Hello, all.
Since we have decided to move to a common kernel package for etch, and maybe
work in common with ubuntu on the kernel upto a point, we have now to address
the case of the external modules.
I would strongly favor that we write some kind of policy for the external
modules to follow in o
On Thu, May 12, 2005 at 12:22:46PM +0200, Eduard Bloch wrote:
> severity 290329 grave
> thanks
>
> I tried to install Sarge on a ppc and... it failed! Because at least
> some modules have been missing. Following semi-official hints, I figured
> out that MODULES=dep needs to be set to make it work.
On Thu, May 12, 2005 at 10:50:59AM -0400, Joey Hess wrote:
> Horms wrote:
> > ia64: version in Sarge: 2.6.8-12
> >
> > http://svn.debian.org/wsvn/kernel/trunk/kernel/ia64/kernel-image-2.6.8-ia64-2.6.8/debian/changelog?op=file&rev=0&sc=0
>
> Will -14 will be an ABI change from -12 or not?
>
>
reassign 308855 kernel-source-2.6.8
severity 308855 grave
merge 308855 308724 308634
thanks
Hi Adam,
thanks for reporting this bug. We are already tracking it
as 308724 and 308634 for 2.6.8 and a separate bug for 2.4.27.
A fix is also pending for 2.6.11.
--
Horms
--
To UNSUBSCRIBE, email to
Processing commands for [EMAIL PROTECTED]:
> reassign 308855 kernel-source-2.6.8
Bug#308855: Privilege escalation in ELF core dump (fs/binfmt_elf.c)
Bug reassigned from package `kernel' to `kernel-source-2.6.8'.
> severity 308855 grave
Bug#308855: Privilege escalation in ELF core dump (fs/binfmt_
Heh, for those who might be wondering about this, I assume this is in
response to an email I send broadcom yesterday. I've quoted it here:
From: Andres Salomon <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject:more firmware licensing issues
Date: Wed, 11 May 2005 15:31:53 -0400
H
Below is a response to your case number CS3271 submitted to Broadcom NIC
Technology Support.
Case Title: GPLed driver and binary-only firmware blobs.
Response from Broadcom: I am truly sorry, I pinged our legal team again on the
subject last monday and again today. No words from them yet.
reassign 308855 kernel
thanks
I probably shoud reassign this to the kernel pseudo-package since it
applies to ALL of the kernels..
According to iSec, there is a quick workaround for the problem,
"A hotfix for this vulnerability is to disallow
processes to drop core. This can be accomplishe
Processing commands for [EMAIL PROTECTED]:
> reassign 308855 kernel
Bug#308855: Privilege escalation in ELF core dump (fs/binfmt_elf.c)
Bug reassigned from package `kernel-source-2.6.8' to `kernel'.
> thanks
Stopping processing here.
Please contact me if you need assistance.
Debian bug tracking
Package: kernel-source-2.6.8
Version: 2.6.8-15
Severity: critical
Tags: security patch
>From Secunia advisory http://secunia.com/advisories/15341/
DESCRIPTION:
Paul Starzetz has reported a vulnerability in the Linux kernel, which
can be exploited by malicious, local users to gain escalated
privil
On Thu, 2005-05-12 at 10:50 -0400, Joey Hess wrote:
> Horms wrote:
> > ia64: version in Sarge: 2.6.8-12
> >
> > http://svn.debian.org/wsvn/kernel/trunk/kernel/ia64/kernel-image-2.6.8-ia64-2.6.8/debian/changelog?op=file&rev=0&sc=0
>
> Will -14 will be an ABI change from -12 or not?
Yes, it sh
Processing commands for [EMAIL PROTECTED]:
> reassign 308495 kernel-image-2.6.8-powerpc
Bug#308495: general: pmud does not turn off display
Bug reassigned from package `pmud' to `kernel-image-2.6.8-powerpc'.
> thank you
Stopping processing here.
Please contact me if you need assistance.
Debian
On Thu, May 12, 2005 at 03:08:51PM +0900, Horms wrote:
> Steve Langasek asked me to get in contact with you in regards
> to kernel security updates for sarge. I am happy to report
> that I and other members of the kernel team have been keeping
> the kernel-source for both 2.4.27 and 2.6.8 up to da
On Thu, May 12, 2005 at 10:50:59AM -0400, Joey Hess wrote:
>
> > m68k: version in Sarge: 2.6.8-12
> >
> > http://svn.debian.org/wsvn/kernel/trunk/kernel/m68k/kernel-image-2.6.8-m68k-2.6.8/debian/changelog?op=file&rev=0&sc=0
>
> Since svn has version -1, it's hard to tell. However AFAIK nothi
Horms wrote:
> ia64: version in Sarge: 2.6.8-12
>
> http://svn.debian.org/wsvn/kernel/trunk/kernel/ia64/kernel-image-2.6.8-ia64-2.6.8/debian/changelog?op=file&rev=0&sc=0
Will -14 will be an ABI change from -12 or not?
> m68k: version in Sarge: 2.6.8-12
>
> http://svn.debian.org/wsvn/ker
I have some problems with self-compiled kernels on Compaq Evo N410c
notebook. Debian's kernel-image (I have tried 2.6.8-2-686 and
2.6.11-1-686) package works quite well, but it lacks suspend-to-disk,
which is only option for this specific model of laptop. As I found
different sleep modes very usefu
severity 290329 grave
thanks
I tried to install Sarge on a ppc and... it failed! Because at least
some modules have been missing. Following semi-official hints, I figured
out that MODULES=dep needs to be set to make it work. This has been
confirmed by Sven (see below).
Read: currently, it is a pa
Processing commands for [EMAIL PROTECTED]:
> severity 290329 grave
Bug#290329: initrd-tools: please default to modules=dep, at least on powerpc.
Severity set to `grave'.
> thanks
Stopping processing here.
Please contact me if you need assistance.
Debian bug tracking system administrator
(admini
On Thu, May 12, 2005 at 11:40:47AM +0200, Thiemo Seufer wrote:
> Sven Luther wrote:
> [snip]
> > > > It would make little sense to do separate uploads for them.
> > >
> > > It is nevertheless necessary, according to the security team's historical
> > > policy on security uploads. You can upload w
On Thu, May 12, 2005 at 11:27:33AM +0200, Thiemo Seufer wrote:
> Horms wrote:
> > On Thu, May 12, 2005 at 10:07:06AM +0200, Thiemo Seufer wrote:
> > > Horms wrote:
> > > [snip]
> > > > For reference, these are the architectues that I believe
> > > > the kernel team handles, and the version of the k
On Thu, May 12, 2005 at 02:21:16AM -0700, Steve Langasek wrote:
> On Thu, May 12, 2005 at 11:07:45AM +0200, Thiemo Seufer wrote:
> > Steve Langasek wrote:
> > [snip]
> > > > mips/mipsel has four additional changes which should go in sarge:
> > > > - Fix broken ptrace
> > > > - Fix Cobalt PCI bridge
Sven Luther wrote:
[snip]
> > > It would make little sense to do separate uploads for them.
> >
> > It is nevertheless necessary, according to the security team's historical
> > policy on security uploads. You can upload whatever you want to
> > testing-proposed-updates, *right now*, but it doesn
Steve Langasek wrote:
> On Thu, May 12, 2005 at 11:07:45AM +0200, Thiemo Seufer wrote:
> > Steve Langasek wrote:
> > [snip]
> > > > mips/mipsel has four additional changes which should go in sarge:
> > > > - Fix broken ptrace
> > > > - Fix Cobalt PCI bridge initialisation
> > > > - Work around cras
On Thu, May 12, 2005 at 02:21:16AM -0700, Steve Langasek wrote:
> On Thu, May 12, 2005 at 11:07:45AM +0200, Thiemo Seufer wrote:
> > Steve Langasek wrote:
> > [snip]
> > > > mips/mipsel has four additional changes which should go in sarge:
> > > > - Fix broken ptrace
> > > > - Fix Cobalt PCI bridge
Horms wrote:
> On Thu, May 12, 2005 at 10:07:06AM +0200, Thiemo Seufer wrote:
> > Horms wrote:
> > [snip]
> > > For reference, these are the architectues that I believe
> > > the kernel team handles, and the version of the kernel source
> > > they are using in Sarge:
> > >
> > > Ba
tags 308757 + pending
thanks
On Thu, May 12, 2005 at 09:13:48AM +0200, Moritz Muehlenhoff wrote:
> Package: kernel-source-2.4.27
> Version: unavailable; reported 2005-05-12
> Severity: grave
> Tags: security patch
>
> Paul Starzetz has found another flaw in the Linux kernel that can be exploited
On Thu, May 12, 2005 at 11:07:45AM +0200, Thiemo Seufer wrote:
> Steve Langasek wrote:
> [snip]
> > > mips/mipsel has four additional changes which should go in sarge:
> > > - Fix broken ptrace
> > > - Fix Cobalt PCI bridge initialisation
> > > - Work around crashes on Cobalt under I/O load
> > > -
On Thu, May 12, 2005 at 06:00:15PM +0900, Horms wrote:
> > > > Base kernel source version of package in Sarge
> > > > 2.4.27: alpha kernel-tree-2.4.27-9 (seems to be out of date in
> > > > SVN)
> > > > hppa kernel-tree-2.4.27-8
> > > > i386 kernel
Processing commands for [EMAIL PROTECTED]:
> tags 308757 + pending
Bug#308757: CAN-2005-1263: Linux kernel ELF core dump privilege elevation
Tags were: patch security
Tags added: pending
> thanks
Stopping processing here.
Please contact me if you need assistance.
Debian bug tracking system admi
On Thu, May 12, 2005 at 09:43:01AM +0300, Thibaut VARENE wrote:
> Horms wrote:
> [snip]
> > For reference, these are the architectues that I believe
> > the kernel team handles, and the version of the kernel source
> > they are using in Sarge:
> >
> > Base kernel source version of
Steve Langasek wrote:
[snip]
> > mips/mipsel has four additional changes which should go in sarge:
> > - Fix broken ptrace
> > - Fix Cobalt PCI bridge initialisation
> > - Work around crashes on Cobalt under I/O load
> > - Fix crash on startup on serial-less Cobalts
>
> All of which seem to be out
On Thu, May 12, 2005 at 01:27:55AM -0700, Steve Langasek wrote:
> On Thu, May 12, 2005 at 10:07:06AM +0200, Thiemo Seufer wrote:
> > Horms wrote:
> > [snip]
> > > For reference, these are the architectues that I believe
> > > the kernel team handles, and the version of the kernel source
> > > they
On Thu, May 12, 2005 at 10:07:06AM +0200, Thiemo Seufer wrote:
> Horms wrote:
> [snip]
> > For reference, these are the architectues that I believe
> > the kernel team handles, and the version of the kernel source
> > they are using in Sarge:
> >
> > Base kernel source version of p
Processing commands for [EMAIL PROTECTED]:
> tag 308724 +pending
Bug#308724: CAN-2005-1263: "ELF core dump privilege elevation"
Tags were: security patch
Bug#308760: CAN-2005-1263: Linux kernel ELF core dump privilege elevation
Tags added: pending
> tag 308634 +pending
Bug#308634: kernel-source-2
On Thu, May 12, 2005 at 09:37:47AM +0200, Sven Luther wrote:
> On Thu, May 12, 2005 at 04:04:22PM +0900, Horms wrote:
> > On Thu, May 12, 2005 at 03:08:51PM +0900, Horms wrote:
> > > Hi Martin,
> > >
> > > Steve Langasek asked me to get in contact with you in regards
> > > to kernel security updat
On Thu, May 12, 2005 at 10:07:06AM +0200, Thiemo Seufer wrote:
> Horms wrote:
> [snip]
> > For reference, these are the architectues that I believe
> > the kernel team handles, and the version of the kernel source
> > they are using in Sarge:
> > Base kernel source version of packa
Horms wrote:
[snip]
> For reference, these are the architectues that I believe
> the kernel team handles, and the version of the kernel source
> they are using in Sarge:
>
> Base kernel source version of package in Sarge
> 2.4.27: alpha kernel-tree-2.4.27-9 (seems to be out
tag 308724 +pending
tag 308634 +pending
thanks
The fix for CAN-2005-1263 fix is now in SVN for 2.6.8 and I will add
it to 2.4.27 shortly.
--
Horms
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Horms wrote:
[snip]
> For reference, these are the architectues that I believe
> the kernel team handles, and the version of the kernel source
> they are using in Sarge:
>
> Base kernel source version of package in Sarge
> 2.4.27: alpha kernel-tree-2.4.27-9 (seems to be out
On Thu, May 12, 2005 at 04:04:22PM +0900, Horms wrote:
> On Thu, May 12, 2005 at 03:08:51PM +0900, Horms wrote:
> > Hi Martin,
> >
> > Steve Langasek asked me to get in contact with you in regards
> > to kernel security updates for sarge. I am happy to report
> > that I and other members of the ke
* Horms wrote:
> 2.4.27: alpha kernel-tree-2.4.27-9 (seems to be out of date
>in SVN)
I'm going to upload kernel-image-2.4.27-alpha 2.4.27-9 next weekend,
built against kernel-tree-2.4.27-8, because 2.4.27-8 made it into
testing by mistake.
I'm
On Wed, May 11, 2005 at 07:09:34PM +0200, Eduard Bloch wrote:
> Package: kernel-build-2.6.8-powerpc
> Version: 2.6.8-12
> Severity: grave
>
> Hello,
>
> I tried to understand your packaging scheme and IMO you do it _wrong_.
>
> a) kernel-build-KVERS on other architectures is a package with commo
Package: kernel-source-2.4.27
Version: unavailable; reported 2005-05-12
Severity: grave
Tags: security patch
Paul Starzetz has found another flaw in the Linux kernel that can be exploited
to gain extended local privileges. Please see his detailed advisory at
http://isec.pl/vulnerabilities/isec-002
merge 308724 308634
thanks
On Wed, May 11, 2005 at 07:40:15PM +0300, Samuli Suominen wrote:
> Package: kernel-source-2.6.8
> Severity: grave
> Justification: user security hole
>
>
> A locally exploitable flaw has been found in the Linux ELF binary format
> loader's core dump function that al
On Thu, May 12, 2005 at 03:08:51PM +0900, Horms wrote:
> Hi Martin,
>
> Steve Langasek asked me to get in contact with you in regards
> to kernel security updates for sarge. I am happy to report
> that I and other members of the kernel team have been keeping
> the kernel-source for both 2.4.27 and
45 matches
Mail list logo
