Debian Bug report logs - #311164
CAN-2005-0757: DoS possibility in xattrs handling on 64 bits archs

version graph

Package: kernel-source-2.4.27; Maintainer for kernel-source-2.4.27 is (unknown);

Reported by: Moritz Muehlenhoff <jmm@inutil.org>

Date: Sun, 29 May 2005 14:03:02 UTC

Severity: important

Tags: security

Fixed in versions kernel-source-2.4.27/2.4.27-11, kernel-source-2.4.27/2.4.27-10sarge1

Done: Simon Horman <horms@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian Kernel Team <debian-kernel@lists.debian.org>:
Bug#311164; Package kernel-source-2.4.27. Full text and rfc822 format available.

Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
New Bug report received and forwarded. Copy sent to Debian Kernel Team <debian-kernel@lists.debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Moritz Muehlenhoff <jmm@inutil.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: CAN-2005-0757: DoS possibility in xattrs handling on 64 bits archs
Date: Sun, 29 May 2005 15:46:46 +0200
Package: kernel-source-2.4.27
Severity: important
Tags: security

Quoting from http://rhn.redhat.com/errata/RHSA-2005-294.html:
A flaw in offset handling in the xattr file system code backported to
Red Hat Enterprise Linux 3 was fixed. On 64-bit systems, a user who
can access an ext3 extended-attribute-enabled file system could cause
a denial of service (system crash). This issue is rated as having a
moderate security impact (CAN-2005-0757).

I couldn't find further information on whether this is already fixed
in 2.4.27, do you have further information?

Cheers,
        Moritz

-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.12-rc5
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)



Reply sent to Simon Horman <horms@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #10 received at 311164-close@bugs.debian.org (full text, mbox):

From: Simon Horman <horms@debian.org>
To: 311164-close@bugs.debian.org
Subject: Bug#311164: fixed in kernel-source-2.4.27 2.4.27-11
Date: Tue, 16 Aug 2005 22:32:40 -0700
Source: kernel-source-2.4.27
Source-Version: 2.4.27-11

We believe that the bug you reported is fixed in the latest version of
kernel-source-2.4.27, which is due to be installed in the Debian FTP archive:

kernel-doc-2.4.27_2.4.27-11_all.deb
  to pool/main/k/kernel-source-2.4.27/kernel-doc-2.4.27_2.4.27-11_all.deb
kernel-patch-debian-2.4.27_2.4.27-11_all.deb
  to pool/main/k/kernel-source-2.4.27/kernel-patch-debian-2.4.27_2.4.27-11_all.deb
kernel-source-2.4.27_2.4.27-11.diff.gz
  to pool/main/k/kernel-source-2.4.27/kernel-source-2.4.27_2.4.27-11.diff.gz
kernel-source-2.4.27_2.4.27-11.dsc
  to pool/main/k/kernel-source-2.4.27/kernel-source-2.4.27_2.4.27-11.dsc
kernel-source-2.4.27_2.4.27-11_all.deb
  to pool/main/k/kernel-source-2.4.27/kernel-source-2.4.27_2.4.27-11_all.deb
kernel-tree-2.4.27_2.4.27-11_all.deb
  to pool/main/k/kernel-source-2.4.27/kernel-tree-2.4.27_2.4.27-11_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 311164@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Simon Horman <horms@debian.org> (supplier of updated kernel-source-2.4.27 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Tue, 16 Aug 2005 14:33:45 +0900
Source: kernel-source-2.4.27
Binary: kernel-tree-2.4.27 kernel-source-2.4.27 kernel-patch-debian-2.4.27 kernel-doc-2.4.27
Architecture: source all
Version: 2.4.27-11
Distribution: unstable
Urgency: low
Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org>
Changed-By: Simon Horman <horms@debian.org>
Description: 
 kernel-doc-2.4.27 - Linux kernel specific documentation for version 2.4.27
 kernel-patch-debian-2.4.27 - Debian patches to Linux 2.4.27
 kernel-source-2.4.27 - Linux kernel source for version 2.4.27 with Debian patches
 kernel-tree-2.4.27 - Linux kernel source tree for building Debian kernel images
Closes: 311164 319629 320256 323318
Changes: 
 kernel-source-2.4.27 (2.4.27-11) unstable; urgency=low
 .
   [ Simon Horman ]
   * 167_arch-ia64-x86_64_execve.diff:
      Race condition in the ia32 compatibility code for the execve system call
      See CAN-2005-1768. (closes: #319629).
 .
   * 168_fs_ext3_64bit_offset.diff:
     Incorrect offset checks for ext3 xattr on 64 bit architectures
     can lead to a local DoS.
     See CAN-2005-0757. (closes: #311164).
 .
   * 169_arch-x86_64-kernel-ptrace-canonical-rip-1.dpatch
     [Security, x86_64] This works around an AMD Erratum by
     checking if the ptrace RIP is canonical.
     See CAN-2005-1762
 .
   * 169_arch-x86_64-kernel-ptrace-canonical-rip-2.dpatch
      [Security, x86_64] Fix canonical checking for segment registers in ptrace
      See CAN-2005-0756
 .
   * Makefile-gcc-3.3.dpatch, control
     Build with gcc-3.3, as gcc-4.0, now the dedault in unstable,
     fails to build this source. Upstream has stated that they
     have no intention making the 2.4 kernel compile with gcc-4
     (closes: #320256, #323318)
 .
   * 171_arch-ia64-x86_64-execve-overflow.diff
     [Security, ia64, x86_64] Fix overflow in 32bit execve
     See CAN-2005-1768
 .
   * 172_ppc32-time_offset-misuse.diff
     [ppc32] stop misusing ntps time_offset value
 .
   * 173_tty_ldisc_ref-return-null-check.diff
      tty_ldisc_ref return null check
 .
   * 174_net-ipv4-netfilter-nat-mem.diff
      Fix potential memory corruption in NAT code (aka memory NAT)
 .
   * 175-net-ipv6-netfilter-deadlock.diff
     Fix deadlock in ip6_queue
 .
   * 176_ipsec-array-overflow.diff
     [Security] Fix possible overflow of sock->sk_policy
     See CAN-2005-2456 (See: #321401)
 .
   * 177_rocket_c-fix-ldisc-ref-count.diff
     Fix ldisc ref count handling in rocketport driver
 .
   * 178_fs_ext2_ext3_xattr-sharing.diff
      [Security] Xattr sharing bug
      See http://lists.debian.org/debian-kernel/2005/08/msg00238.html
 .
   * 179_net-ipv4-netfilter-ip_recent-last_pkts.diff
     [Security] Fixes remote DoS when using ipt_recent on a 64 bit machine.
     (See: #322237)
 .
   * 181_arch-x86_64-kernel-stack-faults.diff
     [Security, x86_64] Disable exception stack for stack faults
     See CAN-2005-1767
 .
   * 182_linux-zlib-fixes.diff
     [Security] Fix security bugs in the Linux zlib implementations.
     See CAN-2005-2458, CAN-2005-2459
     From 2.6.12.5
     http://sources.redhat.com/ml/bug-gnu-utils/1999-06/msg00183.html
     http://bugs.gentoo.org/show_bug.cgi?id=94584
 .
   * zisofs.dpatch
     Check input buffer size in zisofs
     From 2.6.12.5
Files: 
 9281af78c1635c2fc173a1b03dae9a3c 888 devel optional kernel-source-2.4.27_2.4.27-11.dsc
 c4c5568392fd7a8a8363f6c49302c8fb 698860 devel optional kernel-source-2.4.27_2.4.27-11.diff.gz
 44cd21034fa465914b5c6161cbf352f8 649888 devel optional kernel-patch-debian-2.4.27_2.4.27-11_all.deb
 2b298cf33cf3b5207a33ca62f482802b 2377560 doc optional kernel-doc-2.4.27_2.4.27-11_all.deb
 c8f39c90e1aa1a3349f7780e2ac72159 31031688 devel optional kernel-source-2.4.27_2.4.27-11_all.deb
 eddf052c0e395d1091ca6f8d60cb5dd7 24254 devel optional kernel-tree-2.4.27_2.4.27-11_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDAYbQdu+M6Iexz7URAmVpAJ4lFoHl07feQLtY3t/1L66I5NVCIwCeMSsd
2LZoevnCkdhHDXTGcYLMIwg=
=REj2
-----END PGP SIGNATURE-----




Reply sent to Simon Horman <horms@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #15 received at 311164-close@bugs.debian.org (full text, mbox):

From: Simon Horman <horms@debian.org>
To: 311164-close@bugs.debian.org
Subject: Bug#311164: fixed in kernel-source-2.4.27 2.4.27-10sarge1
Date: Wed, 14 Dec 2005 19:47:14 -0800
Source: kernel-source-2.4.27
Source-Version: 2.4.27-10sarge1

We believe that the bug you reported is fixed in the latest version of
kernel-source-2.4.27, which is due to be installed in the Debian FTP archive:

kernel-doc-2.4.27_2.4.27-10sarge1_all.deb
  to pool/main/k/kernel-source-2.4.27/kernel-doc-2.4.27_2.4.27-10sarge1_all.deb
kernel-patch-debian-2.4.27_2.4.27-10sarge1_all.deb
  to pool/main/k/kernel-source-2.4.27/kernel-patch-debian-2.4.27_2.4.27-10sarge1_all.deb
kernel-source-2.4.27_2.4.27-10sarge1.diff.gz
  to pool/main/k/kernel-source-2.4.27/kernel-source-2.4.27_2.4.27-10sarge1.diff.gz
kernel-source-2.4.27_2.4.27-10sarge1.dsc
  to pool/main/k/kernel-source-2.4.27/kernel-source-2.4.27_2.4.27-10sarge1.dsc
kernel-source-2.4.27_2.4.27-10sarge1_all.deb
  to pool/main/k/kernel-source-2.4.27/kernel-source-2.4.27_2.4.27-10sarge1_all.deb
kernel-tree-2.4.27_2.4.27-10sarge1_all.deb
  to pool/main/k/kernel-source-2.4.27/kernel-tree-2.4.27_2.4.27-10sarge1_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 311164@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Simon Horman <horms@debian.org> (supplier of updated kernel-source-2.4.27 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Wed, 17 Aug 2005 15:45:20 +0900
Source: kernel-source-2.4.27
Binary: kernel-tree-2.4.27 kernel-source-2.4.27 kernel-patch-debian-2.4.27 kernel-doc-2.4.27
Architecture: source all
Version: 2.4.27-10sarge1
Distribution: stable-security
Urgency: high
Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org>
Changed-By: Simon Horman <horms@debian.org>
Description: 
 kernel-doc-2.4.27 - Linux kernel specific documentation for version 2.4.27
 kernel-patch-debian-2.4.27 - Debian patches to Linux 2.4.27
 kernel-source-2.4.27 - Linux kernel source for version 2.4.27 with Debian patches
 kernel-tree-2.4.27 - Linux kernel source tree for building Debian kernel images
Closes: 311164 319629 320256 323318
Changes: 
 kernel-source-2.4.27 (2.4.27-10sarge1) stable-security; urgency=high
 .
   [ Simon Horman ]
   * 184_arch-x86_64-ia32-ptrace32-oops.diff
     [Security, x86_64] 32 bit ltrace oops when tracing 64 bit executable
     http://lkml.org/lkml/2005/1/5/245
     http://linux.bkbits.net:8080/linux-2.4/cset@41dd3455GwQPufrGvBJjcUOXQa3WXA
 .
   == Patches from  2.4.27-11 ==
 .
   [ Simon Horman ]
   * 167_arch-ia64-x86_64_execve.diff:
      Race condition in the ia32 compatibility code for the execve system call
      See CAN-2005-1768. (closes: #319629).
 .
   * 168_fs_ext3_64bit_offset.diff:
     Incorrect offset checks for ext3 xattr on 64 bit architectures
     can lead to a local DoS.
     See CAN-2005-0757. (closes: #311164).
 .
   * 169_arch-x86_64-kernel-ptrace-canonical-rip-1.dpatch
     [Security, x86_64] This works around an AMD Erratum by
     checking if the ptrace RIP is canonical.
     See CAN-2005-1762
 .
   * 169_arch-x86_64-kernel-ptrace-canonical-rip-2.dpatch
      [Security, x86_64] Fix canonical checking for segment registers in ptrace
      See CAN-2005-0756
 .
   # Excluded from Security Update
   # * Makefile-gcc-3.3.dpatch, control
   #  Build with gcc-3.3, as gcc-4.0, now the dedault in unstable,
   #  fails to build this source. Upstream has stated that they
   #  have no intention making the 2.4 kernel compile with gcc-4
   #  (closes: #320256, #323318)
 .
   * 171_arch-ia64-x86_64-execve-overflow.diff
     [Security, ia64, x86_64] Fix overflow in 32bit execve
     See CAN-2005-1768
 .
   * 172_ppc32-time_offset-misuse.diff
     [ppc32] stop misusing ntps time_offset value
 .
   # Excluded from Security Update
   # * 173_tty_ldisc_ref-return-null-check.diff
   #   tty_ldisc_ref return null check
 .
   * 174_net-ipv4-netfilter-nat-mem.diff
      [Security] Fix potential memory corruption in NAT code (aka memory NAT)
 .
   # Excluded from Security Update
   # * 175-net-ipv6-netfilter-deadlock.diff
   #   Fix deadlock in ip6_queue
 .
   * 176_ipsec-array-overflow.diff
     [Security] Fix possible overflow of sock->sk_policy
     See CAN-2005-2456 (See: #321401)
 .
   # Excluded from Security Update
   # * 177_rocket_c-fix-ldisc-ref-count.diff
   #   Fix ldisc ref count handling in rocketport driver
 .
   * 178_fs_ext2_ext3_xattr-sharing.diff
      [Security] Xattr sharing bug
      See http://lists.debian.org/debian-kernel/2005/08/msg00238.html
 .
   * 179_net-ipv4-netfilter-ip_recent-last_pkts.diff
     [Security] Fixes remote DoS when using ipt_recent on a 64 bit machine.
     (See: #322237)
 .
   * 181_arch-x86_64-kernel-stack-faults.diff
     [Security, x86_64] Disable exception stack for stack faults
     See CAN-2005-1767
 .
   * 182_linux-zlib-fixes.diff
     [Security] Fix security bugs in the Linux zlib implementations.
     See CAN-2005-2458, CAN-2005-2459
     From 2.6.12.5
     http://sources.redhat.com/ml/bug-gnu-utils/1999-06/msg00183.html
     http://bugs.gentoo.org/show_bug.cgi?id=94584
 .
   # Excluded from Security Update
   # * zisofs.dpatch
   #   Check input buffer size in zisofs
   #   From 2.6.12.5
Files: 
 9f709ab218f6a0ce6e5886174f74c8cb 900 devel optional kernel-source-2.4.27_2.4.27-10sarge1.dsc
 3b26bc94e734e3e9c7de8851e9e308b7 699494 devel optional kernel-source-2.4.27_2.4.27-10sarge1.diff.gz
 2cfb0a84539c910e596abba17e7d8d48 650880 devel optional kernel-patch-debian-2.4.27_2.4.27-10sarge1_all.deb
 3a2c82fcc546bee30fb522f28193f3e7 3577464 doc optional kernel-doc-2.4.27_2.4.27-10sarge1_all.deb
 857f97955b1c7d145990f28581731fb7 31026166 devel optional kernel-source-2.4.27_2.4.27-10sarge1_all.deb
 c346db9cb71c6e39328d49318a2f2ed4 24418 devel optional kernel-tree-2.4.27_2.4.27-10sarge1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDoOUFA8ACPgVBDpcRAqNkAJ0aj0eRUgtH4BqaEDsRSbte488iKwCcDi0Z
ccPuxUN3Emt1BqnY/GFzGpU=
=5XAz
-----END PGP SIGNATURE-----




Reply sent to Simon Horman <horms@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #20 received at 311164-close@bugs.debian.org (full text, mbox):

From: Simon Horman <horms@debian.org>
To: 311164-close@bugs.debian.org
Subject: Bug#311164: fixed in kernel-source-2.4.27 2.4.27-10sarge1
Date: Fri, 16 Dec 2005 21:30:23 -0800
Source: kernel-source-2.4.27
Source-Version: 2.4.27-10sarge1

We believe that the bug you reported is fixed in the latest version of
kernel-source-2.4.27, which is due to be installed in the Debian FTP archive:

kernel-doc-2.4.27_2.4.27-10sarge1_all.deb
  to pool/main/k/kernel-source-2.4.27/kernel-doc-2.4.27_2.4.27-10sarge1_all.deb
kernel-patch-debian-2.4.27_2.4.27-10sarge1_all.deb
  to pool/main/k/kernel-source-2.4.27/kernel-patch-debian-2.4.27_2.4.27-10sarge1_all.deb
kernel-source-2.4.27_2.4.27-10sarge1.diff.gz
  to pool/main/k/kernel-source-2.4.27/kernel-source-2.4.27_2.4.27-10sarge1.diff.gz
kernel-source-2.4.27_2.4.27-10sarge1.dsc
  to pool/main/k/kernel-source-2.4.27/kernel-source-2.4.27_2.4.27-10sarge1.dsc
kernel-source-2.4.27_2.4.27-10sarge1_all.deb
  to pool/main/k/kernel-source-2.4.27/kernel-source-2.4.27_2.4.27-10sarge1_all.deb
kernel-tree-2.4.27_2.4.27-10sarge1_all.deb
  to pool/main/k/kernel-source-2.4.27/kernel-tree-2.4.27_2.4.27-10sarge1_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 311164@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Simon Horman <horms@debian.org> (supplier of updated kernel-source-2.4.27 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Wed, 17 Aug 2005 15:45:20 +0900
Source: kernel-source-2.4.27
Binary: kernel-tree-2.4.27 kernel-source-2.4.27 kernel-patch-debian-2.4.27 kernel-doc-2.4.27
Architecture: source all
Version: 2.4.27-10sarge1
Distribution: stable-security
Urgency: high
Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org>
Changed-By: Simon Horman <horms@debian.org>
Description: 
 kernel-doc-2.4.27 - Linux kernel specific documentation for version 2.4.27
 kernel-patch-debian-2.4.27 - Debian patches to Linux 2.4.27
 kernel-source-2.4.27 - Linux kernel source for version 2.4.27 with Debian patches
 kernel-tree-2.4.27 - Linux kernel source tree for building Debian kernel images
Closes: 311164 319629 320256 323318
Changes: 
 kernel-source-2.4.27 (2.4.27-10sarge1) stable-security; urgency=high
 .
   [ Simon Horman ]
   * 184_arch-x86_64-ia32-ptrace32-oops.diff
     [Security, x86_64] 32 bit ltrace oops when tracing 64 bit executable
     http://lkml.org/lkml/2005/1/5/245
     http://linux.bkbits.net:8080/linux-2.4/cset@41dd3455GwQPufrGvBJjcUOXQa3WXA
 .
   == Patches from  2.4.27-11 ==
 .
   [ Simon Horman ]
   * 167_arch-ia64-x86_64_execve.diff:
      Race condition in the ia32 compatibility code for the execve system call
      See CAN-2005-1768. (closes: #319629).
 .
   * 168_fs_ext3_64bit_offset.diff:
     Incorrect offset checks for ext3 xattr on 64 bit architectures
     can lead to a local DoS.
     See CAN-2005-0757. (closes: #311164).
 .
   * 169_arch-x86_64-kernel-ptrace-canonical-rip-1.dpatch
     [Security, x86_64] This works around an AMD Erratum by
     checking if the ptrace RIP is canonical.
     See CAN-2005-1762
 .
   * 169_arch-x86_64-kernel-ptrace-canonical-rip-2.dpatch
      [Security, x86_64] Fix canonical checking for segment registers in ptrace
      See CAN-2005-0756
 .
   # Excluded from Security Update
   # * Makefile-gcc-3.3.dpatch, control
   #  Build with gcc-3.3, as gcc-4.0, now the dedault in unstable,
   #  fails to build this source. Upstream has stated that they
   #  have no intention making the 2.4 kernel compile with gcc-4
   #  (closes: #320256, #323318)
 .
   * 171_arch-ia64-x86_64-execve-overflow.diff
     [Security, ia64, x86_64] Fix overflow in 32bit execve
     See CAN-2005-1768
 .
   * 172_ppc32-time_offset-misuse.diff
     [ppc32] stop misusing ntps time_offset value
 .
   # Excluded from Security Update
   # * 173_tty_ldisc_ref-return-null-check.diff
   #   tty_ldisc_ref return null check
 .
   * 174_net-ipv4-netfilter-nat-mem.diff
      [Security] Fix potential memory corruption in NAT code (aka memory NAT)
 .
   # Excluded from Security Update
   # * 175-net-ipv6-netfilter-deadlock.diff
   #   Fix deadlock in ip6_queue
 .
   * 176_ipsec-array-overflow.diff
     [Security] Fix possible overflow of sock->sk_policy
     See CAN-2005-2456 (See: #321401)
 .
   # Excluded from Security Update
   # * 177_rocket_c-fix-ldisc-ref-count.diff
   #   Fix ldisc ref count handling in rocketport driver
 .
   * 178_fs_ext2_ext3_xattr-sharing.diff
      [Security] Xattr sharing bug
      See http://lists.debian.org/debian-kernel/2005/08/msg00238.html
 .
   * 179_net-ipv4-netfilter-ip_recent-last_pkts.diff
     [Security] Fixes remote DoS when using ipt_recent on a 64 bit machine.
     (See: #322237)
 .
   * 181_arch-x86_64-kernel-stack-faults.diff
     [Security, x86_64] Disable exception stack for stack faults
     See CAN-2005-1767
 .
   * 182_linux-zlib-fixes.diff
     [Security] Fix security bugs in the Linux zlib implementations.
     See CAN-2005-2458, CAN-2005-2459
     From 2.6.12.5
     http://sources.redhat.com/ml/bug-gnu-utils/1999-06/msg00183.html
     http://bugs.gentoo.org/show_bug.cgi?id=94584
 .
   # Excluded from Security Update
   # * zisofs.dpatch
   #   Check input buffer size in zisofs
   #   From 2.6.12.5
Files: 
 9f709ab218f6a0ce6e5886174f74c8cb 900 devel optional kernel-source-2.4.27_2.4.27-10sarge1.dsc
 3b26bc94e734e3e9c7de8851e9e308b7 699494 devel optional kernel-source-2.4.27_2.4.27-10sarge1.diff.gz
 2cfb0a84539c910e596abba17e7d8d48 650880 devel optional kernel-patch-debian-2.4.27_2.4.27-10sarge1_all.deb
 3a2c82fcc546bee30fb522f28193f3e7 3577464 doc optional kernel-doc-2.4.27_2.4.27-10sarge1_all.deb
 857f97955b1c7d145990f28581731fb7 31026166 devel optional kernel-source-2.4.27_2.4.27-10sarge1_all.deb
 c346db9cb71c6e39328d49318a2f2ed4 24418 devel optional kernel-tree-2.4.27_2.4.27-10sarge1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDoOUFA8ACPgVBDpcRAqNkAJ0aj0eRUgtH4BqaEDsRSbte488iKwCcDi0Z
ccPuxUN3Emt1BqnY/GFzGpU=
=5XAz
-----END PGP SIGNATURE-----




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 18 Jun 2007 12:45:17 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Apr 16 13:28:37 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.