388)
@@ -6,7 +6,7 @@
Ubuntu-Description:
Notes:
Bugs:
-upstream:
+upstream: released (2.6.28)
linux-2.6: released (2.6.26-11) [bugfix/all/hfsplus-check_read_mapping_page-return-value.patch]
2.6.18-etch-security: released (2.6.18.dfsg.1-23etch1) [bugfix/hfsplus-check_read_mapping_page-return-value.patch]
2.6.24-etch-security: released (2.6.24-6~etchnhalf.7) [bugfix/hfsplus-check_read_mapping_page-return-value.patch]
Modified: active/CVE-2008-5025
===================================================================
--- active/CVE-2008-5025 2009-05-19 09:08:19 UTC (rev 1387)
+++ active/CVE-2008-5025 2009-05-19 09:26:29 UTC (rev 1388)
@@ -5,8 +5,9 @@
d38b7aa
Ubuntu-Description:
Notes:
+ jmm> efc7ffcb4237f8cb9938909041c4ed38f6e1bf40
Bugs:
-upstream:
+upstream: released (2.6.28)
linux-2.6: released (2.6.26-11) [bugfix/all/hfs-fix-namelength-memory-corruption.patch]
2.6.18-etch-security: released (2.6.18.dfsg.1-23etch1) [bugfix/hfs-fix-namelength-memory-corruption.patch]
2.6.24-etch-security: released (2.6.24-6~etchnhalf.7) [bugfix/hfs-fix-namelength-memory-corruption.patch]
Modified: active/CVE-2008-5182
===================================================================
--- active/CVE-2008-5182 2009-05-19 09:08:19 UTC (rev 1387)
+++ active/CVE-2008-5182 2009-05-19 09:26:29 UTC (rev 1388)
@@ -4,7 +4,7 @@
Ubuntu-Description:
Notes:
Bugs:
-upstream:
+upstream: released (2.6.28-rc5)
linux-2.6: released (2.6.26-12) [bugfix/all/inotify-watch-removal-umount-races.patch]
2.6.18-etch-security: released (2.6.18.dfsg.1-23etch1) [bugfix/inotify-watch-removal-umount-races.patch]
2.6.24-etch-security: released (2.6.24-6~etchnhalf.7) [bugfix/all/inotify-watch-removal-umount-races.patch]
Copied: retired/CVE-2008-3272 (from rev 1361, active/CVE-2008-3272)
===================================================================
--- retired/CVE-2008-3272 (rev 0)
+++ retired/CVE-2008-3272 2009-05-19 09:26:29 UTC (rev 1388)
@@ -0,0 +1,16 @@
+Candidate: CVE-2008-3272
+Description:
+References:
+Ubuntu-Description:
+Notes:
+Bugs:
+upstream: released (2.6.25.15, 2.6.26.2, 2.6.27-rc2)
+linux-2.6: released (2.6.26-2) [bugfix/all/stable/2.6.26.2.patch]
+2.6.18-etch-security: released (2.6.18.dfsg.1-22etch2) [bugfix/sound-ensure-device-number-is-valid-in-snd_seq_oss_synth_make_info.patch]
+2.6.24-etch-security: released (2.6.24-6~etchnhalf.5) [bugfix/sound-ensure-device-number-is-valid-in-snd_seq_oss_synth_make_info.patch]
+2.6.26-lenny-security: released (2.6.26-2) [bugfix/all/stable/2.6.26.2.patch]
+2.6.15-dapper-security: released (2.6.15-52.71)
+2.6.20-feisty-security: released (2.6.20-17.39)
+2.6.22-gutsy-security: released (2.6.22-15.58)
+2.6.24-hardy-security: released (2.6.24-19.41)
+2.6.27-intrepid-security: released (2.6.27-2.3)
Modified: retired/CVE-2008-3275
===================================================================
--- retired/CVE-2008-3275 2009-05-19 09:08:19 UTC (rev 1387)
+++ retired/CVE-2008-3275 2009-05-19 09:26:29 UTC (rev 1388)
@@ -5,7 +5,7 @@
Notes:
Bugs:
upstream: released (2.6.25.15, 2.6.26.2)
-linux-2.6: N/A
+linux-2.6: released (2.6.26-2)
2.6.18-etch-security: released (2.6.18.dfsg.1-22etch2) [bugfix/vfs-fix-lookup-on-deleted-directory.patch]
2.6.24-etch-security: released (2.6.24-6~etchnhalf.5) [bugfix/vfs-fix-lookup-on-deleted-directory.patch]
2.6.26-lenny-security: released (2.6.26-2) [bugfix/all/stable/2.6.26.2.patch]
Copied: retired/CVE-2008-3528 (from rev 1361, active/CVE-2008-3528)
===================================================================
--- retired/CVE-2008-3528 (rev 0)
+++ retired/CVE-2008-3528 2009-05-19 09:26:29 UTC (rev 1388)
@@ -0,0 +1,24 @@
+Candidate: CVE-2008-3528
+Description:
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=459577
+ http://lkml.org/lkml/2008/9/13/98
+ http://lkml.org/lkml/2008/9/13/99
+ http://lkml.org/lkml/2008/9/17/371
+ cdbf6dba28e8e6268c8420857696309470009fd9
+ bd39597cbd42a784105a04010100e27267481c67
+ 9d9f177572d9e4eba0f2e18523b44f90dd51fe74
+Ubuntu-Description:
+Notes:
+ dannf> very minor
+Bugs:
+upstream:
+linux-2.6: released (2.6.26-11) [bugfix/all/stable/2.6.26.8.patch]
+2.6.18-etch-security: released (2.6.18.dfsg.1-23etch1) [bugfix/ext2-avoid-corrupted-directory-printk-floods.patch, bugfix/ext3-avoid-corrupted-directory-printk-floods.patch]
+2.6.24-etch-security: released (2.6.24-6~etchnhalf.7) [bugfix/ext2-avoid-corrupted-directory-printk-floods.patch, bugfix/ext3-avoid-corrupted-directory-printk-floods.patch]
+2.6.26-lenny-security: released (2.6.26-11) [bugfix/all/stable/2.6.26.8.patch]
+2.6.15-dapper-security: ignored (negligible)
+2.6.20-feisty-security: ignored (EOL)
+2.6.22-gutsy-security: ignored (negligible)
+2.6.24-hardy-security: ignored (negligible)
+2.6.27-intrepid-security: N/A
Copied: retired/CVE-2008-4113 (from rev 1361, active/CVE-2008-4113)
===================================================================
--- retired/CVE-2008-4113 (rev 0)
+++ retired/CVE-2008-4113 2009-05-19 09:26:29 UTC (rev 1388)
@@ -0,0 +1,18 @@
+Candidate: CVE-2008-4113
+Description:
+References:
+ http://marc.info/?l=linux-sctp&m=121986743009093&w=2
+ http://marc.info/?l=linux-sctp&m=121986743209110&w=2
+Ubuntu-Description:
+Notes:
+Bugs:
+upstream: released (2.6.26.4)
+linux-2.6: released (2.6.26-5) [bugfix/all/stable/2.6.26.4.patch]
+2.6.18-etch-security: N/A
+2.6.24-etch-security: released (2.6.24-6~etchnhalf.6) [bugfix/sctp-fix-random-memory-dereference-with-SCTP_HMAC_I.patch]
+2.6.26-lenny-security: released (2.6.26-5) [bugfix/all/stable/2.6.26.4.patch]
+2.6.15-dapper-security: N/A
+2.6.20-feisty-security: N/A
+2.6.22-gutsy-security: N/A
+2.6.24-hardy-security: released (2.6.24-21.43)
+2.6.27-intrepid-security: N/A
Copied: retired/CVE-2008-4445 (from rev 1361, active/CVE-2008-4445)
===================================================================
--- retired/CVE-2008-4445 (rev 0)
+++ retired/CVE-2008-4445 2009-05-19 09:26:29 UTC (rev 1388)
@@ -0,0 +1,17 @@
+Candidate: CVE-2008-4445
+Description:
+References:
+ http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.26.y.git;a=commit;h=d97240552cd98c4b07322f30f66fd9c3ba4171de
+Ubuntu-Description:
+Notes:
+Bugs:
+upstream: released (2.6.26.4)
+linux-2.6: released (2.6.26-5) [bugfix/all/stable/2.6.26.4.patch]
+2.6.18-etch-security: N/A
+2.6.24-etch-security: released (2.6.24-6~etchnhalf.6) [bugfix/sctp-fix-random-memory-dereference-with-SCTP_HMAC_I.patch]
+2.6.26-lenny-security: released (2.6.26-5) [bugfix/all/stable/2.6.26.4.patch]
+2.6.15-dapper-security: N/A
+2.6.20-feisty-security: N/A
+2.6.22-gutsy-security: N/A
+2.6.24-hardy-security: released (2.6.24-21.43)
+2.6.27-intrepid-security: N/A
More information about the kernel-sec-discuss
mailing list