Re: drafting a DSA for 2.6.8
On Fri, 2005-10-07 at 09:49 -0400, micah wrote:
> Hey,
>
> Horms wrote:
> > On Fri, Oct 07, 2005 at 12:21:38AM -0600, dann frazier wrote:
> >
> >>In order to hopefully help kickstart the security update process, I've
> >>drafted some DSA text for our sarge/2.6.8 kernels (attached). Thanks to
> >>Micah, we have CAN IDs assigned for a number of things we just had
> >>marked as security. I tried to map all of the patches to CANs, but
>
> I have approximately 11 more of these pending, I just need help drafting
> the text and finding reference URIs, ping me on IRC if you are available
> to help.
I'm up for helping, but might not have much time till next week. I'm
travelling to the east coast for work, but should have net there. I see
dilinger was setting you up w/ commit access - do you wanna use a file
there to coordinate?
> >>these are the ones remaining. Does anyone know if there is a CAN ID for
> >>any of the following?
> >>
> >>arch-ia64-ptrace-getregs-putregs.dpatch
> Need description and URI for CVE
I looked into this one. This actually isn't a security patch, but this
bug fix is a pre-req for the fix to CAN-2005-1761.
> >>net-bridge-mangle-oops-1.dpatch
> >>net-bridge-mangle-oops-2.dpatch
> According to the 2.6.8-16sarge1 changelog:
> Excluded from security-only release
> * net-bridge-mangle-oops-1.dpatch, net-bridge-mangle-oops-2.dpatch
> Fix oops when mangling and brouting and tcpdumping packets
> Needed for net-bridge-forwarding-poison-1.dpatch
> This meant to me that this is not a security patch and I was not
> tracking this, has this changed?
These patches are still listed in the 2.6.8-16sarge1 series file.
> >>net-bridge-netfilter-etables-smp-race.dpatch
> >
> >
> > CAN-2005-3110 ?
> Yes, CAN-2005-3110 fixed in 2.6.8-16sarge1
Thanks!
> Others that we need CVEs for:
> dannf: CONFIG_PREEMPT on ia64
Let me know how you want me to proceed with this one; should I file a
bug so that we have a reference?
Reply to: