linux-2.6 records

[maximilian attems <max@stro.at>]

hi,

pheew the linux-2.6 open records are quite huge,
didn't finalize the first review.
in order not to get new vulnerabilities with etch+1/2,
if 2.6.23 would be chosen.

please mark the releavant entry as done.
always added corresponding linux-2.6 commit,
fixed upstream tarball and the debian revision.


CVE-2006-5753
be6aab0e9fa6d3c6d75aa1e38ac972d8b4ee82b8 v2.6.20-rc4
2.6.20-1

CVE-2006-6333
ee28b0da1069ced1688aa9d0b7b378353b988321 v2.6.20-rc2
2.6.20-1

CVE-2007-1353
0878b6667f28772aa7d6b735abff53efc7bf6d91 v2.6.22-rc1
2.6.22-1

CVE-2007-1496
dd16704eba171b32ef0cded3a4f562b33b911066 v2.6.21-rc3
2.6.21-1

CVE-2007-1730
39ebc0276bada8bb70e067cb6d0eb71839c0fb08 v2.6.21-rc6
2.6.21-1

CVE-2007-2480
de34ed91c4ffa4727964a832c46e624dd1495cf5 v2.6.22-rc1
2.6.22-1

CVE-2007-3739
68589bc353037f233fe510ad9ff432338c95db66 v2.6.19-rc6
2.6.20-1 (there was never a .19 in unstable)

CVE-2007-4997
04045f98e0457aba7d4e6736f37eed189c48a5f7 v2.6.23
2.6.23-1

CVE-2007-5500
a3474224e6a01924be40a8255636ea5522c1023a v2.6.24-rc3
2.6.23-2 (not yet uploaded fixed in repo)

CVE-2007-6063
eafe1aa37e6ec2d56f14732b5240c4dd09f0613a v2.6.24-rc4
2.6.23-2 (not yet uploaded fixed in repo)


currently unfixed, pushed them up to stable:
CVE-2007-5904
133672efbc1085f9af990bdc145e1822ea93bcf3 v2.6.24-rc4

CVE-2007-6206
c46f739dd39db3b07ab5deb4e3ec81e1c04a91af v2.6.24-rc4

CVE-2007-3719
most likely
638e13ac37a1a89473415f407cbffc1688a20fe2 v2.6.24-rc1


not a stable canditate as code upstream merged 2.6.24,
will backport fix:
CVE-2007-5938
c4ba9621f4f241f8c4d4f620ad4257af59d21f3e v2.6.24-rc4

-- 
maks