On Wed, Aug 31, 2005 at 06:24:32PM +0900, Horms wrote: > Hi, > > I have put 2.6.12.6 into the 2.6.12 tree in SVN (currently > dists/sid/kernel/linux-2.6) and manually merged the changes into the > 2.6.8 sarge tree in SVN (currently > dists/sarge/kernel/source/kernel-source-2.6.8) I will look into which > parts are applicable to 2.4.27, but this will probably not be today. > > Below is a summary of the changes. The ones that I think are security > bugs are labeld Maybe both in this list and in the changlog in SVN. > Feedback on if we think these are security bugs, and CAN numbers, > please.
Here is an updated version of the list I published yesterday, mainly annotating 2.4.27 and sarge-security fixes. -- Horms SOURCE: 2.6.12.6 PATCH: ipsec-socket-policy-use-cap.patch SECURITY: Yes - CAN-2005-2555 2.6.8-sarge: Applied as net-sockglue-cap.dpatch 2.6.8-sarge-security: Applied as net-sockglue-cap.dpatch 2.6.12-sid: Applied 2.4.27-trunk: Applied as 185_net-sockglue-cap.diff 2.4.27-sarge-security: Applied as 185_net-sockglue-cap.diff URL: http://www.kernel.org/git/?p=linux/kernel/git/chrisw/stable-queue.git;a=blob;h=929a1a4ec9623c7e48ce6c3f2f85e39c0f41a700;hb=9c5fcb99af7c157be45e9d53aeb857ded5211fcd;f=2.6.12.6/ipsec-socket-policy-use-cap.patch SOURCE: 2.6.12.6 PATCH: nptl-signal-delivery-deadlock-fix.patch SECURITY: Maybe - seems like a local DoS 2.6.8-sarge: Applied 2.6.8-sarge-security: Will add iff classified as security 2.6.12-sid: Applied 2.4.27-trunk: Will add if classified as security URL: http://www.kernel.org/git/?p=linux/kernel/git/chrisw/stable-queue.git;a=blob;h=f6cc7e101c49f356e4c4df5cca1ff352a0f01dd5;hb=9c5fcb99af7c157be45e9d53aeb857ded5211fcd;f=2.6.12.6/nptl-signal-delivery-deadlock-fix.patch SOURCE: 2.6.12.6 PATCH: zlib-revert-broken-change.patch SECURITY: Yes - Part of CAN-2005-2458 (revert) 2.6.8-sarge: Applied 2.6.8-sarge-security: Applied 2.6.12-sid: Applied 2.4.27-trunk: Applied as part of 186_linux-zlib-fixes-2.diff 2.4.27-sarge-security: Applied as zlib-revert-broken-change.patch URL: http://www.kernel.org/git/?p=linux/kernel/git/chrisw/stable-queue.git;a=blob;h=5c7eb14921a1111a50938a98f17dd22fbca13a40;hb=9c5fcb99af7c157be45e9d53aeb857ded5211fcd;f=2.6.12.6/zlib-revert-broken-change.patch SOURCE: 2.6.12.6 PATCH: fix-dst-leak-in-icmp_push_reply.patch SECURITY: Maybe - Can remote traffic trigger this 2.6.8-sarge: Applied 2.6.12-sid: Applied 2.4.27-trunk: Applied as 188_fix-dst-leak-in-icmp_push_reply.diff URL: http://www.kernel.org/git/?p=linux/kernel/git/chrisw/stable-queue.git;a=blob;h=1cf41a8a8db3080c9a9243e77c5c447c8e694f87;hb=9c5fcb99af7c157be45e9d53aeb857ded5211fcd;f=2.6.12.6/fix-dst-leak-in-icmp_push_reply.patch SOURCE: 2.6.12.6 PATCH: genelink-usbnet-skb-typo.patch SECURITY: No - Doesn't seem to be externally trigerable 2.6.8-sarge: Applied 2.6.8-sarge-security: Non-Security, not added 2.6.12-sid: Applied 2.4.27-trunk: Not applicable 2.4.27-sarge-security: Not applicable URL: http://www.kernel.org/git/?p=linux/kernel/git/chrisw/stable-queue.git;a=blob;h=c774c9a6168b33cef4ee56db15f69127997f0f0e;hb=9c5fcb99af7c157be45e9d53aeb857ded5211fcd;f=2.6.12.6/genelink-usbnet-skb-typo.patch SOURCE: 2.6.12.6 PATCH: fix-memory-leak-in-sg.c-seq_file.patch SECURITY: Maybe - Seems like a local DoS 2.6.8-sarge: Applied 2.6.8-sarge-security: Will add if classified as security 2.6.12-sid: Applied 2.4.27-trunk: Not applicable 2.4.27-sarge-security: Not applicable URL: http://www.kernel.org/git/?p=linux/kernel/git/chrisw/stable-queue.git;a=blob;h=74cbe696af3e2d95a7b1e848898a8d9abb0bb2ea;hb=9c5fcb99af7c157be45e9d53aeb857ded5211fcd;f=2.6.12.6/fix-memory-leak-in-sg.c-seq_file.patch SOURCE: 2.6.12.6 PATCH: ipv6-skb-leak.patch SECURITY: Maybe - Seems like a local DoS 2.6.8-sarge: Applied 2.6.8-sarge-security: Will add if classified as security 2.6.12-sid: Applied 2.4.27-trunk: Applied as 189_ipv6-skb-leak.diff 2.4.27-trunk: Will add if classified as security URL: http://www.kernel.org/git/?p=linux/kernel/git/chrisw/stable-queue.git;a=blob;h=01e3aa130e88a3715b915b6e9f20abc3f6024eb0;hb=9c5fcb99af7c157be45e9d53aeb857ded5211fcd;f=2.6.12.6/ipv6-skb-leak.patch -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
