Bug#301799: kernel-tree-2.6.11: new upstream source available: 2.6.11.6
On Mon, Mar 28, 2005 at 10:10:20AM -0300, Henrique de Moraes Holschuh wrote:
> Package: kernel-tree-2.6.11
> Version: 2.6.11-1
> Severity: grave
> Tags: security
> Justification: user security hole
>
> As usual. I feel weird filling what used to be a wishlist-level report as
> grave, but...
>
> Summary of changes from v2.6.11.5 to v2.6.11.6
> ==============================================
>
> Chris Wright:
> o isofs: more defensive checks against corrupt isofs images
> o Linux 2.6.11.6
>
> Herbert Xu:
> o Potential DOS in load_elf_library
>
> Linus Torvalds:
> o isofs: Handle corupted rock-ridge info slightly better
> o isofs: more "corrupted iso image" error cases
>
> Marcel Holtmann:
> o Fix signedness problem at socket creation
>
> Mathieu Lafon:
> o Suspected information leak (mem pages) in ext2
With the exception of the load_elf_library problem,
which I will check on now, I believe I have patches for
the rest in SVN as neccessary for:
kernel-source-2.6.11:
http://svn.debian.org/wsvn/kernel/trunk/kernel/source/kernel-source-2.6.11-2.6.11/debian/changelog?op=file&rev=0&sc=0
kernel-source-2.6.8:
http://svn.debian.org/wsvn/kernel/trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog?op=file&rev=0&sc=0
kernel-source-2.4.27:
http://svn.debian.org/wsvn/kernel/trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog?op=file&rev=0&sc=0
If you could take a moment to verify this I would be most appreciative.
I have some recent builds that include these patches at
http://debian.vergenet.net/testing/. Though please note, I have
not taken much care with version numbering of the packages.
--
Horms
Reply to: