Uploading linux (3.2.63-1)
I intend to upload linux version 3.2.63-1 to stable-proposed-updates later this week. This will include all the fixes that went into stable updates 3.2.61-63 inclusive, including fixes for these security issues: CVE-2014-3181HID/magicmouse: buffer overflow CVE-2014-3182HID/logitech-dj: out-of-bounds read CVE-2014-3183/3184/3185 USB/serial/whiteheat: multiple buffer overflows CVE-2014-3186HID/picolcd: buffer overflow CVE-2014-3601kvm: guest-controllable memory leak CVE-2014-4171shmem: reader can block hole punch indefinitely CVE-2014-4608lzo: integer overflow CVE-2014-5077sctp: remote denial of service CVE-2014-5471/5472 isofs: unbound recursion allowing stack overflow I also cherry-picked fixes for: CVE-2014-6410udf: infinite loop when processing indirect ICBs CVE-2014-6416/6417/6418 libceph: buffer overflow and related bugs If any of these look serious enough, I could also prepare a security update. Ben. -- Ben Hutchings Everything should be made as simple as possible, but not simpler. - Albert Einstein signature.asc Description: This is a digitally signed message part
Re: Uploading linux (3.2.63-1)
Ben Hutchings schrieb: > > --=-6AOvsZRHpAv99mjPeare > Content-Type: text/plain; charset="UTF-8" > Content-Transfer-Encoding: quoted-printable > > I intend to upload linux version 3.2.63-1 to stable-proposed-updates > later this week. This will include all the fixes that went into stable > updates 3.2.61-63 inclusive, including fixes for these security issues: > > CVE-2014-3181HID/magicmouse: buffer overflow > CVE-2014-3182HID/logitech-dj: out-of-bounds read > CVE-2014-3183/3184/3185 USB/serial/whiteheat: multiple buffer overflows > CVE-2014-3186HID/picolcd: buffer overflow > CVE-2014-3601kvm: guest-controllable memory leak > CVE-2014-4171shmem: reader can block hole punch indefinitely > CVE-2014-4608lzo: integer overflow > CVE-2014-5077sctp: remote denial of service > CVE-2014-5471/5472 isofs: unbound recursion allowing stack overflow > =20 > I also cherry-picked fixes for: > > CVE-2014-6410udf: infinite loop when processing indirect ICBs > CVE-2014-6416/6417/6418 libceph: buffer overflow and related bugs > > If any of these look serious enough, I could also prepare a security > update. As discussed earlier, scheduling these for the next point update is fine. Cheers, Moritz -- To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/slrnm25p7o.33m@inutil.org
Re: Uploading linux (3.2.63-1)
On Wed, 2014-09-24 at 03:54 +0100, Ben Hutchings wrote: > I intend to upload linux version 3.2.63-1 to stable-proposed-updates > later this week. This will include all the fixes that went into stable > updates 3.2.61-63 inclusive, including fixes for these security issues: [...] Flagged for acceptance in to p-u; thanks. Regards, Adam -- To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/1411926130.25283.10.ca...@jacala.jungle.funky-badger.org
Re: Uploading linux (3.2.63-1)
On Sun, 2014-09-28 at 18:42 +0100, Adam D. Barratt wrote:
> On Wed, 2014-09-24 at 03:54 +0100, Ben Hutchings wrote:
> > I intend to upload linux version 3.2.63-1 to stable-proposed-updates
> > later this week. This will include all the fixes that went into stable
> > updates 3.2.61-63 inclusive, including fixes for these security issues:
> [...]
>
> Flagged for acceptance in to p-u; thanks.
and built everywhere except s390{,x}, where it failed with an ABI
change.
Regards,
Adam
--
To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive:
https://lists.debian.org/1412015358.25283.14.ca...@jacala.jungle.funky-badger.org
Re: Uploading linux (3.2.63-1)
On Mon, 2014-09-29 at 19:29 +0100, Adam D. Barratt wrote:
> On Sun, 2014-09-28 at 18:42 +0100, Adam D. Barratt wrote:
> > On Wed, 2014-09-24 at 03:54 +0100, Ben Hutchings wrote:
> > > I intend to upload linux version 3.2.63-1 to stable-proposed-updates
> > > later this week. This will include all the fixes that went into stable
> > > updates 3.2.61-63 inclusive, including fixes for these security issues:
> > [...]
> >
> > Flagged for acceptance in to p-u; thanks.
>
> and built everywhere except s390{,x}, where it failed with an ABI
> change.
We can ignore that change, but I forgot to do that. (We had the same
build failure in 3.14.10-1.)
Ben.
--
Ben Hutchings
Logic doesn't apply to the real world. - Marvin Minsky
signature.asc
Description: This is a digitally signed message part
Re: Uploading linux (3.2.63-1)
On Mon, 2014-09-29 at 23:24 +0100, Ben Hutchings wrote:
> On Mon, 2014-09-29 at 19:29 +0100, Adam D. Barratt wrote:
> > On Sun, 2014-09-28 at 18:42 +0100, Adam D. Barratt wrote:
> > > On Wed, 2014-09-24 at 03:54 +0100, Ben Hutchings wrote:
> > > > I intend to upload linux version 3.2.63-1 to stable-proposed-updates
> > > > later this week. This will include all the fixes that went into stable
> > > > updates 3.2.61-63 inclusive, including fixes for these security issues:
> > > [...]
> > >
> > > Flagged for acceptance in to p-u; thanks.
> >
> > and built everywhere except s390{,x}, where it failed with an ABI
> > change.
>
> We can ignore that change, but I forgot to do that. (We had the same
> build failure in 3.14.10-1.)
I've flagged 3.2.63-2, including the fix, for acceptance; thanks for the
quick turn-around.
Regards,
Adam
--
To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive:
https://lists.debian.org/1412055407.25283.19.ca...@jacala.jungle.funky-badger.org
