On Sun, 5 Jul 2009 19:23:03 +0200 Francesco Poli wrote: [...] > Here are my findings: I need help from people more knowledgeable than > me on a pair of CVEs... [...] Here are some more findings on other vulnerabilities: again, I need help on some of them. http://security-tracker.debian.net/tracker/CVE-2007-6514 commit ??? applied to upstream version ??? see ??? fix present in upstream version 2.6.30: I don't know help! the CVE mitre page does not link to any fix, it seems http://security-tracker.debian.net/tracker/CVE-2008-6107 commit 94d149c34cda933ff5096aca94bb23bf68602f4e applied to upstream version 2.6.26 see http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.26 fix present in upstream version 2.6.26: yes fix present in upstream version 2.6.30: it seems to be present http://security-tracker.debian.net/tracker/CVE-2009-0029 commit ??? applied to upstream version ??? see ??? fix present in upstream version 2.6.30: I don't know help! the CVE mitre page links to this lkml message from Linus Torvalds, who seems to discuss about some aspect, but where's the fix? http://marc.info/?l=linux-kernel&m=123155111608910&w=2 http://security-tracker.debian.net/tracker/CVE-2009-1914 commit 192d7a4667c6d11d1a174ec4cad9a3c5d5f9043c applied to upstream version 2.6.29 see http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.29 fix present in upstream version 2.6.30: yes http://security-tracker.debian.net/tracker/CVE-2009-1961 commit 7bfac9ecf0585962fe13584f5cf526d8c8e76f17 applied to upstream version 2.6.30 see http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30 fix present in upstream version 2.6.30: yes http://security-tracker.debian.net/tracker/CVE-2009-2287 commit 59839dfff5eabca01cc4e20b45797a60a80af8cb applied to upstream version [none yet] see [no changelog] fix present in upstream version 2.6.30: no -- New location for my website! Update your bookmarks! http://www.inventati.org/frx ..................................................... Francesco Poli . GnuPG key fpr == C979 F34B 27CE 5CD8 DC12 31B5 78F4 279B DD6D FCF4
Attachment:
pgpVMYct6f_zR.pgp
Description: PGP signature