[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#301799: kernel-tree-2.6.11: new upstream source available: 2.6.11.6

On Mon, Mar 28, 2005 at 10:10:20AM -0300, Henrique de Moraes Holschuh wrote:
> Package: kernel-tree-2.6.11
> Version: 2.6.11-1
> Severity: grave
> Tags: security
> Justification: user security hole
> 
> As usual.  I feel weird filling what used to be a wishlist-level report as
> grave, but...
> 
> Summary of changes from v2.6.11.5 to v2.6.11.6
> ==============================================
> 
> Chris Wright:
>   o isofs: more defensive checks against corrupt isofs images
>   o Linux 2.6.11.6
> 
> Herbert Xu:
>   o Potential DOS in load_elf_library
> 
> Linus Torvalds:
>   o isofs: Handle corupted rock-ridge info slightly better
>   o isofs: more "corrupted iso image" error cases
> 
> Marcel Holtmann:
>   o Fix signedness problem at socket creation
> 
> Mathieu Lafon:
>   o Suspected information leak (mem pages) in ext2

With the exception of the load_elf_library problem,
which I will check on now, I believe I have patches for
the rest in SVN as neccessary for:

kernel-source-2.6.11:
http://svn.debian.org/wsvn/kernel/trunk/kernel/source/kernel-source-2.6.11-2.6.11/debian/changelog?op=file&rev=0&sc=0

kernel-source-2.6.8:
http://svn.debian.org/wsvn/kernel/trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog?op=file&rev=0&sc=0

kernel-source-2.4.27:
http://svn.debian.org/wsvn/kernel/trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog?op=file&rev=0&sc=0

If you could take a moment to verify this I would be most appreciative.
I have some recent builds that include these patches at
http://debian.vergenet.net/testing/. Though please note, I have
not taken much care with version numbering of the packages.

-- 
Horms
Reply to: