On Mon, Mar 28, 2005 at 10:10:20AM -0300, Henrique de Moraes Holschuh wrote: > Package: kernel-tree-2.6.11 > Version: 2.6.11-1 > Severity: grave > Tags: security > Justification: user security hole > > As usual. I feel weird filling what used to be a wishlist-level report as > grave, but... > > Summary of changes from v2.6.11.5 to v2.6.11.6 > ============================================== > > Chris Wright: > o isofs: more defensive checks against corrupt isofs images > o Linux 2.6.11.6 > > Herbert Xu: > o Potential DOS in load_elf_library > > Linus Torvalds: > o isofs: Handle corupted rock-ridge info slightly better > o isofs: more "corrupted iso image" error cases > > Marcel Holtmann: > o Fix signedness problem at socket creation > > Mathieu Lafon: > o Suspected information leak (mem pages) in ext2
With the exception of the load_elf_library problem, which I will check on now, I believe I have patches for the rest in SVN as neccessary for: kernel-source-2.6.11: http://svn.debian.org/wsvn/kernel/trunk/kernel/source/kernel-source-2.6.11-2.6.11/debian/changelog?op=file&rev=0&sc=0 kernel-source-2.6.8: http://svn.debian.org/wsvn/kernel/trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog?op=file&rev=0&sc=0 kernel-source-2.4.27: http://svn.debian.org/wsvn/kernel/trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog?op=file&rev=0&sc=0 If you could take a moment to verify this I would be most appreciative. I have some recent builds that include these patches at http://debian.vergenet.net/testing/. Though please note, I have not taken much care with version numbering of the packages. -- Horms -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
