Re: Linux kernel vulnerabilities in unstable

To: debian-security-tracker@lists.debian.org
Subject: Re: Linux kernel vulnerabilities in unstable
From: Francesco Poli <frx@firenze.linux.it>
Date: Sun, 5 Jul 2009 20:35:52 +0200
Message-id: <[🔎] 20090705203552.916cf781.frx@firenze.linux.it>
In-reply-to: <[🔎] 20090705192303.e2c8ce9b.frx@firenze.linux.it>
References: <20090601175439.c68332fa.frx@firenze.linux.it> <20090610202239.9c146aba.frx@firenze.linux.it> <20090610164038.5ad21105.michael.s.gilbert@gmail.com> <20090614232545.267cdf41.frx@firenze.linux.it> <8e2a98be0906191036x32b8bf28vdce8b4a2c1070ea8@mail.gmail.com> <20090619201718.f1873870.frx@firenze.linux.it> <20090619143152.50c5f20e.michael.s.gilbert@gmail.com> <20090620003528.d8498909.frx@firenze.linux.it> <20090621214425.3fb6b211.michael.s.gilbert@gmail.com> <20090628184817.7af4c7db.frx@firenze.linux.it> <8e2a98be0906291057g277700fdi67f4a46218b97baa@mail.gmail.com> <20090629201459.db92c4cd.frx@firenze.linux.it> <20090629143910.9ff76f9d.michael.s.gilbert@gmail.com> <20090630011244.1350bb13.frx@firenze.linux.it> <[🔎] 20090702124045.f8247b84.michael.s.gilbert@gmail.com> <[🔎] 20090704173308.ea286d6e.frx@firenze.linux.it> <[🔎] 20090704201604.bb366efd.michael.s.gilbert@gmail.com> <[🔎] 20090705192303.e2c8ce9b.frx@firenze.linux.it>

On Sun, 5 Jul 2009 19:23:03 +0200 Francesco Poli wrote:

[...]
> Here are my findings: I need help from people more knowledgeable than
> me on a pair of CVEs...
[...]

Here are some more findings on other vulnerabilities: again, I need
help on some of them.

http://security-tracker.debian.net/tracker/CVE-2007-6514
commit ???
applied to upstream version ???
see ???
fix present in upstream version 2.6.30: I don't know
   help!  the CVE mitre page does not link to any fix, it seems

http://security-tracker.debian.net/tracker/CVE-2008-6107
commit 94d149c34cda933ff5096aca94bb23bf68602f4e
applied to upstream version 2.6.26
see http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.26
fix present in upstream version 2.6.26: yes
fix present in upstream version 2.6.30: it seems to be present

http://security-tracker.debian.net/tracker/CVE-2009-0029
commit ???
applied to upstream version ???
see ???
fix present in upstream version 2.6.30: I don't know
  help!  the CVE mitre page links to this lkml message from Linus
  Torvalds, who seems to discuss about some aspect, but where's
  the fix?
  http://marc.info/?l=linux-kernel&m=123155111608910&w=2

http://security-tracker.debian.net/tracker/CVE-2009-1914
commit 192d7a4667c6d11d1a174ec4cad9a3c5d5f9043c
applied to upstream version 2.6.29
see http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.29
fix present in upstream version 2.6.30: yes

http://security-tracker.debian.net/tracker/CVE-2009-1961
commit 7bfac9ecf0585962fe13584f5cf526d8c8e76f17
applied to upstream version 2.6.30
see http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30
fix present in upstream version 2.6.30: yes

http://security-tracker.debian.net/tracker/CVE-2009-2287
commit 59839dfff5eabca01cc4e20b45797a60a80af8cb
applied to upstream version [none yet]
see [no changelog]
fix present in upstream version 2.6.30: no

-- 
 New location for my website! Update your bookmarks!
 http://www.inventati.org/frx
..................................................... Francesco Poli .
 GnuPG key fpr == C979 F34B 27CE 5CD8 DC12  31B5 78F4 279B DD6D FCF4

Attachment: pgpVMYct6f_zR.pgp
Description: PGP signature

Reply to:

Follow-Ups:
- Re: Linux kernel vulnerabilities in unstable
  - From: Francesco Poli <frx@firenze.linux.it>
- Re: Linux kernel vulnerabilities in unstable
  - From: Michael S Gilbert <michael.s.gilbert@gmail.com>

References:
- Re: stable vs. testing: same versions, different status
  - From: "Michael S. Gilbert" <michael.s.gilbert@gmail.com>
- Re: stable vs. testing: same versions, different status
  - From: Francesco Poli <frx@firenze.linux.it>
- Re: stable vs. testing: same versions, different status
  - From: "Michael S. Gilbert" <michael.s.gilbert@gmail.com>
- Linux kernel vulnerabilities in unstable [was: Re: stable vs. testing: same versions, different status]
  - From: Francesco Poli <frx@firenze.linux.it>

Prev by Date: Linux kernel vulnerabilities in unstable [was: Re: stable vs. testing: same versions, different status]
Next by Date: chat messages encryption
Previous by thread: Linux kernel vulnerabilities in unstable [was: Re: stable vs. testing: same versions, different status]
Next by thread: Re: Linux kernel vulnerabilities in unstable
Index(es):
- Date
- Thread