[kernel-sec-discuss] r2481 - active

Dann Frazier dannf at alioth.debian.org
Wed Sep 7 04:58:40 UTC 2011 

Author: dannf
Date: 2011-09-07 04:58:39 +0000 (Wed, 07 Sep 2011)
New Revision: 2481

Modified:
   active/CVE-2011-1020
   active/CVE-2011-1576
   active/CVE-2011-2484
   active/CVE-2011-2491
   active/CVE-2011-2492
   active/CVE-2011-2495
   active/CVE-2011-2496
   active/CVE-2011-2497
   active/CVE-2011-2517
   active/CVE-2011-2525
   active/CVE-2011-2699
   active/CVE-2011-2700
   active/CVE-2011-2723
   active/CVE-2011-2905
   active/CVE-2011-2909
   active/CVE-2011-2918
   active/CVE-2011-2928
   active/CVE-2011-3188
   active/CVE-2011-3191
Log:
2.6.32-35squeeze1 is released (though not yet DSA'd, still missing builds)

Modified: active/CVE-2011-1020
===================================================================
--- active/CVE-2011-1020	2011-09-07 04:58:33 UTC (rev 2480)
+++ active/CVE-2011-1020	2011-09-07 04:58:39 UTC (rev 2481)
@@ -16,4 +16,4 @@
 2.6.32-upstream-stable: needed
 sid: needed 
 2.6.26-lenny-security: pending (2.6.26-26lenny4) [bugfix/all/pagemap-close-races-with-suid-execve.patch, bugfix/all/proc-map-report-errors-sanely.patch, bugfix/all/close-race-in-proc-pid-environ.patch, bugfix/all/auxv-require-the-target-or-self-to-be-traceable.patch]
-2.6.32-squeeze-security: pending (2.6.32-35squeeze1) [bugfix/all/pagemap-close-races-with-suid-execve.patch, bugfix/all/proc-map-report-errors-sanely.patch, bugfix/all/close-race-in-proc-pid-environ.patch, bugfix/all/auxv-require-the-target-or-self-to-be-traceable.patch, bugfix/all/proc-syscall-stack-personality-races.patch]
+2.6.32-squeeze-security: released (2.6.32-35squeeze1) [bugfix/all/pagemap-close-races-with-suid-execve.patch, bugfix/all/proc-map-report-errors-sanely.patch, bugfix/all/close-race-in-proc-pid-environ.patch, bugfix/all/auxv-require-the-target-or-self-to-be-traceable.patch, bugfix/all/proc-syscall-stack-personality-races.patch]

Modified: active/CVE-2011-1576
===================================================================
--- active/CVE-2011-1576	2011-09-07 04:58:33 UTC (rev 2480)
+++ active/CVE-2011-1576	2011-09-07 04:58:39 UTC (rev 2481)
@@ -7,4 +7,4 @@
 2.6.32-upstream-stable: needed
 sid: N/A "This issue does not affect the upstream kernel as the code path in question is no longer reachable due to changes in the VLAN subsystem."
 2.6.26-lenny-security: N/A "code not present"
-2.6.32-squeeze-security: pending (2.6.32-35squeeze1) [bugfix/all/net-fix-memory-leak+corruption-on-VLAN-GRO_DROP.patch]
+2.6.32-squeeze-security: released (2.6.32-35squeeze1) [bugfix/all/net-fix-memory-leak+corruption-on-VLAN-GRO_DROP.patch]

Modified: active/CVE-2011-2484
===================================================================
--- active/CVE-2011-2484	2011-09-07 04:58:33 UTC (rev 2480)
+++ active/CVE-2011-2484	2011-09-07 04:58:39 UTC (rev 2481)
@@ -7,4 +7,4 @@
 2.6.32-upstream-stable: released (2.6.32.43)
 sid: released (2.6.39-3)
 2.6.26-lenny-security: pending (2.6.26-26lenny4) [bugfix/all/taskstats-don-t-allow-duplicate-entries-in-listener-mode.patch]
-2.6.32-squeeze-security: pending (2.6.32-35squeeze1) [bugfix/all/taskstats-don-t-allow-duplicate-entries-in-listener-mode.patch]
+2.6.32-squeeze-security: released (2.6.32-35squeeze1) [bugfix/all/taskstats-don-t-allow-duplicate-entries-in-listener-mode.patch]

Modified: active/CVE-2011-2491
===================================================================
--- active/CVE-2011-2491	2011-09-07 04:58:33 UTC (rev 2480)
+++ active/CVE-2011-2491	2011-09-07 04:58:39 UTC (rev 2481)
@@ -6,4 +6,4 @@
 2.6.32-upstream-stable:
 sid: released (3.0.0-1)
 2.6.26-lenny-security: pending (2.6.26-24lenny4) [bugfix/all/nlm-dont-hang-forever-on-nlm-unlock-requests.patch]
-2.6.32-squeeze-security: pending (2.6.32-35squeeze1) [bugfix/all/nlm-dont-hang-forever-on-nlm-unlock-requests.patch]
+2.6.32-squeeze-security: released (2.6.32-35squeeze1) [bugfix/all/nlm-dont-hang-forever-on-nlm-unlock-requests.patch]

Modified: active/CVE-2011-2492
===================================================================
--- active/CVE-2011-2492	2011-09-07 04:58:33 UTC (rev 2480)
+++ active/CVE-2011-2492	2011-09-07 04:58:39 UTC (rev 2481)
@@ -7,4 +7,4 @@
 2.6.32-upstream-stable: needed
 sid: released (3.0.0-1)
 2.6.26-lenny-security: pending (2.6.26-26lenny4) [bugfix/all/CVE-2011-2492.patch]
-2.6.32-squeeze-security: pending (2.6.32-35squeeze1) [bugfix/all/bluetooth-l2cap-and-rfcomm-fix-1-byte-infoleak-to-userspace.patch]
+2.6.32-squeeze-security: released (2.6.32-35squeeze1) [bugfix/all/bluetooth-l2cap-and-rfcomm-fix-1-byte-infoleak-to-userspace.patch]

Modified: active/CVE-2011-2495
===================================================================
--- active/CVE-2011-2495	2011-09-07 04:58:33 UTC (rev 2480)
+++ active/CVE-2011-2495	2011-09-07 04:58:39 UTC (rev 2481)
@@ -7,4 +7,4 @@
 2.6.32-upstream-stable: released (2.6.32.44)
 sid: released (3.0.0-1) 
 2.6.26-lenny-security: pending (2.6.26-26lenny4) [bugfix/all/proc-restrict-access-to-proc-pid-io.patch]
-2.6.32-squeeze-security: pending (2.6.32-35squeeze1) [bugfix/all/proc-restrict-access-to-proc-pid-io.patch, bugfix/all/proc-fix-a-race-in-do_io_accounting.patch]
+2.6.32-squeeze-security: released (2.6.32-35squeeze1) [bugfix/all/proc-restrict-access-to-proc-pid-io.patch, bugfix/all/proc-fix-a-race-in-do_io_accounting.patch]

Modified: active/CVE-2011-2496
===================================================================
--- active/CVE-2011-2496	2011-09-07 04:58:33 UTC (rev 2480)
+++ active/CVE-2011-2496	2011-09-07 04:58:39 UTC (rev 2481)
@@ -10,4 +10,4 @@
 2.6.32-upstream-stable: needed
 sid: released (2.6.39-1)
 2.6.26-lenny-security: pending (2.6.26-26lenny4) [bugfix/all/mm-avoid-wrapping-vm_pgoff-in-mremap.patch, bugfix/all/vm-fix-vm_pgoff-wrap-in-stack-expansion.patch, bugfix/all/vm-fix-vm_pgoff-wrap-in-upward-expansion.patch]
-2.6.32-squeeze-security: pending (2.6.32-35squeeze1) [bugfix/all/stable/2.6.32.37.patch, bugfix/all/vm-fix-vm_pgoff-wrap-in-stack-expansion.patch, bugfix/all/vm-fix-vm_pgoff-wrap-in-upward-expansion.patch]
+2.6.32-squeeze-security: released (2.6.32-35squeeze1) [bugfix/all/stable/2.6.32.37.patch, bugfix/all/vm-fix-vm_pgoff-wrap-in-stack-expansion.patch, bugfix/all/vm-fix-vm_pgoff-wrap-in-upward-expansion.patch]

Modified: active/CVE-2011-2497
===================================================================
--- active/CVE-2011-2497	2011-09-07 04:58:33 UTC (rev 2480)
+++ active/CVE-2011-2497	2011-09-07 04:58:39 UTC (rev 2481)
@@ -8,4 +8,4 @@
 2.6.32-upstream-stable: needed
 sid: released (2.6.39-3)
 2.6.26-lenny-security: pending (2.6.26-26lenny4) [bugfix/all/bluetooth-prevent-buffer-overflow-in-l2cap-config-request.patch]
-2.6.32-squeeze-security: pending (2.6.32-35squeeze1) [bugfix/all/bluetooth-prevent-buffer-overflow-in-l2cap-config-request.patch]
+2.6.32-squeeze-security: released (2.6.32-35squeeze1) [bugfix/all/bluetooth-prevent-buffer-overflow-in-l2cap-config-request.patch]

Modified: active/CVE-2011-2517
===================================================================
--- active/CVE-2011-2517	2011-09-07 04:58:33 UTC (rev 2480)
+++ active/CVE-2011-2517	2011-09-07 04:58:39 UTC (rev 2481)
@@ -7,4 +7,4 @@
 2.6.32-upstream-stable: needed
 sid: released (2.6.39-3)
 2.6.26-lenny-security: N/A "Introduced in 2.6.29"
-2.6.32-squeeze-security: pending (2.6.32-35squeeze1) [bugfix/all/nl80211-fix-check-for-valid-SSID-size-in-scan-operations.patch, bugfix/all/nl80211-fix-overflow-in-ssid_len.patch]
+2.6.32-squeeze-security: released (2.6.32-35squeeze1) [bugfix/all/nl80211-fix-check-for-valid-SSID-size-in-scan-operations.patch, bugfix/all/nl80211-fix-overflow-in-ssid_len.patch]

Modified: active/CVE-2011-2525
===================================================================
--- active/CVE-2011-2525	2011-09-07 04:58:33 UTC (rev 2480)
+++ active/CVE-2011-2525	2011-09-07 04:58:39 UTC (rev 2481)
@@ -6,4 +6,4 @@
 2.6.32-upstream-stable: needed
 sid: released (2.6.35-1)
 2.6.26-lenny-security: pending (2.6.26-26lenny4) [bugfix/all/net_sched-Fix-qdisc_notify.patch]
-2.6.32-squeeze-security: pending (2.6.32-35squeeze1) [bugfix/all/net_sched-Fix-qdisc_notify.patch]
+2.6.32-squeeze-security: released (2.6.32-35squeeze1) [bugfix/all/net_sched-Fix-qdisc_notify.patch]

Modified: active/CVE-2011-2699
===================================================================
--- active/CVE-2011-2699	2011-09-07 04:58:33 UTC (rev 2480)
+++ active/CVE-2011-2699	2011-09-07 04:58:39 UTC (rev 2481)
@@ -8,5 +8,5 @@
 upstream: released (3.1-rc1) [87c48fa3b4630905f98268dde838ee43626a060c]
 2.6.32-upstream-stable: needed
 sid: released (3.0.0-2) [bugfix/all/stable/3.0.2.patch]
-2.6.26-lenny-security:
+2.6.26-lenny-security: ignored "too intrusive for an oldstable backport"
 2.6.32-squeeze-security: needed

Modified: active/CVE-2011-2700
===================================================================
--- active/CVE-2011-2700	2011-09-07 04:58:33 UTC (rev 2480)
+++ active/CVE-2011-2700	2011-09-07 04:58:39 UTC (rev 2481)
@@ -6,4 +6,4 @@
 2.6.32-upstream-stable: released (2.6.32.44)
 sid: released (3.0.0-1)
 2.6.26-lenny-security: N/A "Driver introduced in 2.6.32"
-2.6.32-squeeze-security: pending (2.6.32-35squeeze1) [bugfix/all/si4713-i2c-avoid-potential-buffer-overflow-on-si4713.patch]
+2.6.32-squeeze-security: released (2.6.32-35squeeze1) [bugfix/all/si4713-i2c-avoid-potential-buffer-overflow-on-si4713.patch]

Modified: active/CVE-2011-2723
===================================================================
--- active/CVE-2011-2723	2011-09-07 04:58:33 UTC (rev 2480)
+++ active/CVE-2011-2723	2011-09-07 04:58:39 UTC (rev 2481)
@@ -6,4 +6,4 @@
 2.6.32-upstream-stable: needed
 sid: released (3.0.0-2) [bugfix/all/stable/3.0.1.patch]
 2.6.26-lenny-security: N/A "Introduced in 2.6.31 with a5b1cf28"
-2.6.32-squeeze-security: pending (2.6.32-35squeeze1) [bugfix/all/gro-only-reset-frag0-when-skb-can-be-pulled.patch]
+2.6.32-squeeze-security: released (2.6.32-35squeeze1) [bugfix/all/gro-only-reset-frag0-when-skb-can-be-pulled.patch]

Modified: active/CVE-2011-2905
===================================================================
--- active/CVE-2011-2905	2011-09-07 04:58:33 UTC (rev 2480)
+++ active/CVE-2011-2905	2011-09-07 04:58:39 UTC (rev 2481)
@@ -6,4 +6,4 @@
 2.6.32-upstream-stable: released (2.6.32.46)
 sid: released (3.0.0-2)
 2.6.26-lenny-security: N/A "perf does not yet exist"
-2.6.32-squeeze-security: pending (2.6.32-35squeeze1) [bugfix/all/perf-do-not-look-at-.-config-for-configuration.patch]
+2.6.32-squeeze-security: released (2.6.32-35squeeze1) [bugfix/all/perf-do-not-look-at-.-config-for-configuration.patch]

Modified: active/CVE-2011-2909
===================================================================
--- active/CVE-2011-2909	2011-09-07 04:58:33 UTC (rev 2480)
+++ active/CVE-2011-2909	2011-09-07 04:58:39 UTC (rev 2481)
@@ -6,4 +6,4 @@
 2.6.32-upstream-stable: released (2.6.32.44)
 sid: released (3.0.0-2) [bugfix/all/stable/3.0.1.patch]
 2.6.26-lenny-security: N/A "Vulnerable code not present"
-2.6.32-squeeze-security: pending (2.6.32-35squeeze1) [bugfix/all/comedi-fix-infoleak-to-userspace.patch]
+2.6.32-squeeze-security: released (2.6.32-35squeeze1) [bugfix/all/comedi-fix-infoleak-to-userspace.patch]

Modified: active/CVE-2011-2918
===================================================================
--- active/CVE-2011-2918	2011-09-07 04:58:33 UTC (rev 2480)
+++ active/CVE-2011-2918	2011-09-07 04:58:39 UTC (rev 2481)
@@ -9,4 +9,4 @@
 2.6.32-upstream-stable: released (2.6.32.44)
 sid: released (3.0.0-2)
 2.6.26-lenny-security: N/A "perf does not yet exist"
-2.6.32-squeeze-security: pending (2.6.32-35squeeze1) [bugfix/all/perf-remove-the-nmi-parameter-from-the-swevent-and-overflow-interface.patch]
+2.6.32-squeeze-security: released (2.6.32-35squeeze1) [bugfix/all/perf-remove-the-nmi-parameter-from-the-swevent-and-overflow-interface.patch]

Modified: active/CVE-2011-2928
===================================================================
--- active/CVE-2011-2928	2011-09-07 04:58:33 UTC (rev 2480)
+++ active/CVE-2011-2928	2011-09-07 04:58:39 UTC (rev 2481)
@@ -7,4 +7,4 @@
 2.6.32-upstream-stable: released (2.6.32.46)
 sid: released (3.0.0-2)
 2.6.26-lenny-security: pending (2.6.26-26lenny4) [bugfix/all/befs-validate-length-of-long-symbolic-links.patch]
-2.6.32-squeeze-security: pending (2.6.32-35squeeze1) [bugfix/all/befs-validate-length-of-long-symbolic-links.patch]
+2.6.32-squeeze-security: released (2.6.32-35squeeze1) [bugfix/all/befs-validate-length-of-long-symbolic-links.patch]

Modified: active/CVE-2011-3188
===================================================================
--- active/CVE-2011-3188	2011-09-07 04:58:33 UTC (rev 2480)
+++ active/CVE-2011-3188	2011-09-07 04:58:39 UTC (rev 2481)
@@ -6,4 +6,4 @@
 2.6.32-upstream-stable: released (2.6.32.45)
 sid: needed
 2.6.26-lenny-security: needed
-2.6.32-squeeze-security: pending (2.6.32-35squeeze1) [bugfix/all/CVE-2011-3188.patch]
+2.6.32-squeeze-security: released (2.6.32-35squeeze1) [bugfix/all/CVE-2011-3188.patch]

Modified: active/CVE-2011-3191
===================================================================
--- active/CVE-2011-3191	2011-09-07 04:58:33 UTC (rev 2480)
+++ active/CVE-2011-3191	2011-09-07 04:58:39 UTC (rev 2481)
@@ -8,4 +8,4 @@
 2.6.32-upstream-stable: needed
 sid: needed
 2.6.26-lenny-security: pending (2.6.26-26lenny4) [bugfix/all/cifs-fix-possible-memory-corruption-in-CIFSFindNext.patch]
-2.6.32-squeeze-security: pending (2.6.32-35squeeze1) [bugfix/all/cifs-fix-possible-memory-corruption-in-CIFSFindNext.patch]
+2.6.32-squeeze-security: released (2.6.32-35squeeze1) [bugfix/all/cifs-fix-possible-memory-corruption-in-CIFSFindNext.patch]

More information about the kernel-sec-discuss mailing list