[kernel-sec-discuss] r2177 - active

Moritz Muehlenhoff jmm at alioth.debian.org
Sun Jan 30 11:26:52 UTC 2011 

Author: jmm
Date: 2011-01-30 11:26:46 +0000 (Sun, 30 Jan 2011)
New Revision: 2177

Modified:
   active/CVE-2010-0435
   active/CVE-2010-3699
   active/CVE-2010-4158
   active/CVE-2010-4162
   active/CVE-2010-4163
   active/CVE-2010-4242
   active/CVE-2010-4243
   active/CVE-2010-4248
   active/CVE-2010-4249
   active/CVE-2010-4258
   active/CVE-2010-4342
   active/CVE-2010-4346
   active/CVE-2010-4526
   active/CVE-2010-4527
   active/CVE-2010-4529
   active/CVE-2010-4565
   active/CVE-2010-4649
   active/CVE-2010-4656
   active/CVE-2010-4668
   active/CVE-2011-0521
Log:
record DSA


Modified: active/CVE-2010-0435
===================================================================
--- active/CVE-2010-0435	2011-01-28 14:50:14 UTC (rev 2176)
+++ active/CVE-2010-0435	2011-01-30 11:26:46 UTC (rev 2177)
@@ -11,5 +11,5 @@
 upstream: released (2.6.34)
 2.6.32-upstream-stable: released (2.6.32.27)
 linux-2.6: released (2.6.32-29) [bugfix/all/stable/2.6.32.27.patch]
-2.6.26-lenny-security: pending (2.6.26-26lenny2) [bugfix/x86/kvm-vmx-fix-vmx-null-pointer-dereference-on-debug-register-access.patch]
+2.6.26-lenny-security: released (2.6.26-26lenny2) [bugfix/x86/kvm-vmx-fix-vmx-null-pointer-dereference-on-debug-register-access.patch]
 2.6.32-squeeze-security: released (2.6.32-29) [bugfix/all/stable/2.6.32.27.patch]

Modified: active/CVE-2010-3699
===================================================================
--- active/CVE-2010-3699	2011-01-28 14:50:14 UTC (rev 2176)
+++ active/CVE-2010-3699	2011-01-30 11:26:46 UTC (rev 2177)
@@ -7,5 +7,5 @@
 upstream: N/A "This affects the Xen feature patch set, not in upstream proper"
 2.6.32-upstream-stable: N/A "This affects the Xen feature patch set, not in upstream proper"
 linux-2.6: pending (2.6.32-31)
-2.6.26-lenny-security: pending (2.6.26-26lenny2) [features/all/xen/CVE-2010-3699.patch]
+2.6.26-lenny-security: released (2.6.26-26lenny2) [features/all/xen/CVE-2010-3699.patch]
 2.6.32-squeeze-security: pending (2.6.32-31)

Modified: active/CVE-2010-4158
===================================================================
--- active/CVE-2010-4158	2011-01-28 14:50:14 UTC (rev 2176)
+++ active/CVE-2010-4158	2011-01-30 11:26:46 UTC (rev 2177)
@@ -10,5 +10,5 @@
 upstream: released (2.6.37-rc2) [57fe93b374a6b8711995c2d466c502af9f3a08bb]
 2.6.32-upstream-stable: needed
 linux-2.6: released (2.6.32-29) [bugfix/all/filter-make-sure-filters-dont-read-uninitialized-memory.patch]
-2.6.26-lenny-security: pending (2.6.26-26lenny2) [bugfix/all/filter-make-sure-filters-dont-read-uninitialized-memory.patch]
+2.6.26-lenny-security: released (2.6.26-26lenny2) [bugfix/all/filter-make-sure-filters-dont-read-uninitialized-memory.patch]
 2.6.32-squeeze-security: released (2.6.32-29) [bugfix/all/filter-make-sure-filters-dont-read-uninitialized-memory.patch]

Modified: active/CVE-2010-4162
===================================================================
--- active/CVE-2010-4162	2011-01-28 14:50:14 UTC (rev 2176)
+++ active/CVE-2010-4162	2011-01-30 11:26:46 UTC (rev 2177)
@@ -7,5 +7,5 @@
 upstream: released (2.6.37) [cb4644cac4a2797afc847e6c92736664d4b0ea34]
 2.6.32-upstream-stable: released (2.6.32.27)
 linux-2.6: released (2.6.32-29) [bugfix/all/stable/2.6.32.27.patch]
-2.6.26-lenny-security: pending (2.6.26-26lenny2) [bugfix/all/bio-take-care-not-overflow-page-count-when-mapping-copying-user-data.patch]
+2.6.26-lenny-security: released (2.6.26-26lenny2) [bugfix/all/bio-take-care-not-overflow-page-count-when-mapping-copying-user-data.patch]
 2.6.32-squeeze-security: released (2.6.32-29) [bugfix/all/stable/2.6.32.27.patch]

Modified: active/CVE-2010-4163
===================================================================
--- active/CVE-2010-4163	2011-01-28 14:50:14 UTC (rev 2176)
+++ active/CVE-2010-4163	2011-01-30 11:26:46 UTC (rev 2177)
@@ -8,5 +8,5 @@
 upstream: released (2.6.37) [9284bcf4e335e5f18a8bc7b26461c33ab60d0689, 5478755616ae2ef1ce144dded589b62b2a50d575]
 2.6.32-upstream-stable: released (2.6.32.27)
 linux-2.6: released (2.6.32-29) [debian/patches/bugfix/all/stable/2.6.32.27.patch]
-2.6.26-lenny-security: pending (2.6.26-26lenny2) [bugfix/all/block-check-for-proper-length-of-iov-entries-in-blk_rq_map_user_iov.patch]
+2.6.26-lenny-security: released (2.6.26-26lenny2) [bugfix/all/block-check-for-proper-length-of-iov-entries-in-blk_rq_map_user_iov.patch]
 2.6.32-squeeze-security: released (2.6.32-29) [bugfix/all/stable/2.6.32.27.patch]

Modified: active/CVE-2010-4242
===================================================================
--- active/CVE-2010-4242	2011-01-28 14:50:14 UTC (rev 2176)
+++ active/CVE-2010-4242	2011-01-30 11:26:46 UTC (rev 2177)
@@ -8,5 +8,5 @@
 upstream: released (2.6.37) [c19483cc5e56ac5e22dd19cf25ba210ab1537773]
 2.6.32-upstream-stable: released (2.6.36.26)
 linux-2.6: released (2.6.32-28) [bugfix/all/stable/2.6.32.26.patch]
-2.6.26-lenny-security: pending (2.6.26-26lenny2) [bugfix/all/bluetooth-fix-missing-NULL-check.patch]
+2.6.26-lenny-security: released (2.6.26-26lenny2) [bugfix/all/bluetooth-fix-missing-NULL-check.patch]
 2.6.32-squeeze-security: released (2.6.32-28) [bugfix/all/stable/2.6.32.26.patch]

Modified: active/CVE-2010-4243
===================================================================
--- active/CVE-2010-4243	2011-01-28 14:50:14 UTC (rev 2176)
+++ active/CVE-2010-4243	2011-01-30 11:26:46 UTC (rev 2177)
@@ -14,5 +14,5 @@
 upstream: released (2.6.37-rc5) [3c77f84]
 2.6.32-upstream-stable: needed "Not yet queueed for 2.6.32.y, but it is queued for 2.6.35.y and the same fix applies to both"
 linux-2.6: released (2.6.32-30) [bugfix/all/exec-make-argv-envp-memory-visible-to-oom-killer.patch, bugfix/all/exec-copy-and-paste-the-fixes-into-compat_do_execve-paths.patch]
-2.6.26-lenny-security: pending (2.6.26-26lenny2) [bugfix/all/exec-make-argv-envp-memory-visible-to-oom-killer.patch, bugfix/all/exec-copy-and-paste-the-fixes-into-compat_do_execve-paths.patch]
+2.6.26-lenny-security: released (2.6.26-26lenny2) [bugfix/all/exec-make-argv-envp-memory-visible-to-oom-killer.patch, bugfix/all/exec-copy-and-paste-the-fixes-into-compat_do_execve-paths.patch]
 2.6.32-squeeze-security: released (2.6.32-30) [bugfix/all/exec-make-argv-envp-memory-visible-to-oom-killer.patch, bugfix/all/exec-copy-and-paste-the-fixes-into-compat_do_execve-paths.patch]

Modified: active/CVE-2010-4248
===================================================================
--- active/CVE-2010-4248	2011-01-28 14:50:14 UTC (rev 2176)
+++ active/CVE-2010-4248	2011-01-30 11:26:46 UTC (rev 2177)
@@ -7,5 +7,5 @@
 upstream: released (2.6.37-rc2) [e0a70217107e6f9844628120412cb27bb4cea194]
 2.6.32-upstream-stable: pending (2.6.32.28)
 linux-2.6: released (2.6.32-29) [bugfix/all/posix-cpu-timers-workaround-to-suppress-the-problems-with-mt-exec.patch]
-2.6.26-lenny-security: pending (2.6.26-26lenny2) [bugfix/all/posix-cpu-timers-workaround-to-suppress-the-problems-with-mt-exec.patch]
+2.6.26-lenny-security: released (2.6.26-26lenny2) [bugfix/all/posix-cpu-timers-workaround-to-suppress-the-problems-with-mt-exec.patch]
 2.6.32-squeeze-security: released (2.6.32-29) [bugfix/all/posix-cpu-timers-workaround-to-suppress-the-problems-with-mt-exec.patch]

Modified: active/CVE-2010-4249
===================================================================
--- active/CVE-2010-4249	2011-01-28 14:50:14 UTC (rev 2176)
+++ active/CVE-2010-4249	2011-01-30 11:26:46 UTC (rev 2177)
@@ -31,5 +31,11 @@
 upstream:
 2.6.32-upstream-stable:
 linux-2.6: released (2.6.30-30) [bugfix/all/af_unix-limit-unix_tot_inflight.patch, bugfix/all/scm-lower-SCM_MAX_FD.patch]
-2.6.26-lenny-security: pending (2.6.26-26lenny2) [bugfix/all/af_unix-limit-unix_tot_inflight.patch, bugfix/all/scm-lower-SCM_MAX_FD.patch]
+2.6.26-lenny-security: released (2.6.26-26lenny2) [bugfix/all/af_unix-limit-unix_tot_inflight.patch, bugfix/all/scm-lower-SCM_MAX_FD.patch]
 2.6.32-squeeze-security: released (2.6.30-30) [bugfix/all/af_unix-limit-unix_tot_inflight.patch, bugfix/all/scm-lower-SCM_MAX_FD.patch]
+
+
+
+
+
+

Modified: active/CVE-2010-4258
===================================================================
--- active/CVE-2010-4258	2011-01-28 14:50:14 UTC (rev 2176)
+++ active/CVE-2010-4258	2011-01-30 11:26:46 UTC (rev 2177)
@@ -8,5 +8,5 @@
 upstream: released (2.6.37-rc4) [33dd94ae1ccbfb7bf0fb6c692bc3d1c4269e6177]
 2.6.32-upstream-stable: released (2.6.32.27)
 linux-2.6: released (2.6.32-29) [bugfix/all/stable/2.6.32.27.patch]
-2.6.26-lenny-security: pending (2.6.26-26lenny2) [bugfix/all/do_exit-make-sure-that-we-run-with-get_fs-USER_DS.patch]
+2.6.26-lenny-security: released (2.6.26-26lenny2) [bugfix/all/do_exit-make-sure-that-we-run-with-get_fs-USER_DS.patch]
 2.6.32-squeeze-security: released (2.6.32-29) [bugfix/all/stable/2.6.32.27.patch]

Modified: active/CVE-2010-4342
===================================================================
--- active/CVE-2010-4342	2011-01-28 14:50:14 UTC (rev 2176)
+++ active/CVE-2010-4342	2011-01-30 11:26:46 UTC (rev 2177)
@@ -8,5 +8,5 @@
 upstream: released (2.6.37) [4e085e76cbe558b79b54cbab772f61185879bc64]
 2.6.32-upstream-stable: needed
 linux-2.6: released (2.6.32-30)
-2.6.26-lenny-security: pending (2.6.26-26lenny2) [bugfix/all/econet-fix-crash-in-aun_incoming.patch]
+2.6.26-lenny-security: released (2.6.26-26lenny2) [bugfix/all/econet-fix-crash-in-aun_incoming.patch]
 2.6.32-squeeze-security: released (2.6.32-30)

Modified: active/CVE-2010-4346
===================================================================
--- active/CVE-2010-4346	2011-01-28 14:50:14 UTC (rev 2176)
+++ active/CVE-2010-4346	2011-01-30 11:26:46 UTC (rev 2177)
@@ -8,5 +8,5 @@
 upstream: released (2.6.37) [462e635e5b73ba9a4c03913b77138cd57ce4b050]
 2.6.32-upstream-stable: released (2.6.32.28)
 linux-2.6: released (2.6.32-30)
-2.6.26-lenny-security: pending (2.6.26-26lenny2) [bugfix/all/install_special_mapping-skips-security_file_mmap_check.patch]
+2.6.26-lenny-security: released (2.6.26-26lenny2) [bugfix/all/install_special_mapping-skips-security_file_mmap_check.patch]
 2.6.32-squeeze-security: released (2.6.32-30)

Modified: active/CVE-2010-4526
===================================================================
--- active/CVE-2010-4526	2011-01-28 14:50:14 UTC (rev 2176)
+++ active/CVE-2010-4526	2011-01-30 11:26:46 UTC (rev 2177)
@@ -6,5 +6,5 @@
 upstream: released (2.6.34) [50b5d6ad63821cea324a5a7a19854d4de1a0a819]
 2.6.32-upstream-stable: released (2.6.32.28)
 linux-2.6: released (2.6.32-30)
-2.6.26-lenny-security: pending (2.6.26-26lenny2) [bugfix/all/CVE-2010-4526]
+2.6.26-lenny-security: released (2.6.26-26lenny2) [bugfix/all/CVE-2010-4526]
 2.6.32-squeeze-security: released (2.6.32-30)

Modified: active/CVE-2010-4527
===================================================================
--- active/CVE-2010-4527	2011-01-28 14:50:14 UTC (rev 2176)
+++ active/CVE-2010-4527	2011-01-30 11:26:46 UTC (rev 2177)
@@ -6,5 +6,5 @@
 upstream: released (2.6.37) [d81a12bc29ae4038770e05dce4ab7f26fd5880fb]
 2.6.32-upstream-stable: released (2.6.32.28)
 linux-2.6: released (2.6.32-30)
-2.6.26-lenny-security: pending (2.6.26-26lenny2) [bugfix/all/CVE-2010-4527.patch]
+2.6.26-lenny-security: released (2.6.26-26lenny2) [bugfix/all/CVE-2010-4527.patch]
 2.6.32-squeeze-security: released (2.6.32-30)

Modified: active/CVE-2010-4529
===================================================================
--- active/CVE-2010-4529	2011-01-28 14:50:14 UTC (rev 2176)
+++ active/CVE-2010-4529	2011-01-30 11:26:46 UTC (rev 2177)
@@ -7,5 +7,5 @@
 upstream: released (2.6.37) [fdac1e0697356ac212259f2147aa60c72e334861]
 2.6.32-upstream-stable: needed "davem has it queued for stable"
 linux-2.6: released (2.6.32-30) [bugfix/all/irda-prevent-integer-underflow-in-IRLMP_ENUMDEVICES.patch]
-2.6.26-lenny-security: pending (2.6.26-26lenny2) [bugfix/all/irda-prevent-integer-underflow-in-IRLMP_ENUMDEVICES.patch]
+2.6.26-lenny-security: released (2.6.26-26lenny2) [bugfix/all/irda-prevent-integer-underflow-in-IRLMP_ENUMDEVICES.patch]
 2.6.32-squeeze-security: released (2.6.32-30) [bugfix/all/irda-prevent-integer-underflow-in-IRLMP_ENUMDEVICES.patch]

Modified: active/CVE-2010-4565
===================================================================
--- active/CVE-2010-4565	2011-01-28 14:50:14 UTC (rev 2176)
+++ active/CVE-2010-4565	2011-01-30 11:26:46 UTC (rev 2177)
@@ -6,5 +6,5 @@
 upstream: released (2.6.37) [9f260e0efa4766e56d0ac14f1aeea6ee5eb8fe83]
 2.6.32-upstream-stable: needed "stable@ was CCed]
 linux-2.6: needed
-2.6.26-lenny-security: pending (2.6.26-26lenny2) [bugfix/all/can-use-inode-instead-of-kernel-address-for-proc-file.patch]
+2.6.26-lenny-security: released (2.6.26-26lenny2) [bugfix/all/can-use-inode-instead-of-kernel-address-for-proc-file.patch]
 2.6.32-squeeze-security: needed

Modified: active/CVE-2010-4649
===================================================================
--- active/CVE-2010-4649	2011-01-28 14:50:14 UTC (rev 2176)
+++ active/CVE-2010-4649	2011-01-30 11:26:46 UTC (rev 2177)
@@ -6,5 +6,5 @@
 upstream: released (2.6.37) [7182afea8d1afd432a17c18162cc3fd441d0da93]
 2.6.32-upstream-stable: released (2.6.32.28)
 linux-2.6: released (2.6.32-30)
-2.6.26-lenny-security: pending (2.6.26-26lenny2) [bugfix/all/ib-uverbs-handle-large-number-of-entries-in-poll-CQ.patch]
+2.6.26-lenny-security: released (2.6.26-26lenny2) [bugfix/all/ib-uverbs-handle-large-number-of-entries-in-poll-CQ.patch]
 2.6.32-squeeze-security: released (2.6.32-30)

Modified: active/CVE-2010-4656
===================================================================
--- active/CVE-2010-4656	2011-01-28 14:50:14 UTC (rev 2176)
+++ active/CVE-2010-4656	2011-01-30 11:26:46 UTC (rev 2177)
@@ -8,5 +8,5 @@
 upstream:
 2.6.32-upstream-stable:
 linux-2.6:
-2.6.26-lenny-security: pending (2.6.26-26lenny2) [bugfix/all/usb-iowarrior-dont-trust-report_size-for-buffer-size.patch]
+2.6.26-lenny-security: released (2.6.26-26lenny2) [bugfix/all/usb-iowarrior-dont-trust-report_size-for-buffer-size.patch]
 2.6.32-squeeze-security:

Modified: active/CVE-2010-4668
===================================================================
--- active/CVE-2010-4668	2011-01-28 14:50:14 UTC (rev 2176)
+++ active/CVE-2010-4668	2011-01-30 11:26:46 UTC (rev 2177)
@@ -8,5 +8,5 @@
 upstream: released (2.6.37) [5478755616ae2ef1ce144dded589b62b2a50d575]
 2.6.32-upstream-stable: released (2.6.32.27)
 linux-2.6: released (2.6.32-29)
-2.6.26-lenny-security: pending (2.6.26-26lenny2) [bugfix/all/block-check-for-proper-length-of-iov-entries-earlier-in-blk_rq_map_user_iov.patch]
+2.6.26-lenny-security: released (2.6.26-26lenny2) [bugfix/all/block-check-for-proper-length-of-iov-entries-earlier-in-blk_rq_map_user_iov.patch]
 2.6.32-squeeze-security: released (2.6.32.27)

Modified: active/CVE-2011-0521
===================================================================
--- active/CVE-2011-0521	2011-01-28 14:50:14 UTC (rev 2176)
+++ active/CVE-2011-0521	2011-01-30 11:26:46 UTC (rev 2177)
@@ -8,5 +8,5 @@
 upstream: released (2.6.38-rc2) [cb26a24ee9706473f31d34cc259f4dcf45cd0644]
 2.6.32-upstream-stable: needed "submitted for 2.6.32.x on 2011-01-28"
 linux-2.6: pending (2.6.32-31) [bugfix/all/av7110-check-for-negative-array-offset.patch]
-2.6.26-lenny-security: pending (2.6.26-26lenny2) [bugfix/all/av7110-check-for-negative-array-offset.patch]
+2.6.26-lenny-security: released (2.6.26-26lenny2) [bugfix/all/av7110-check-for-negative-array-offset.patch]
 2.6.32-squeeze-security: pending (2.6.32-31) [bugfix/all/av7110-check-for-negative-array-offset.patch]

More information about the kernel-sec-discuss mailing list