[kernel] r4844 - patch-tracking
Dann Frazier
dannf at costa.debian.org
Sun Nov 20 01:22:51 UTC 2005
Author: dannf
Date: Sun Nov 20 01:22:50 2005
New Revision: 4844
Added:
patch-tracking/00README
patch-tracking/CVE-2005-2801
- copied, changed from r4839, patch-tracking/fs_ext2_ext3_xattr-sharing.dpatch
patch-tracking/CVE-2005-3257
- copied unchanged from r4839, patch-tracking/plug-names_cache-memleak.dpatch
patch-tracking/CVE-2005-3271
- copied unchanged from r4839, patch-tracking/fs-exec-posix-timers-leak-1.dpatch
patch-tracking/CVE-2005-3272
- copied unchanged from r4839, patch-tracking/net-bridge-forwarding-poison-2.dpatch
patch-tracking/CVE-2005-3273
- copied unchanged from r4839, patch-tracking/net-rose-ndigis-verify.dpatch
patch-tracking/CVE-2005-3274
- copied unchanged from r4839, patch-tracking/net-ipv4-ipvs-conn_tab-race.dpatch
patch-tracking/CVE-2005-3275
- copied, changed from r4839, patch-tracking/netfilter-NAT-memory-corruption.dpatch
patch-tracking/CVE-2005-3276
- copied unchanged from r4839, patch-tracking/sys_get_thread_area-leak.dpatch
Removed:
patch-tracking/174_net-ipv4-netfilter-nat-mem.diff
patch-tracking/178_fs_ext2_ext3_xattr-sharing.diff
patch-tracking/184_arch-x86_64-ia32-ptrace32-oops.diff
patch-tracking/fs-exec-posix-timers-leak-1.dpatch
patch-tracking/fs_ext2_ext3_xattr-sharing.dpatch
patch-tracking/net-bridge-forwarding-poison-2.dpatch
patch-tracking/net-ipv4-ipvs-conn_tab-race.dpatch
patch-tracking/net-rose-ndigis-verify.dpatch
patch-tracking/netfilter-NAT-memory-corruption.dpatch
patch-tracking/plug-names_cache-memleak.dpatch
patch-tracking/setkeys-needs-root.patch
patch-tracking/sys_get_thread_area-leak.dpatch
Modified:
patch-tracking/CAN-2005-2553
patch-tracking/CVE-2005-3181
patch-tracking/ia64-buggy-preempt
patch-tracking/lost-sockfd_put-in-32bit-compat-routing_ioctl
Log:
cleanup redundant issues, use CVE-XXXX-XXXX for the filename, if available, add 00README, and other assorted cleanups
Added: patch-tracking/00README
==============================================================================
--- (empty file)
+++ patch-tracking/00README Sun Nov 20 01:22:50 2005
@@ -0,0 +1,21 @@
+This directory serves as a mechanism for tracking the status of issues
+across multiple kernel revisions. Today it is primarily used for
+security issues. Each issue is described in an rfc-822 style format.
+
+New issues
+----------
+To start tracking a new issue, svn copy 00boilerplate to a file with
+a name that concisely identifies the issue. If a CVE ID has been
+assigned, use the CVE ID as the filename. Take a look at 00example
+to see the valid values for each of the fields.
+
+Tracking new trees
+------------------
+Run the sync-pkg-list tool to automatically add fields for each of
+the currently maintained kernels (those listed in 00pkglist):
+ $ ./scripts/sync-pkg-list -p 00pkglist ia64-buggy-preempt > tmp
+ $ mv tmp ia64-buggy-preempt
+
+CVE assignments
+---------------
+If a CVE is later assigned to an issue, svn mv that file to the CVD ID.
Modified: patch-tracking/CAN-2005-2553
==============================================================================
--- patch-tracking/CAN-2005-2553 (original)
+++ patch-tracking/CAN-2005-2553 Sun Nov 20 01:22:50 2005
@@ -1,12 +1,6 @@
Candidate: CAN-2005-2553
References:
- URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2553
- Final-Decision:
- Interim-Decision:
- Modified:
- Proposed:
- Assigned: 20050812
- Category: SF
+ URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2553
CONFIRM:http://lkml.org/lkml/2005/1/5/245
CONFIRM:http://linux.bkbits.net:8080/linux-2.4/cset@41dd3455GwQPufrGvBJjcUOXQa3WXA
Description:
@@ -15,13 +9,14 @@
another function, which allows local users to cause a denial of
service (kernel crash/oops) by running a 32-bit ltrace program with
the -i option on a 64-bit executable program.
+Bugs:
upstream: released (2.4.29)
2.6.13: N/A
2.6.12: N/A
2.6.8-sarge: N/A
2.6.8-sarge-security: N/A
2.4.27-sid/sarge: pending [184_arch-x86_64-ia32-ptrace32-oops.diff]
-2.4.27-sarge-security: pending [184_arch-x86_64-ia32-ptrace32-oops.diff]
+2.4.27-sarge-security: released (2.4.27-10sarge1) [184_arch-x86_64-ia32-ptrace32-oops.diff]
2.6.14:
2.6.8:
2.4.19-woody-security:
Copied: patch-tracking/CVE-2005-2801 (from r4839, patch-tracking/fs_ext2_ext3_xattr-sharing.dpatch)
==============================================================================
--- patch-tracking/fs_ext2_ext3_xattr-sharing.dpatch (original)
+++ patch-tracking/CVE-2005-2801 Sun Nov 20 01:22:50 2005
@@ -15,8 +15,8 @@
upstream: released (2.6.11)
2.6.13:
2.6.12:
-2.6.8-sarge-security: released (2.6.8-16-sarge1)
-2.4.27-sarge-security: released (2.4.27-10sarge1)
+2.6.8-sarge-security: released (2.6.8-16-sarge1) [fs_ext2_ext3_xattr-sharing.dpatch]
+2.4.27-sarge-security: released (2.4.27-10sarge1) [178_fs_ext2_ext3_xattr-sharing.diff]
2.6.14:
2.6.8:
2.4.19-woody-security:
Modified: patch-tracking/CVE-2005-3181
==============================================================================
--- patch-tracking/CVE-2005-3181 (original)
+++ patch-tracking/CVE-2005-3181 Sun Nov 20 01:22:50 2005
@@ -1,7 +1,6 @@
Candidate: CAN-2005-3181
References:
URL: http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CAN-2005-3181
- Reference:
CONFIRM: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=829841146878e082613a49581ae252c071057c23
Description:
Linux kernel before 2.6.13.4, when CONFIG_AUDITSYSCALL is enabled, uses an
Copied: patch-tracking/CVE-2005-3275 (from r4839, patch-tracking/netfilter-NAT-memory-corruption.dpatch)
==============================================================================
--- patch-tracking/netfilter-NAT-memory-corruption.dpatch (original)
+++ patch-tracking/CVE-2005-3275 Sun Nov 20 01:22:50 2005
@@ -13,8 +13,8 @@
upstream: released (2.6.12.3)
2.6.13:
2.6.12:
-2.6.8-sarge-security: released (2.6.8-16sarge1)
-2.4.27-sarge-security: pending (2.4.27-10sarge1)
+2.6.8-sarge-security: released (2.6.8-16sarge1) [netfilter-NAT-memory-corruption.dpatch]
+2.4.27-sarge-security: released (2.4.27-10sarge1) [174_net-ipv4-netfilter-nat-mem.diff]
2.6.14:
2.6.8:
2.4.19-woody-security:
Modified: patch-tracking/ia64-buggy-preempt
==============================================================================
--- patch-tracking/ia64-buggy-preempt (original)
+++ patch-tracking/ia64-buggy-preempt Sun Nov 20 01:22:50 2005
@@ -2,7 +2,7 @@
References:
Description:
2.6.8 ia64 kernel w/ PREEMPT enabled permits local DoS (oops)
-Notes:
+Notes:
From: dann frazier <dannf at dannf.org>
To: team at security.debian.org
Subject: kernel-image-2.6.8-ia64 - disable preempt
Modified: patch-tracking/lost-sockfd_put-in-32bit-compat-routing_ioctl
==============================================================================
--- patch-tracking/lost-sockfd_put-in-32bit-compat-routing_ioctl (original)
+++ patch-tracking/lost-sockfd_put-in-32bit-compat-routing_ioctl Sun Nov 20 01:22:50 2005
@@ -1,4 +1,4 @@
-Candidate: neeeded
+Candidate: needed
References:
Description: lost sockfd_put() in routing_ioctl(); local DoS
Notes:
More information about the Kernel-svn-changes
mailing list