On Thu, Jul 07, 2005 at 03:14:02PM -0600, dann frazier wrote: > On Wed, 2005-06-29 at 16:09 +0900, Horms wrote: > > On Wed, Jun 29, 2005 at 11:14:20AM +0900, Horms wrote: > > > On Tue, Jun 28, 2005 at 10:36:15PM +0200, Frederik Schueler wrote: > > > > Hello, > > > > > > > > I would like to start preparing a seurity update for kernel-source-2.6.8 > > > > in sarge, wich released with version 2.6.8-16. > > > > > > > > In sarge-security we have an old 2.6.15sarge1 wich never got released. > > > > > > > > Does anyone object if I update those sources to the revision in sarge, > > > > and we start building 2.6.8-16sarge1 from it? > > > > > > > > I already got some patches from the ubuntu 2.6.8 kernel package > > > > addressing > > > > the following 5 issues: > > > > > > > > CAN-2005-0756 > > > > CAN-2005-1265 > > > > CAN-2005-1762 > > > > CAN-2005-1763 > > > > CAN-2005-1765 > > > > > > > > and these 3 still need to be addressed: > > > > > > > > CAN-2005-1764 > > > > CAN-2005-0449 #295949 > > > > CAN-2005-0356 #310804 > > > > > > > > > > > > if nobody objects, I would like to commit my changes. > > > > Dann, could you comment on the need for backporting the patch below > > form 2.6.12.1. It does not apply cleanly to 2.6.8 as there > > seem to have been a bunch of other patches in the mean time. > > hey Horms, > This patch appears to be relevant for 2.6.8. It depends on two > earlier patches; one of which fixes what looks like another security > issue to me - kernel is accessing unchecked addresses provided by > userspace[1]. > > I've backported the fix for CAN-2005-1764 to our 2.6.8 with [1] > applied (attached). I'd recommend applying both of these patches to our > tree. Any objections? > > [1] http://linux.bkbits.net:8080/linux-2.6/[EMAIL > PROTECTED]|src/|src/arch|src/arch/ia64|src/arch/ia64/kernel|related/arch/ia64/kernel/ptrace.c
On the grounds that a) it fixes a security bug and b) it doesn't appear to change the ABI, yes, please go for it. -- Horms -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]