Re: Squeeze vulnerable to CVE-2010-2943 (xfs+NFS unlinked inode access)

To: dann frazier <dannf@debian.org>
Cc: debian-user@lists.debian.org, debian-security@lists.debian.org
Subject: Re: Squeeze vulnerable to CVE-2010-2943 (xfs+NFS unlinked inode access)
From: Henrique de Moraes Holschuh <hmh@debian.org>
Date: Thu, 17 Feb 2011 23:45:02 -0200
Message-id: <[🔎] 20110218014502.GB991@khazad-dum.debian.net>
In-reply-to: <[🔎] 20110217231542.GA27415@dannf.org>
References: <[🔎] 223175.89618.qm@web121518.mail.ne1.yahoo.com> <[🔎] ijg34a$u93$1@dough.gmane.org> <[🔎] 4D5B98B0.7080607@plouf.fr.eu.org> <[🔎] 20110216095916.GC15611@khazad-dum.debian.net> <[🔎] 20110217231542.GA27415@dannf.org>

On Thu, 17 Feb 2011, dann frazier wrote:
> > http://security-tracker.debian.org/tracker/CVE-2010-2943
> > It is supposed to be vulnerable.
> 
> I've backported a fix for this, but it was too late to make the
> initial release of squeeze. The fix is queued for the first update to
> squeeze, see:
>   http://svn.debian.org/wsvn/kernel-sec/active/CVE-2010-2943
> 
> > Upstream is sitting on backports of this one for some reason, because it is
> > not on any stable or longterm kernel as far as I can see.
> 
> I forwarded our backport to stable, and it has been tentatively
> accepted for the 2.6.32-longterm tree.

Thank you!

> yes, but note that backport introduced a regression:
>   https://bugs.launchpad.net/ubuntu/+source/linux/+bug/692848

Which you took care of.  Again, thank you very much.

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh

Reply to:

References:
- How up-to-date is Debian's stable release kept to fix published kernel security vulnerabilities?
  - From: Kelly Dean <kellydeanch@yahoo.com>
- Re: How up-to-date is Debian's stable release kept to fix published kernel security vulnerabilities?
  - From: Johan Grönqvist <johan.gronqvist@gmail.com>
- Re: How up-to-date is Debian's stable release kept to fix published kernel security vulnerabilities?
  - From: Pascal Hambourg <pascal.mail@plouf.fr.eu.org>
- Squeeze vulnerable to CVE-2010-2943 (xfs+NFS unlinked inode access)
  - From: Henrique de Moraes Holschuh <hmh@debian.org>
- Re: Squeeze vulnerable to CVE-2010-2943 (xfs+NFS unlinked inode access)
  - From: dann frazier <dannf@debian.org>

Prev by Date: Re: Console resolution
Next by Date: Re: Mdadm device reassignment
Previous by thread: Re: Squeeze vulnerable to CVE-2010-2943 (xfs+NFS unlinked inode access)
Next by thread: Re: How up-to-date is Debian's stable release kept to fix published kernel security vulnerabilities?
Index(es):
- Date
- Thread