[kernel-sec-discuss] r2517 - active

Moritz Muehlenhoff jmm at alioth.debian.org
Fri Sep 30 06:12:18 UTC 2011 

Author: jmm
Date: 2011-09-30 06:12:16 +0000 (Fri, 30 Sep 2011)
New Revision: 2517

Modified:
   active/CVE-2011-1020
   active/CVE-2011-2699
Log:
CVE-2011-2699 fix will be removed


Modified: active/CVE-2011-1020
===================================================================
--- active/CVE-2011-1020	2011-09-28 10:41:07 UTC (rev 2516)
+++ active/CVE-2011-1020	2011-09-30 06:12:16 UTC (rev 2517)
@@ -3,17 +3,9 @@
 References:
  https://lkml.org/lkml/2011/2/7/368
 Notes:
- jmm> Apparently these are the upstream commits fixing it:
- jmm> ca6b0bf0e086513b9ee5efc0aa5770ecb57778af
- jmm> ec6fd8a4355cda81cd9f06bebc048e83eb514ac7
- jmm> d6f64b89d7ff22ce05896ab4a93a653e8d0b123d
- jmm> 2fadaef41283aad7100fa73f01998cddaca25833
- jmm> a9712bc12c40c172e393f85a9b2ba8db4bf59509
- jmm> We should double-check with Kees (since he discovered it)
- jmm> to make sure we don't miss any
 Bugs:
-upstream: needed
+upstream: released (2.6.39) [ca6b0bf0e086513b9ee5efc0aa5770ecb57778af, ec6fd8a4355cda81cd9f06bebc048e83eb514ac7, d6f64b89d7ff22ce05896ab4a93a653e8d0b123d, 2fadaef41283aad7100fa73f01998cddaca25833, a9712bc12c40c172e393f85a9b2ba8db4bf59509]
 2.6.32-upstream-stable: needed
-sid: needed 
+sid: released (2.6.39-1)
 2.6.26-lenny-security: released (2.6.26-26lenny4) [bugfix/all/pagemap-close-races-with-suid-execve.patch, bugfix/all/proc-map-report-errors-sanely.patch, bugfix/all/close-race-in-proc-pid-environ.patch, bugfix/all/auxv-require-the-target-or-self-to-be-traceable.patch]
 2.6.32-squeeze-security: released (2.6.32-35squeeze1) [bugfix/all/pagemap-close-races-with-suid-execve.patch, bugfix/all/proc-map-report-errors-sanely.patch, bugfix/all/close-race-in-proc-pid-environ.patch, bugfix/all/auxv-require-the-target-or-self-to-be-traceable.patch, bugfix/all/proc-syscall-stack-personality-races.patch]

Modified: active/CVE-2011-2699
===================================================================
--- active/CVE-2011-2699	2011-09-28 10:41:07 UTC (rev 2516)
+++ active/CVE-2011-2699	2011-09-30 06:12:16 UTC (rev 2517)
@@ -5,9 +5,10 @@
 Notes:
  jmm> probably too intrusive for a lenny backport
  dannf> including 2c1409a0, to make the inet_getid changes apply cleanly to .32
+ jmm> Initial fix for 2.6.32 removed, since it led to VM crashes: #643817
 Bugs:
 upstream: released (3.1-rc1) [87c48fa3b4630905f98268dde838ee43626a060c]
 2.6.32-upstream-stable: needed
 sid: released (3.0.0-2) [bugfix/all/stable/3.0.2.patch]
 2.6.26-lenny-security: ignored "too intrusive for an oldstable backport"
-2.6.32-squeeze-security: pending (2.6.32-36) [bugfix/all/ipv6-make-fragment-identifications-less-predictable.patch]
+2.6.32-squeeze-security: needed

More information about the kernel-sec-discuss mailing list