Debian Bug report logs - #321401
CAN-2005-2456: Array index overflow in xfrm code

version graph

Package: linux-2.6; Maintainer for linux-2.6 is Debian Kernel Team <debian-kernel@lists.debian.org>;

Reported by: Moritz Muehlenhoff <jmm@inutil.org>

Date: Fri, 5 Aug 2005 09:33:05 UTC

Severity: important

Tags: patch, security

Fixed in versions linux-2.6/2.6.12-2, kernel-source-2.6.8/2.6.8-16sarge1

Done: Simon Horman <horms@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, security@debian.org, Debian Kernel Team <debian-kernel@lists.debian.org>:
Bug#321401; Package linux-2.6. Full text and rfc822 format available.

Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
New Bug report received and forwarded. Copy sent to security@debian.org, Debian Kernel Team <debian-kernel@lists.debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Moritz Muehlenhoff <jmm@inutil.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: CAN-2005-2456: Array index overflow in xfrm code
Date: Fri, 05 Aug 2005 11:27:26 +0200
Package: linux-2.6
Severity: important
Tags: security patch

An overflow in sock->sk_policy could possibly be exploited as DoS or
potential execution of arbitrary code. Please see
http://www.mail-archive.com/netdev@vger.kernel.org/msg00520.html
for details. A fix has been comitted into the git repo, please see
http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a4f1bac62564049ea4718c4624b0fadc9f597c84

This has been assigned CAN-2005-2456.

Cheers,
        Moritz

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.12-rc5
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)



Information forwarded to debian-bugs-dist@lists.debian.org, Debian Kernel Team <debian-kernel@lists.debian.org>:
Bug#321401; Package linux-2.6. Full text and rfc822 format available.

Acknowledgement sent to Horms <horms@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Kernel Team <debian-kernel@lists.debian.org>. Full text and rfc822 format available.

Message #10 received at 321401@bugs.debian.org (full text, mbox):

From: Horms <horms@debian.org>
To: Moritz Muehlenhoff <jmm@inutil.org>, 321401@bugs.debian.org
Subject: Re: Bug#321401: CAN-2005-2456: Array index overflow in xfrm code
Date: Fri, 5 Aug 2005 18:58:12 +0900
On Fri, Aug 05, 2005 at 11:27:26AM +0200, Moritz Muehlenhoff wrote:
> Package: linux-2.6
> Severity: important
> Tags: security patch
> 
> An overflow in sock->sk_policy could possibly be exploited as DoS or
> potential execution of arbitrary code. Please see
> http://www.mail-archive.com/netdev@vger.kernel.org/msg00520.html
> for details. A fix has been comitted into the git repo, please see
> http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a4f1bac62564049ea4718c4624b0fadc9f597c84
> 
> This has been assigned CAN-2005-2456.

Thanks, for Sarge 2.6.8 appears to be vulnerable,
and 2.4.27 does not. I have applied the patch into
SVN for 2.6.8.

-- 
Horms



Information forwarded to debian-bugs-dist@lists.debian.org, Debian Kernel Team <debian-kernel@lists.debian.org>:
Bug#321401; Package linux-2.6. Full text and rfc822 format available.

Acknowledgement sent to Horms <horms@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Kernel Team <debian-kernel@lists.debian.org>. Full text and rfc822 format available.

Message #15 received at 321401@bugs.debian.org (full text, mbox):

From: Horms <horms@debian.org>
To: Moritz Muehlenhoff <jmm@inutil.org>, 321401@bugs.debian.org
Subject: Re: Bug#321401: CAN-2005-2456: Array index overflow in xfrm code
Date: Tue, 9 Aug 2005 15:03:19 +0900
On Fri, Aug 05, 2005 at 06:58:12PM +0900, Horms wrote:
> On Fri, Aug 05, 2005 at 11:27:26AM +0200, Moritz Muehlenhoff wrote:
> > Package: linux-2.6
> > Severity: important
> > Tags: security patch
> > 
> > An overflow in sock->sk_policy could possibly be exploited as DoS or
> > potential execution of arbitrary code. Please see
> > http://www.mail-archive.com/netdev@vger.kernel.org/msg00520.html
> > for details. A fix has been comitted into the git repo, please see
> > http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a4f1bac62564049ea4718c4624b0fadc9f597c84
> > 
> > This has been assigned CAN-2005-2456.
> 
> Thanks, for Sarge 2.6.8 appears to be vulnerable,
> and 2.4.27 does not. I have applied the patch into
> SVN for 2.6.8.

Correction, 2.4.27 does seem vulnerable, I am fixing it now.

-- 
Horms



Reply sent to Bastian Blank <waldi@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #20 received at 321401-close@bugs.debian.org (full text, mbox):

From: Bastian Blank <waldi@debian.org>
To: 321401-close@bugs.debian.org
Subject: Bug#321401: fixed in linux-2.6 2.6.12-2
Date: Tue, 09 Aug 2005 05:06:08 -0700
Source: linux-2.6
Source-Version: 2.6.12-2

We believe that the bug you reported is fixed in the latest version of
linux-2.6, which is due to be installed in the Debian FTP archive:

kernel-image-2.6-powerpc-smp_2.6.12-2_powerpc.deb
  to pool/main/l/linux-2.6/kernel-image-2.6-powerpc-smp_2.6.12-2_powerpc.deb
kernel-image-2.6-powerpc_2.6.12-2_powerpc.deb
  to pool/main/l/linux-2.6/kernel-image-2.6-powerpc_2.6.12-2_powerpc.deb
kernel-image-2.6-s390_2.6.12-2_s390.deb
  to pool/main/l/linux-2.6/kernel-image-2.6-s390_2.6.12-2_s390.deb
kernel-image-2.6-s390x_2.6.12-2_s390.deb
  to pool/main/l/linux-2.6/kernel-image-2.6-s390x_2.6.12-2_s390.deb
kernel-image-powerpc-smp_2.6.12-2_powerpc.deb
  to pool/main/l/linux-2.6/kernel-image-powerpc-smp_2.6.12-2_powerpc.deb
kernel-image-powerpc_2.6.12-2_powerpc.deb
  to pool/main/l/linux-2.6/kernel-image-powerpc_2.6.12-2_powerpc.deb
linux-2.6_2.6.12-2.diff.gz
  to pool/main/l/linux-2.6/linux-2.6_2.6.12-2.diff.gz
linux-2.6_2.6.12-2.dsc
  to pool/main/l/linux-2.6/linux-2.6_2.6.12-2.dsc
linux-doc-2.6.12_2.6.12-2_all.deb
  to pool/main/l/linux-2.6/linux-doc-2.6.12_2.6.12-2_all.deb
linux-headers-2.6-powerpc-smp_2.6.12-2_powerpc.deb
  to pool/main/l/linux-2.6/linux-headers-2.6-powerpc-smp_2.6.12-2_powerpc.deb
linux-headers-2.6-powerpc_2.6.12-2_powerpc.deb
  to pool/main/l/linux-2.6/linux-headers-2.6-powerpc_2.6.12-2_powerpc.deb
linux-headers-2.6-s390_2.6.12-2_s390.deb
  to pool/main/l/linux-2.6/linux-headers-2.6-s390_2.6.12-2_s390.deb
linux-headers-2.6-s390x_2.6.12-2_s390.deb
  to pool/main/l/linux-2.6/linux-headers-2.6-s390x_2.6.12-2_s390.deb
linux-headers-2.6.12-1-powerpc-smp_2.6.12-2_powerpc.deb
  to pool/main/l/linux-2.6/linux-headers-2.6.12-1-powerpc-smp_2.6.12-2_powerpc.deb
linux-headers-2.6.12-1-powerpc_2.6.12-2_powerpc.deb
  to pool/main/l/linux-2.6/linux-headers-2.6.12-1-powerpc_2.6.12-2_powerpc.deb
linux-headers-2.6.12-1-s390_2.6.12-2_s390.deb
  to pool/main/l/linux-2.6/linux-headers-2.6.12-1-s390_2.6.12-2_s390.deb
linux-headers-2.6.12-1-s390x_2.6.12-2_s390.deb
  to pool/main/l/linux-2.6/linux-headers-2.6.12-1-s390x_2.6.12-2_s390.deb
linux-headers-2.6.12-1_2.6.12-2_powerpc.deb
  to pool/main/l/linux-2.6/linux-headers-2.6.12-1_2.6.12-2_powerpc.deb
linux-headers-2.6.12-1_2.6.12-2_s390.deb
  to pool/main/l/linux-2.6/linux-headers-2.6.12-1_2.6.12-2_s390.deb
linux-image-2.6-powerpc-smp_2.6.12-2_powerpc.deb
  to pool/main/l/linux-2.6/linux-image-2.6-powerpc-smp_2.6.12-2_powerpc.deb
linux-image-2.6-powerpc_2.6.12-2_powerpc.deb
  to pool/main/l/linux-2.6/linux-image-2.6-powerpc_2.6.12-2_powerpc.deb
linux-image-2.6-s390_2.6.12-2_s390.deb
  to pool/main/l/linux-2.6/linux-image-2.6-s390_2.6.12-2_s390.deb
linux-image-2.6-s390x_2.6.12-2_s390.deb
  to pool/main/l/linux-2.6/linux-image-2.6-s390x_2.6.12-2_s390.deb
linux-image-2.6.12-1-powerpc-smp_2.6.12-2_powerpc.deb
  to pool/main/l/linux-2.6/linux-image-2.6.12-1-powerpc-smp_2.6.12-2_powerpc.deb
linux-image-2.6.12-1-powerpc_2.6.12-2_powerpc.deb
  to pool/main/l/linux-2.6/linux-image-2.6.12-1-powerpc_2.6.12-2_powerpc.deb
linux-image-2.6.12-1-s390_2.6.12-2_s390.deb
  to pool/main/l/linux-2.6/linux-image-2.6.12-1-s390_2.6.12-2_s390.deb
linux-image-2.6.12-1-s390x_2.6.12-2_s390.deb
  to pool/main/l/linux-2.6/linux-image-2.6.12-1-s390x_2.6.12-2_s390.deb
linux-image-powerpc-smp_2.6.12-2_powerpc.deb
  to pool/main/l/linux-2.6/linux-image-powerpc-smp_2.6.12-2_powerpc.deb
linux-image-powerpc_2.6.12-2_powerpc.deb
  to pool/main/l/linux-2.6/linux-image-powerpc_2.6.12-2_powerpc.deb
linux-image-s390_2.6.12-2_s390.deb
  to pool/main/l/linux-2.6/linux-image-s390_2.6.12-2_s390.deb
linux-image-s390x_2.6.12-2_s390.deb
  to pool/main/l/linux-2.6/linux-image-s390x_2.6.12-2_s390.deb
linux-patch-debian-2.6.12_2.6.12-2_all.deb
  to pool/main/l/linux-2.6/linux-patch-debian-2.6.12_2.6.12-2_all.deb
linux-source-2.6.12_2.6.12-2_all.deb
  to pool/main/l/linux-2.6/linux-source-2.6.12_2.6.12-2_all.deb
linux-tree-2.6.12_2.6.12-2_all.deb
  to pool/main/l/linux-2.6/linux-tree-2.6.12_2.6.12-2_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 321401@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Bastian Blank <waldi@debian.org> (supplier of updated linux-2.6 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Tue, 09 Aug 2005 11:12:40 +0200
Source: linux-2.6
Binary: linux-image-sun3 linux-headers-2.6.12-1-s390x linux-image-2.6-footbridge linux-image-2.6-amd64-generic kernel-image-2.6-686-smp linux-headers-2.6.12-1-amd64-generic linux-headers-2.6-atari kernel-image-2.6-386 linux-headers-2.6-s390 linux-image-2.6.12-1-rpc linux-image-2.6.12-1-mvme147 linux-image-mvme16x linux-image-2.6.12-1-sparc64 linux-headers-2.6.12-1-powerpc-smp linux-image-itanium linux-image-2.6-amd64-k8-smp linux-image-2.6.12-1-mckinley-smp linux-image-2.6-rpc linux-image-2.6-s390 linux-image-q40 linux-headers-2.6.12-1 linux-headers-2.6-sparc64-smp linux-headers-2.6-mvme147 linux-image-2.6.12-1-bvme6000 linux-image-footbridge linux-headers-2.6-686-smp linux-image-atari linux-image-2.6.12-1-mckinley linux-image-2.6-q40 kernel-image-2.6-k7-smp linux-image-2.6.12-1-powerpc linux-headers-2.6.12-1-itanium-smp linux-image-s390 linux-headers-2.6.12-1-s390 linux-headers-2.6.12-1-k7-smp linux-image-2.6-itanium linux-headers-2.6.12-1-amd64-k8-smp linux-image-amd64-k8-smp linux-image-2.6.12-1-itanium linux-headers-2.6.12-1-386 linux-headers-2.6-amd64-generic linux-image-2.6-mckinley-smp linux-image-amiga linux-image-2.6-k7 linux-image-mckinley-smp linux-image-em64t-p4-smp linux-image-2.6-powerpc linux-headers-2.6-s3c2410 linux-image-2.6-hp linux-image-sparc64-smp linux-tree-2.6.12 linux-headers-2.6.12-1-mac linux-headers-2.6.12-1-mckinley-smp linux-image-powerpc-smp linux-headers-2.6-itanium-smp kernel-image-2.6-powerpc kernel-image-2.6-generic linux-headers-2.6-mvme16x linux-image-2.6-alpha-generic linux-headers-2.6-amd64-k8-smp linux-image-2.6-em64t-p4 linux-headers-2.6.12-1-em64t-p4-smp linux-headers-2.6-powerpc linux-image-hp linux-headers-2.6-em64t-p4-smp kernel-image-powerpc-smp linux-headers-2.6-sparc64 linux-image-2.6.12-1-mac linux-headers-2.6-hp linux-headers-2.6.12-1-q40 linux-headers-2.6.12-1-686 linux-headers-2.6.12-1-alpha-smp linux-headers-2.6.12-1-sparc64 linux-headers-2.6.12-1-alpha-generic linux-headers-2.6.12-1-ixp4xx linux-image-2.6.12-1-q40 linux-image-2.6.12-1-em64t-p4 linux-headers-2.6-mac linux-headers-2.6.12-1-mvme16x linux-source-2.6.12 linux-headers-2.6-em64t-p4 linux-headers-2.6-rpc linux-image-2.6-mckinley linux-headers-2.6.12-1-amiga linux-patch-debian-2.6.12 linux-headers-2.6-alpha-generic linux-headers-2.6-bvme6000 kernel-image-2.6-sparc64-smp kernel-image-powerpc linux-headers-2.6-alpha-smp linux-image-bvme6000 linux-image-2.6.12-1-sun3 linux-image-2.6-atari linux-image-s3c2410 linux-headers-2.6-386 linux-image-2.6.12-1-atari linux-headers-2.6-sun3 linux-image-2.6.12-1-386 linux-headers-2.6.12-1-itanium linux-headers-2.6-mckinley-smp linux-image-2.6.12-1-ixp4xx linux-image-k7-smp linux-image-2.6.12-1-alpha-generic linux-doc-2.6.12 linux-image-386 linux-headers-2.6.12-1-sparc64-smp linux-headers-2.6.12-1-sun3 linux-image-mckinley linux-image-2.6-bvme6000 linux-headers-2.6.12-1-k7 linux-image-2.6.12-1-k7-smp linux-image-itanium-smp linux-image-2.6-sparc64-smp linux-headers-2.6-s390x linux-image-2.6.12-1-amiga linux-image-2.6.12-1-powerpc-smp linux-headers-2.6.12-1-footbridge linux-image-2.6-ixp4xx linux-headers-2.6-q40 linux-image-2.6.12-1-s3c2410 linux-headers-2.6.12-1-atari kernel-image-2.6-k7 linux-headers-2.6.12-1-bvme6000 linux-image-2.6.12-1-amd64-k8-smp linux-image-ixp4xx linux-image-rpc linux-image-2.6-mac linux-headers-2.6.12-1-mvme147 linux-image-2.6-s390x kernel-image-2.6-smp linux-image-2.6.12-1-sparc64-smp linux-headers-2.6.12-1-powerpc linux-image-2.6.12-1-686-smp linux-image-alpha-smp linux-image-2.6.12-1-footbridge linux-headers-2.6.12-1-686-smp linux-image-2.6-amd64-k8 linux-headers-2.6-footbridge linux-image-2.6.12-1-686 linux-image-2.6.12-1-mvme16x linux-image-2.6-sparc64 linux-image-amd64-k8 linux-headers-2.6.12-1-mckinley linux-image-2.6.12-1-k7 linux-image-2.6-s3c2410 linux-headers-2.6.12-1-em64t-p4 linux-headers-2.6-k7-smp linux-headers-2.6-mckinley linux-headers-2.6.12-1-rpc linux-image-em64t-p4 linux-image-2.6-686-smp linux-image-2.6.12-1-itanium-smp linux-image-2.6-mvme147 linux-headers-2.6-ixp4xx linux-image-2.6.12-1-amd64-k8 linux-image-mvme147 linux-image-686-smp linux-image-2.6-alpha-smp linux-image-686 linux-image-2.6.12-1-s390x linux-headers-2.6.12-1-s3c2410 linux-headers-2.6-k7 linux-image-k7 linux-image-2.6-powerpc-smp linux-image-alpha-generic linux-image-s390x linux-image-2.6.12-1-alpha-smp linux-headers-2.6-686 linux-image-2.6.12-1-em64t-p4-smp linux-image-2.6-itanium-smp kernel-image-2.6-powerpc-smp linux-image-2.6-amiga linux-image-2.6-mvme16x linux-image-2.6.12-1-amd64-generic linux-headers-2.6.12-1-hp linux-headers-2.6-amiga linux-image-2.6-sun3 kernel-image-2.6-s390x linux-image-powerpc linux-headers-2.6-amd64-k8 linux-image-2.6-386 linux-image-mac kernel-image-2.6-sparc64 linux-image-amd64-generic linux-headers-2.6.12-1-amd64-k8 linux-image-2.6.12-1-hp linux-image-2.6.12-1-s390 linux-image-sparc64 linux-image-2.6-em64t-p4-smp linux-headers-2.6-itanium linux-headers-2.6-powerpc-smp linux-image-2.6-k7-smp linux-image-2.6-686 kernel-image-2.6-s390 kernel-image-2.6-686
Architecture: all powerpc s390 source 
Version: 2.6.12-2
Distribution: unstable
Urgency: low
Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org>
Changed-By: Bastian Blank <waldi@debian.org>
Description: 
 kernel-image-2.6-powerpc - Linux kernel 2.6 image on powerpc-class machines - transition pac
 kernel-image-2.6-powerpc-smp - Linux kernel 2.6 image on powerpc-smp-class machines - transition
 kernel-image-powerpc - Linux kernel image on powerpc-class machines - transition package
 kernel-image-powerpc-smp - Linux kernel image on powerpc-smp-class machines - transition pac
 linux-headers-2.6-powerpc - Architecture-specific header files for Linux kernel 2.6 on powerp
 linux-headers-2.6-powerpc-smp - Architecture-specific header files for Linux kernel 2.6 on powerp
 linux-headers-2.6.12-1 - Common architecture-specific header files for Linux kernel 2.6.12
 linux-headers-2.6.12-1-powerpc - Architecture-specific header files for Linux kernel 2.6.12 on pow
 linux-headers-2.6.12-1-powerpc-smp - Architecture-specific header files for Linux kernel 2.6.12 on pow
 linux-image-2.6-powerpc - Linux kernel 2.6 image on powerpc-class machines
 linux-image-2.6-powerpc-smp - Linux kernel 2.6 image on powerpc-smp-class machines
 linux-image-2.6.12-1-powerpc - Linux kernel 2.6.12 image on powerpc-class machines
 linux-image-2.6.12-1-powerpc-smp - Linux kernel 2.6.12 image on powerpc-smp-class machines
 linux-image-powerpc - Linux kernel image on powerpc-class machines
 linux-image-powerpc-smp - Linux kernel image on powerpc-smp-class machines
Closes: 319646 319657 319896 320422 320817 321401 321625
Changes: 
 linux-2.6 (2.6.12-2) unstable; urgency=low
 .
   * The Kernel Team offers its condolences to the family of Jens Schmalzig
     (jensen@debian), who died Saturday, July 30, 2005 in a tragic accident in
     Munich.  Jens was a member of the Kernel Team, and was instrumental in
     taking the powerpc kernel package to 2.6, as well as maintaining MOL
     and its kernel modules.
 .
   * Add @longclass@ variable to control file autogeneration. (Andres Salomon)
 .
   * Bump build-depends on kernel-package to a fixed version (>= 9.005).
     (Jurij Smakov, Sven Luther) (closes: #319657, #320422, #321625)
 .
   * Change default ramdisk size for sparc to 16,384K to accomodate a fatter
     d-i initrd for netboot installs.
     (Joshua Kwan)
 .
   * Don't build-depend on console-tools on s390. (Bastian Blank)
 .
   * Add ARM support. (Vincent Sanders)
 .
   * Add ia64 descriptions. (dann frazier)
 .
   * Strip down the scripts dir in the headers packages. (Bastian Blank)
 .
   * Add m68k support. (Christian T. Steigies)
 .
   * Added 2.6.12.4 (Frederik Schüler)
     - Fix powernow oops on dual-core athlon
     - Fix early vlan adding leads to not functional device
     - sys_get_thread_area does not clear the returned argument
     - bio_clone fix
     - Fix possible overflow of sock->sk_policy (CAN-2005-2456)
       (closes: #321401)
     - Wait until all references to ip_conntrack_untracked are dropped on
       unload
     - Fix potential memory corruption in NAT code (aka memory NAT)
     - Fix deadlock in ip6_queue
     - Fix signedness issues in net/core/filter.c
     - x86_64 memleak from malicious 32bit elf program
     - rocket.c: Fix ldisc ref count handling
     - kbuild: build TAGS problem with O=
 .
   * Enable CONFIG_6PACK=m for all archs (Andres Salomon)
     (closes: #319646)
 .
   * Overhaul the generation of the control file. Now it is handled
     by debian/bin/gencontrol.py. The debian/control target in rules
     also fails now, since we don't want the control file generated
     during build. Arch-specific Depends and suggests are now generated
     correctly. (Bastian Blank) (Closes: #319896)
 .
   * [powerpc] Fixed typo which made asm-ppc and asm-ppc64 not being included
     in the header package. (Sven Luther) (Closes: #320817)
 .
   * Added list of flavours built to common header package. (Sven Luther)
Files: 
 0ad1a200ce4eb4734e388e249f8d1a2f 5642 base optional linux-image-powerpc_2.6.12-2_powerpc.deb
 150bd730afcff8111d469ce30e2e0d19 5678 devel optional linux-headers-2.6-s390_2.6.12-2_s390.deb
 2516ea613846e61925c4dc32ecf01249 5664 base optional linux-image-2.6-s390x_2.6.12-2_s390.deb
 261059adcd90abcfef7fa7a17c0a1033 14469184 base optional linux-image-2.6.12-1-powerpc_2.6.12-2_powerpc.deb
 28871b61e187ee3771f99f5d88032175 5648 base extra kernel-image-2.6-s390x_2.6.12-2_s390.deb
 30ee370a9b38b64fddce10e4c5a9a3b9 5648 base optional linux-image-s390_2.6.12-2_s390.deb
 348e148165f943f5a1a11c5e9402d0ad 5638 base extra kernel-image-powerpc_2.6.12-2_powerpc.deb
 38c365ae3a59a895d94863bbbf1be941 5654 base extra kernel-image-2.6-powerpc-smp_2.6.12-2_powerpc.deb
 4fb7485d46f12680e45db2f15e5166d4 5648 base optional linux-image-powerpc-smp_2.6.12-2_powerpc.deb
 539c2eea4e0464a13cd710373634a8bc 2791016 devel optional linux-headers-2.6.12-1_2.6.12-2_s390.deb
 577b9464a1fb0efc9118961ebe21b46c 5646 base extra kernel-image-2.6-powerpc_2.6.12-2_powerpc.deb
 59be96cde6190454e618973f2f940468 152370 devel optional linux-patch-debian-2.6.12_2.6.12-2_all.deb
 5b5b622ca697514d57f319f5249dd69e 5650 base extra kernel-image-powerpc-smp_2.6.12-2_powerpc.deb
 6ba6bea3238947e520f6ad71e551f900 14783152 base optional linux-image-2.6.12-1-powerpc-smp_2.6.12-2_powerpc.deb
 762df7bf39265314a23df3fba42eb86c 5662 base optional linux-image-2.6-powerpc-smp_2.6.12-2_powerpc.deb
 77033c243a3629b4b73ee95322a9a1d9 5686 devel optional linux-headers-2.6-s390x_2.6.12-2_s390.deb
 77a9268651cb6f18a3d5c09fbc0a115e 3190992 base optional linux-image-2.6.12-1-s390_2.6.12-2_s390.deb
 7c7665795013d8215593ba641c15566c 3085054 devel optional linux-headers-2.6.12-1_2.6.12-2_powerpc.deb
 889acee4c763dddda86d874257d13b65 271858 devel optional linux-2.6_2.6.12-2.diff.gz
 8ce2dd434335e82b1fc6e0da6c1c6259 5646 base extra kernel-image-2.6-s390_2.6.12-2_s390.deb
 97ae2dfe35012c181f82f4f7a29be56a 5652 base optional linux-image-s390x_2.6.12-2_s390.deb
 97f647f32df48cb47863314dc2f91dcb 6082 devel optional linux-tree-2.6.12_2.6.12-2_all.deb
 a512e6ec7f3d2b8dbe8bd45c244d1e46 5684 devel optional linux-headers-2.6-powerpc-smp_2.6.12-2_powerpc.deb
 aafffbe19b05305788aee2dde7c88dd6 36484616 devel optional linux-source-2.6.12_2.6.12-2_all.deb
 7d567188af5a23608818643144acc4d1 6189 devel optional linux-2.6_2.6.12-2.dsc
 b93757fc13f484b78a31f465e624c72e 277030 devel optional linux-headers-2.6.12-1-powerpc_2.6.12-2_powerpc.deb
 bfbeb584605f8b2463a640ec3d8772fc 5674 devel optional linux-headers-2.6-powerpc_2.6.12-2_powerpc.deb
 c464e9ccef544a642a8c4b2e6bca5c49 3337630 base optional linux-image-2.6.12-1-s390x_2.6.12-2_s390.deb
 cc15ccde04d3a05d818f79d35737456c 143010 devel optional linux-headers-2.6.12-1-s390_2.6.12-2_s390.deb
 cc486c3d70fc2cc04855f1b3e56b2389 5660 base optional linux-image-2.6-s390_2.6.12-2_s390.deb
 d342ae1740c4d74aac88dede5eecb3f5 5654 base optional linux-image-2.6-powerpc_2.6.12-2_powerpc.deb
 d4e61d10170a0d328b84f68b760ad952 277720 devel optional linux-headers-2.6.12-1-powerpc-smp_2.6.12-2_powerpc.deb
 dcba6774825f2a3690bf83e482dc49ea 142930 devel optional linux-headers-2.6.12-1-s390x_2.6.12-2_s390.deb
 fd12af0ffe60d42323657d5eeeae4787 4398708 doc optional linux-doc-2.6.12_2.6.12-2_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iEYEARECAAYFAkL4k3cACgkQLkAIIn9ODhGMNACg7M5Wz7yfNScHQ/X8WSCNq+HO
2MUAnibIqSrxBblgfh7OpfRslI/fYe4h
=hqsL
-----END PGP SIGNATURE-----




Reply sent to Simon Horman <horms@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #25 received at 321401-close@bugs.debian.org (full text, mbox):

From: Simon Horman <horms@debian.org>
To: 321401-close@bugs.debian.org
Subject: Bug#321401: fixed in kernel-source-2.6.8 2.6.8-16sarge1
Date: Wed, 14 Dec 2005 19:47:25 -0800
Source: kernel-source-2.6.8
Source-Version: 2.6.8-16sarge1

We believe that the bug you reported is fixed in the latest version of
kernel-source-2.6.8, which is due to be installed in the Debian FTP archive:

kernel-doc-2.6.8_2.6.8-16sarge1_all.deb
  to pool/main/k/kernel-source-2.6.8/kernel-doc-2.6.8_2.6.8-16sarge1_all.deb
kernel-patch-debian-2.6.8_2.6.8-16sarge1_all.deb
  to pool/main/k/kernel-source-2.6.8/kernel-patch-debian-2.6.8_2.6.8-16sarge1_all.deb
kernel-source-2.6.8_2.6.8-16sarge1.diff.gz
  to pool/main/k/kernel-source-2.6.8/kernel-source-2.6.8_2.6.8-16sarge1.diff.gz
kernel-source-2.6.8_2.6.8-16sarge1.dsc
  to pool/main/k/kernel-source-2.6.8/kernel-source-2.6.8_2.6.8-16sarge1.dsc
kernel-source-2.6.8_2.6.8-16sarge1_all.deb
  to pool/main/k/kernel-source-2.6.8/kernel-source-2.6.8_2.6.8-16sarge1_all.deb
kernel-tree-2.6.8_2.6.8-16sarge1_all.deb
  to pool/main/k/kernel-source-2.6.8/kernel-tree-2.6.8_2.6.8-16sarge1_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 321401@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Simon Horman <horms@debian.org> (supplier of updated kernel-source-2.6.8 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Mon, 15 Aug 2005 18:51:34 +0900
Source: kernel-source-2.6.8
Binary: kernel-source-2.6.8 kernel-doc-2.6.8 kernel-tree-2.6.8 kernel-patch-debian-2.6.8
Architecture: source all
Version: 2.6.8-16sarge1
Distribution: stable-security
Urgency: high
Maintainer: Debian kernel team <debian-kernel@lists.debian.org>
Changed-By: Simon Horman <horms@debian.org>
Description: 
 kernel-doc-2.6.8 - Linux kernel specific documentation for version 2.6.8
 kernel-patch-debian-2.6.8 - Debian patches to Linux 2.6.8
 kernel-source-2.6.8 - Linux kernel source for version 2.6.8 with Debian patches
 kernel-tree-2.6.8 - Linux kernel source tree for building Debian kernel images
Closes: 309308 311357 317286 321401 322237 322339 323059
Changes: 
 kernel-source-2.6.8 (2.6.8-16sarge1) stable-security; urgency=high
 .
   [ Dann Frazier ]
   * mckinley_icache.dpatch:
     [Security] Fix a cache coherency bug unearthed by a new ia64 processor,
     codenamed Montecito.  This bug causes data corruption that has manifested
     itself in kernel hangs and userspace crashes, and causes d-i to fail.
     Reference: http://www.intel.com/cd/ids/developer/asmo-na/eng/215766.htm
     N.B: I have marked this as security as it seems that it would
     be trivial to construct a user-space DoS - Simon Horman.
 .
   [ Simon Horman ]
   # Excluded from security-only release
   # * drivers-net-via-rhine-wol-oops.dpatch (removed):
   #   This patch breaks the via-rhine driver and 2.6.8 and is
   #   completely bogus for this version of the kernel
   #   (closes: #311357)
 .
   * arch-x86_64-kernel-ptrace-boundary-check.dpatch
     [Security, x86_64] Don't allow accesses below register frame in ptrace
     See CAN-2005-1763.
 .
   * arch-x86_64-kernel-ptrace-canonical-rip-1.dpatch
     [Security, x86_64] This works around an AMD Erratum by
     checking if the ptrace RIP is canonical.
     See CAN-2005-1762
 .
   * arch-x86_64-kernel-ptrace-canonical-rip-2.dpatch
     [Security, x86_64] Fix canonical checking for segment registers in ptrace
     See CAN-2005-0756
 .
   * arch-x86_64-kernel-smp-boot-race.dpatch
     [Security, x86_64] Keep interrupts disabled during smp bootup
     This avoids a race that breaks SMP bootup on some machines.
 .
   * arch-x86_64-mm-ioremap-page-lookup.dpatch
     [Security, x86_64] Don't look up struct page pointer of physical address
     in iounmap as it may be in a memory hole not mapped in mem_map and that
     causes the hash lookup to go off to nirvana.
 .
   # Excluded from security-only release
   # * drivers-media-vidio-bttv-vc100xp-detect.dpatch
   #   Allow Leadtek WinFast VC100 XP cards to work.
 .
   * fs-exec-ptrace-core-exec-race.dpatch
     [Security] Fix race between core dumping and exec with shared mm
 .
   * fs-exec-ptrace-deadlock.dpatch
     [Security] Fix coredump_wait deadlock with ptracer & tracee on shared mm
 .
   * fs-exec-posix-timers-leak-1.dpatch,
     [Security] fs-exec-posix-timers-leak-2.dpatch
     Make exec clean up posix timers.
 .
   * fs-hfs-oops-and-leak.dpatch
     [Security] Fix a leak in HFS and HFS+
     Fix an oops that occurs when an attempt is made to
     mount a non-hfs filesystem as HFS+.
     N.B: Marked as security as users may have mount privelages.
 .
   # Excluded from security-only release
   # * fs-jbd-checkpoint-assertion.dpatch
   #   Fix possible false assertion failure in log_do_checkpoint(). We might fail
   #   to detect that we actually made a progress when cleaning up the checkpoint
   #   lists if we don't retry after writing something to disk.
 .
   * mm-mmap-range-test.dpatch
     [Security] Make sure get_unmapped_area sanity tests are done regardless of
     wheater MAP_FIXED is set or not.
     See CAN-2005-1265
 .
   # Excluded from security-only release
   # * mm-rmap-out-of-bounds-pte.dpatch
   #   Stop try_to_unmap_cluster() passing out-of-bounds pte to pte_unmap()
 .
   * net-bridge-netfilter-etables-smp-race.dpatch
     [Security] The patch below fixes an smp race that happens on such
     systems under heavy load.
 .
   Excluded from security-only release
   * net-bridge-mangle-oops-1.dpatch, net-bridge-mangle-oops-2.dpatch
     Fix oops when mangling and brouting and tcpdumping packets
     Needed for net-bridge-forwarding-poison-1.dpatch
 .
   * net-bridge-forwarding-poison-2.dpatch,
     net-bridge-forwarding-poison-2.dpatch:
     [Security] Avoid poisoning of the bridge forwarding table by frames that
     have been dropped by filtering. This prevents spoofed source addresses on
     hostile side of bridge from causing packet leakage, a small but possible
     security risk.
 .
   # Excluded from security-only release
   # * net-ipv4-netfilter-ip_queue-deadlock.dpatch
   #   Fix deadlock with ip_queue and tcp local input path.
 .
   * [Security] net-rose-ndigis-verify.dpatch
     Verify ndigis argument of a new route.
 .
   * sound-usb-usbaudio-unplug-oops.dpatch
     [Security] Prevent oops & dead keyboard on usb unplugging while the device
     is being used.
 .
   * net-ipv4-ipvs-conn_tab-race.dpatch
     [Security] Fix race condition on ip_vs_conn_tab list modification
 .
   # Excluded from security-only release
   # * asm-i386-mem-clobber.dpatch:
   #   Make sure gcc doesn't reorder memory accesses in strncmp and friends on
   #   i386.
 .
   # Excluded from security-only release
   # * drivers-acpi-pci_irq-elcr.dpatch:
   #   Make sure we call acpi_register_gsi() even for default PCI interrupt
   #   assignment. That's the part that keeps track of the ELCR register, and we
   #   want to make sure that the PCI interrupts are properly marked level/low.
 .
   * asm-i386-mem-clobber.dpatch:
     Make sure netlink_autobind() propagates the error return from
     netlink_insert().  Otherwise, callers will not see the error as they
     should and thus try to operate on a socket with a zero pid, which is very
     bad.
 .
   * fs-ext3-64bit-offset.dpatch
     [Security] Incorrect offset checks for ext3 xattr on 64 bit architectures
     an lead to a local DoS.
     See CAN-2005-0757. (see: #311164).
 .
   * arch-x86_64-mm-mmap.dpatch
     [Security, x86_64] Compat mode program can hang kernel
     See CAN-2005-1765.
 .
   * arch-ia64-ptrace-getregs-putregs.dpatch
     [Security, ia64] Fix unchecked user-memory accesses in ptrage_getregs()
     and ptrace_setregs.
 .
   * arch-ia64-ptrace-restore_sigcontext.dpatch
     [Security, ia64] Fix to prevent users from using ptrace to set the pl field
     of the ar.rsc reginster to any value, leading to the
     ability to overwrite kernel memory.
     Note, this patch requires the arch-ia64-ptrace-getregs-putregs.dpatch
     patch to apply cleanly.
     See CAN-2005-1761.
 .
   # Excluded from security-only release
   # * Makefile-gcc-3.3.dpatch, control
   #   Build with gcc-3.3, as gcc-4.0, now the dedault in unstable,
   #   fails to build this source. As this tree is primarily
   #   intended for use with sarge, there seems little point
   #   in putting in gcc-4.0 fixes, but at the same time,
   #   there is some value in being able to use it with unstable.
   #   (Closes: #323059)
 .
   [ dann frazier ]
   * Merge in applicable fixes from 2.6.12.3
      - [Security] ppc32-time_offset-misuse.dpatch
      # Excluded from security-only release - v4l-cx88-hue-offset-fix.dpatch
      # Excluded from security-only release - tty_ldisc_ref-return-null-check.dpatch
 .
   * Merge in applicable fixes from 2.6.12.4
      - [Security] netfilter-NAT-memory-corruption.dpatch
      # Excluded from security-only release - netfilter-deadlock-ip6_queue.dpatch
      - [Security] ipsec-array-overflow.dpatch See CAN-2005-2456
        (See: #321401) (Closes: #321401)
      - [Security] netfilter-ip_conntrack_untracked-refcount.dpatch
      - [Security] sys_get_thread_area-leak.dpatch
      # Excluded from security-only release - rocket_c-fix-ldisc-ref-count.dpatch
      # Excluded from security-only release - early-vlan-fix.dpatch
 .
   [ Simon Horman ]
   * fs_ext2_ext3_xattr-sharing.dpatch
     [Security] Xattr sharing bug
     See http://lists.debian.org/debian-kernel/2005/08/msg00238.html
 .
   * vlan-mii-ioctl.dpatch
     [Security] MII ioctl pass through was passing the wrong device.
     See http://lists.osdl.org/pipermail/bridge/2004-September/000638.html
     See CAN-2005-2548 (Closes: #309308)
 .
   * fs-sysfs-read-write-race.dpatch
     [Security] Fix race in sysfs_read_file() and sysfs_write_file()
     that can lead to a user-space DoS.
     See CAN-2004-2302 (Closes: #322339)
 .
   * net-ipv4-netfilter-ip_recent-last_pkts.dpatch
     [Security] Fixes remote DoS when using ipt_recent on a 64 bit machine.
     (Closes: #322237)
 .
   # Excluded from security-only release
   # * drivers-sata-promise-sataii_tx2_tx4.dpatch
   #   Add SATAII TX2 and TX2/TX4 support to sata promise driver
   #   (Closes: #317286)
 .
   [ Frederik Schüler ]
   * arch-x86_64-mm-ioremap-page-lookup-fix.dpatch
     Add build fix for arch-x86_64-mm-ioremap-page-lookup.dpatch
 .
   [ Simon Horman ]
   * arch-x86_64-kernel-stack-faults.dpatch
     arch-x86_64-nmi.dpatch
     arch-x86_64-private-tss.dpatch
     [Security, x86_64] Disable exception stack for stack faults
     See CAN-2005-1767
 .
   * linux-zlib-fixes.dpatch
     [Security] Fix security bugs in the Linux zlib implementations.
     See CAN-2005-2458, CAN-2005-2459
     From 2.6.12.5
     http://sources.redhat.com/ml/bug-gnu-utils/1999-06/msg00183.html
     http://bugs.gentoo.org/show_bug.cgi?id=94584
 .
   # Excluded from security-only release
   # * zisofs.dpatch
   #   Check input buffer size in zisofs
   #   From 2.6.12.5
 .
   # Excluded from security-only release
   # * module-per-cpu-alignment-fix.dpatch
   #   Module per-cpu alignment cannot always be met
   #  From 2.6.12.5
Files: 
 37a61dc966c032d1529e2c2a524c9cfa 1001 devel optional kernel-source-2.6.8_2.6.8-16sarge1.dsc
 cd72f4d2eb2309a2d77d2ec7a3471c7c 961237 devel optional kernel-source-2.6.8_2.6.8-16sarge1.diff.gz
 309f32838373e76c9b61be0e6c191252 1007230 devel optional kernel-patch-debian-2.6.8_2.6.8-16sarge1_all.deb
 65dca34768d7aa10074845d9b2f20431 34934446 devel optional kernel-source-2.6.8_2.6.8-16sarge1_all.deb
 5b04fd03ede3ae235a03624dc53e2026 32120 devel optional kernel-tree-2.6.8_2.6.8-16sarge1_all.deb
 b7388d2256a4396d2da938a687b3ab9b 6179472 doc optional kernel-doc-2.6.8_2.6.8-16sarge1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDoOUqA8ACPgVBDpcRAswmAKCuyLvQggukJ2gYUkzc/zwzx8/jLwCgnuwK
tCrTzKYPUDtdLwcJpcDYHjg=
=cfl6
-----END PGP SIGNATURE-----




Reply sent to Simon Horman <horms@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #30 received at 321401-close@bugs.debian.org (full text, mbox):

From: Simon Horman <horms@debian.org>
To: 321401-close@bugs.debian.org
Subject: Bug#321401: fixed in kernel-source-2.6.8 2.6.8-16sarge1
Date: Fri, 16 Dec 2005 21:30:24 -0800
Source: kernel-source-2.6.8
Source-Version: 2.6.8-16sarge1

We believe that the bug you reported is fixed in the latest version of
kernel-source-2.6.8, which is due to be installed in the Debian FTP archive:

kernel-doc-2.6.8_2.6.8-16sarge1_all.deb
  to pool/main/k/kernel-source-2.6.8/kernel-doc-2.6.8_2.6.8-16sarge1_all.deb
kernel-patch-debian-2.6.8_2.6.8-16sarge1_all.deb
  to pool/main/k/kernel-source-2.6.8/kernel-patch-debian-2.6.8_2.6.8-16sarge1_all.deb
kernel-source-2.6.8_2.6.8-16sarge1.diff.gz
  to pool/main/k/kernel-source-2.6.8/kernel-source-2.6.8_2.6.8-16sarge1.diff.gz
kernel-source-2.6.8_2.6.8-16sarge1.dsc
  to pool/main/k/kernel-source-2.6.8/kernel-source-2.6.8_2.6.8-16sarge1.dsc
kernel-source-2.6.8_2.6.8-16sarge1_all.deb
  to pool/main/k/kernel-source-2.6.8/kernel-source-2.6.8_2.6.8-16sarge1_all.deb
kernel-tree-2.6.8_2.6.8-16sarge1_all.deb
  to pool/main/k/kernel-source-2.6.8/kernel-tree-2.6.8_2.6.8-16sarge1_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 321401@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Simon Horman <horms@debian.org> (supplier of updated kernel-source-2.6.8 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Mon, 15 Aug 2005 18:51:34 +0900
Source: kernel-source-2.6.8
Binary: kernel-source-2.6.8 kernel-doc-2.6.8 kernel-tree-2.6.8 kernel-patch-debian-2.6.8
Architecture: source all
Version: 2.6.8-16sarge1
Distribution: stable-security
Urgency: high
Maintainer: Debian kernel team <debian-kernel@lists.debian.org>
Changed-By: Simon Horman <horms@debian.org>
Description: 
 kernel-doc-2.6.8 - Linux kernel specific documentation for version 2.6.8
 kernel-patch-debian-2.6.8 - Debian patches to Linux 2.6.8
 kernel-source-2.6.8 - Linux kernel source for version 2.6.8 with Debian patches
 kernel-tree-2.6.8 - Linux kernel source tree for building Debian kernel images
Closes: 309308 311357 317286 321401 322237 322339 323059
Changes: 
 kernel-source-2.6.8 (2.6.8-16sarge1) stable-security; urgency=high
 .
   [ Dann Frazier ]
   * mckinley_icache.dpatch:
     [Security] Fix a cache coherency bug unearthed by a new ia64 processor,
     codenamed Montecito.  This bug causes data corruption that has manifested
     itself in kernel hangs and userspace crashes, and causes d-i to fail.
     Reference: http://www.intel.com/cd/ids/developer/asmo-na/eng/215766.htm
     N.B: I have marked this as security as it seems that it would
     be trivial to construct a user-space DoS - Simon Horman.
 .
   [ Simon Horman ]
   # Excluded from security-only release
   # * drivers-net-via-rhine-wol-oops.dpatch (removed):
   #   This patch breaks the via-rhine driver and 2.6.8 and is
   #   completely bogus for this version of the kernel
   #   (closes: #311357)
 .
   * arch-x86_64-kernel-ptrace-boundary-check.dpatch
     [Security, x86_64] Don't allow accesses below register frame in ptrace
     See CAN-2005-1763.
 .
   * arch-x86_64-kernel-ptrace-canonical-rip-1.dpatch
     [Security, x86_64] This works around an AMD Erratum by
     checking if the ptrace RIP is canonical.
     See CAN-2005-1762
 .
   * arch-x86_64-kernel-ptrace-canonical-rip-2.dpatch
     [Security, x86_64] Fix canonical checking for segment registers in ptrace
     See CAN-2005-0756
 .
   * arch-x86_64-kernel-smp-boot-race.dpatch
     [Security, x86_64] Keep interrupts disabled during smp bootup
     This avoids a race that breaks SMP bootup on some machines.
 .
   * arch-x86_64-mm-ioremap-page-lookup.dpatch
     [Security, x86_64] Don't look up struct page pointer of physical address
     in iounmap as it may be in a memory hole not mapped in mem_map and that
     causes the hash lookup to go off to nirvana.
 .
   # Excluded from security-only release
   # * drivers-media-vidio-bttv-vc100xp-detect.dpatch
   #   Allow Leadtek WinFast VC100 XP cards to work.
 .
   * fs-exec-ptrace-core-exec-race.dpatch
     [Security] Fix race between core dumping and exec with shared mm
 .
   * fs-exec-ptrace-deadlock.dpatch
     [Security] Fix coredump_wait deadlock with ptracer & tracee on shared mm
 .
   * fs-exec-posix-timers-leak-1.dpatch,
     [Security] fs-exec-posix-timers-leak-2.dpatch
     Make exec clean up posix timers.
 .
   * fs-hfs-oops-and-leak.dpatch
     [Security] Fix a leak in HFS and HFS+
     Fix an oops that occurs when an attempt is made to
     mount a non-hfs filesystem as HFS+.
     N.B: Marked as security as users may have mount privelages.
 .
   # Excluded from security-only release
   # * fs-jbd-checkpoint-assertion.dpatch
   #   Fix possible false assertion failure in log_do_checkpoint(). We might fail
   #   to detect that we actually made a progress when cleaning up the checkpoint
   #   lists if we don't retry after writing something to disk.
 .
   * mm-mmap-range-test.dpatch
     [Security] Make sure get_unmapped_area sanity tests are done regardless of
     wheater MAP_FIXED is set or not.
     See CAN-2005-1265
 .
   # Excluded from security-only release
   # * mm-rmap-out-of-bounds-pte.dpatch
   #   Stop try_to_unmap_cluster() passing out-of-bounds pte to pte_unmap()
 .
   * net-bridge-netfilter-etables-smp-race.dpatch
     [Security] The patch below fixes an smp race that happens on such
     systems under heavy load.
 .
   Excluded from security-only release
   * net-bridge-mangle-oops-1.dpatch, net-bridge-mangle-oops-2.dpatch
     Fix oops when mangling and brouting and tcpdumping packets
     Needed for net-bridge-forwarding-poison-1.dpatch
 .
   * net-bridge-forwarding-poison-2.dpatch,
     net-bridge-forwarding-poison-2.dpatch:
     [Security] Avoid poisoning of the bridge forwarding table by frames that
     have been dropped by filtering. This prevents spoofed source addresses on
     hostile side of bridge from causing packet leakage, a small but possible
     security risk.
 .
   # Excluded from security-only release
   # * net-ipv4-netfilter-ip_queue-deadlock.dpatch
   #   Fix deadlock with ip_queue and tcp local input path.
 .
   * [Security] net-rose-ndigis-verify.dpatch
     Verify ndigis argument of a new route.
 .
   * sound-usb-usbaudio-unplug-oops.dpatch
     [Security] Prevent oops & dead keyboard on usb unplugging while the device
     is being used.
 .
   * net-ipv4-ipvs-conn_tab-race.dpatch
     [Security] Fix race condition on ip_vs_conn_tab list modification
 .
   # Excluded from security-only release
   # * asm-i386-mem-clobber.dpatch:
   #   Make sure gcc doesn't reorder memory accesses in strncmp and friends on
   #   i386.
 .
   # Excluded from security-only release
   # * drivers-acpi-pci_irq-elcr.dpatch:
   #   Make sure we call acpi_register_gsi() even for default PCI interrupt
   #   assignment. That's the part that keeps track of the ELCR register, and we
   #   want to make sure that the PCI interrupts are properly marked level/low.
 .
   * asm-i386-mem-clobber.dpatch:
     Make sure netlink_autobind() propagates the error return from
     netlink_insert().  Otherwise, callers will not see the error as they
     should and thus try to operate on a socket with a zero pid, which is very
     bad.
 .
   * fs-ext3-64bit-offset.dpatch
     [Security] Incorrect offset checks for ext3 xattr on 64 bit architectures
     an lead to a local DoS.
     See CAN-2005-0757. (see: #311164).
 .
   * arch-x86_64-mm-mmap.dpatch
     [Security, x86_64] Compat mode program can hang kernel
     See CAN-2005-1765.
 .
   * arch-ia64-ptrace-getregs-putregs.dpatch
     [Security, ia64] Fix unchecked user-memory accesses in ptrage_getregs()
     and ptrace_setregs.
 .
   * arch-ia64-ptrace-restore_sigcontext.dpatch
     [Security, ia64] Fix to prevent users from using ptrace to set the pl field
     of the ar.rsc reginster to any value, leading to the
     ability to overwrite kernel memory.
     Note, this patch requires the arch-ia64-ptrace-getregs-putregs.dpatch
     patch to apply cleanly.
     See CAN-2005-1761.
 .
   # Excluded from security-only release
   # * Makefile-gcc-3.3.dpatch, control
   #   Build with gcc-3.3, as gcc-4.0, now the dedault in unstable,
   #   fails to build this source. As this tree is primarily
   #   intended for use with sarge, there seems little point
   #   in putting in gcc-4.0 fixes, but at the same time,
   #   there is some value in being able to use it with unstable.
   #   (Closes: #323059)
 .
   [ dann frazier ]
   * Merge in applicable fixes from 2.6.12.3
      - [Security] ppc32-time_offset-misuse.dpatch
      # Excluded from security-only release - v4l-cx88-hue-offset-fix.dpatch
      # Excluded from security-only release - tty_ldisc_ref-return-null-check.dpatch
 .
   * Merge in applicable fixes from 2.6.12.4
      - [Security] netfilter-NAT-memory-corruption.dpatch
      # Excluded from security-only release - netfilter-deadlock-ip6_queue.dpatch
      - [Security] ipsec-array-overflow.dpatch See CAN-2005-2456
        (See: #321401) (Closes: #321401)
      - [Security] netfilter-ip_conntrack_untracked-refcount.dpatch
      - [Security] sys_get_thread_area-leak.dpatch
      # Excluded from security-only release - rocket_c-fix-ldisc-ref-count.dpatch
      # Excluded from security-only release - early-vlan-fix.dpatch
 .
   [ Simon Horman ]
   * fs_ext2_ext3_xattr-sharing.dpatch
     [Security] Xattr sharing bug
     See http://lists.debian.org/debian-kernel/2005/08/msg00238.html
 .
   * vlan-mii-ioctl.dpatch
     [Security] MII ioctl pass through was passing the wrong device.
     See http://lists.osdl.org/pipermail/bridge/2004-September/000638.html
     See CAN-2005-2548 (Closes: #309308)
 .
   * fs-sysfs-read-write-race.dpatch
     [Security] Fix race in sysfs_read_file() and sysfs_write_file()
     that can lead to a user-space DoS.
     See CAN-2004-2302 (Closes: #322339)
 .
   * net-ipv4-netfilter-ip_recent-last_pkts.dpatch
     [Security] Fixes remote DoS when using ipt_recent on a 64 bit machine.
     (Closes: #322237)
 .
   # Excluded from security-only release
   # * drivers-sata-promise-sataii_tx2_tx4.dpatch
   #   Add SATAII TX2 and TX2/TX4 support to sata promise driver
   #   (Closes: #317286)
 .
   [ Frederik Schüler ]
   * arch-x86_64-mm-ioremap-page-lookup-fix.dpatch
     Add build fix for arch-x86_64-mm-ioremap-page-lookup.dpatch
 .
   [ Simon Horman ]
   * arch-x86_64-kernel-stack-faults.dpatch
     arch-x86_64-nmi.dpatch
     arch-x86_64-private-tss.dpatch
     [Security, x86_64] Disable exception stack for stack faults
     See CAN-2005-1767
 .
   * linux-zlib-fixes.dpatch
     [Security] Fix security bugs in the Linux zlib implementations.
     See CAN-2005-2458, CAN-2005-2459
     From 2.6.12.5
     http://sources.redhat.com/ml/bug-gnu-utils/1999-06/msg00183.html
     http://bugs.gentoo.org/show_bug.cgi?id=94584
 .
   # Excluded from security-only release
   # * zisofs.dpatch
   #   Check input buffer size in zisofs
   #   From 2.6.12.5
 .
   # Excluded from security-only release
   # * module-per-cpu-alignment-fix.dpatch
   #   Module per-cpu alignment cannot always be met
   #  From 2.6.12.5
Files: 
 37a61dc966c032d1529e2c2a524c9cfa 1001 devel optional kernel-source-2.6.8_2.6.8-16sarge1.dsc
 cd72f4d2eb2309a2d77d2ec7a3471c7c 961237 devel optional kernel-source-2.6.8_2.6.8-16sarge1.diff.gz
 309f32838373e76c9b61be0e6c191252 1007230 devel optional kernel-patch-debian-2.6.8_2.6.8-16sarge1_all.deb
 65dca34768d7aa10074845d9b2f20431 34934446 devel optional kernel-source-2.6.8_2.6.8-16sarge1_all.deb
 5b04fd03ede3ae235a03624dc53e2026 32120 devel optional kernel-tree-2.6.8_2.6.8-16sarge1_all.deb
 b7388d2256a4396d2da938a687b3ab9b 6179472 doc optional kernel-doc-2.6.8_2.6.8-16sarge1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDoOUqA8ACPgVBDpcRAswmAKCuyLvQggukJ2gYUkzc/zwzx8/jLwCgnuwK
tCrTzKYPUDtdLwcJpcDYHjg=
=cfl6
-----END PGP SIGNATURE-----




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 24 Jun 2007 08:15:45 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Thu Apr 17 22:16:20 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.