In order to hopefully help kickstart the security update process, I've
drafted some DSA text for our sarge/2.6.8 kernels (attached). Thanks to
Micah, we have CAN IDs assigned for a number of things we just had
marked as security. I tried to map all of the patches to CANs, but
these are the ones r
Package: kernel-source-2.4.27
Version: 2.4.27-11
Severity: important
Tags: patch security
It appears that 2.4.27 is vulnerable to CAN-2005-3105,
which has long been fixed in Debian's 2.6
Dann, can you take a look into this?
CAN stuff is below for reference, though the patch came from
you in the
On Thu, Oct 06, 2005 at 10:27:24PM -0500, root wrote:
> Package: kernel-image-2.6.8-2-686
> Version: 2.6.8-16
> Severity: important
>
>
> Classified 'important' as the 2.6 kernel package will not work with
> console=/dev/ttyS0,19200n8.
>
> Verified to be a kernel issue by using the 2.4.27-2 pack
I have been looking over CAN-2005-3109, better known as
the hfs, hfsplus leak and oops, and I am wondering if the
problem is present in 2.4
I took a look at making a backport, and it seems that
some of the problems are there, but without a deeper inspection
of the code its difficult to tell if th
Package: kernel-image-2.6.8-2-686
Version: 2.6.8-16
Severity: important
Classified 'important' as the 2.6 kernel package will not work with
console=/dev/ttyS0,19200n8.
Verified to be a kernel issue by using the 2.4.27-2 package with
identical configuration.
System runs on a PIIX4 chipset, with
Processing commands for [EMAIL PROTECTED]:
> # I decided to remove the d-i tag from all packages maintained by the
> # d-i team, so the list of d-i tagged bugs reduces to bugs that affect
> # d-i but are not in d-i itself
> tag 328992 - d-i
Bug#328992: partconf: [s/390] No longer recognizes dasd p
kernel-image-2.6-386_2.6.13-1_i386.deb
to pool/main/l/linux-2.6/kernel-image-2.6-386_2.6.13-1_i386.deb
kernel-image-2.6-686-smp_2.6.13-1_i386.deb
to pool/main/l/linux-2.6/kernel-image-2.6-686-smp_2.6.13-1_i386.deb
kernel-image-2.6-686_2.6.13-1_i386.deb
to pool/main/l/linux-2.6/kernel-image-2.
linux-2.6_2.6.13-1_i386.changes uploaded successfully to localhost
along with the files:
linux-2.6_2.6.13-1.dsc
linux-2.6_2.6.13.orig.tar.gz
linux-2.6_2.6.13-1.diff.gz
linux-doc-2.6.13_2.6.13-1_all.deb
linux-manual-2.6.13_2.6.13-1_all.deb
linux-patch-debian-2.6.13_2.6.13-1_all.deb
lin
On Thu, Oct 06, 2005 at 07:37:36PM -0600, dann frazier wrote:
> Unified Repository for Proposed Kernel Security Updates
> ---
> I've created a unified archive for our proposed security updates for
> sarge. Hopefully this will make it easier for u
On Thu, Oct 06, 2005 at 07:58:10PM +0200, Sven Luther wrote:
> On Thu, Oct 06, 2005 at 07:31:18PM +0200, Maximilian Attems wrote:
> > On Thu, Oct 06, 2005 at 06:58:55PM +0200, Sven Luther wrote:
> >
> > > Do you have a link to it ? And does it support using yaird as alternative
> > > ? Or
> > >
Unified Repository for Proposed Kernel Security Updates
---
I've created a unified archive for our proposed security updates for
sarge. Hopefully this will make it easier for users to test/use these
builds, as well as provide a single location fo
On Thu, 2005-10-06 at 17:26 -0400, Larry Lindsey wrote:
> I've produced a patch against the Debian 2.4.27 sources, which adds
> ata_piix support (ICH6, ICH7). A lot of Dell machines use this
> chipset. Its pretty klugey, but I hope its useful.
>
> http://www.math.gatech.edu/~lindsey/libata-piix-
I've produced a patch against the Debian 2.4.27 sources, which adds
ata_piix support (ICH6, ICH7). A lot of Dell machines use this
chipset. Its pretty klugey, but I hope its useful.
http://www.math.gatech.edu/~lindsey/libata-piix-2.4.27.patch.tar.bz2
http://www.math.gatech.edu/~lindsey/libata-pi
On Thu, Oct 06, 2005 at 08:24:49PM +0200, Jonas Smedegaard wrote:
> Maximilian Attems <[EMAIL PROTECTED]> wrote:
> > also it would be _very_ cool to do the switch after a major upload.
> > just the switch to the newer tools and nothing else.
> > ubuntu has been bitten by this transition.
> > the u
I did a quick test with the real Debian kernel from unstable and it
doesn't crash. Seems that pre-emption has something to do with my issue.
Looks like building from source has some other defaults than the Debian
kernel. I now know to explicitely load the config file before
compiling... Thanks.
On Thu, Oct 06, 2005 at 08:24:49PM +0200, Jonas Smedegaard wrote:
> > > I guess we could add a version specific check into the
> > > postinst to default to using yaird or mkinitramfs , if installed,
> > > in preference to mkinitrd, though I am usually hesitant to add in
> > > version depe
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thu, 6 Oct 2005 17:44:02 +0200
Maximilian Attems <[EMAIL PROTECTED]> wrote:
> On Thu, Oct 06, 2005 at 09:29:06AM -0500, Manoj Srivastava wrote:
>
[snip snip]
> > mkinitramfs fails if the kernel
> >
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thu, 6 Oct 2005 17:57:08 +0200
Sven Luther <[EMAIL PROTECTED]> wrote:
> mkyaird (or whatever it is called)
mkinitrd.yaird is the name of the yaird wrapper with mkinitrd options.
- Jonas
- --
* Jonas Smedegaard - idealist og Internet-arkitekt
On Thu, Oct 06, 2005 at 07:31:18PM +0200, Maximilian Attems wrote:
> On Thu, Oct 06, 2005 at 06:58:55PM +0200, Sven Luther wrote:
>
> > Do you have a link to it ? And does it support using yaird as alternative ?
> > Or
> > running initrd 2.4 or pre-2.6.12 kernels ?
>
> it's supporting initrd-to
On Thu, Oct 06, 2005 at 06:58:55PM +0200, Sven Luther wrote:
> Do you have a link to it ? And does it support using yaird as alternative ? Or
> running initrd 2.4 or pre-2.6.12 kernels ?
it's supporting initrd-tools on hppa and ia64 afaik.
> The above proposal works with kernel-package just fi
On Thu, Oct 06, 2005 at 11:57:16AM -0500, Manoj Srivastava wrote:
> On Thu, 6 Oct 2005 18:07:24 +0200, Sven Luther <[EMAIL PROTECTED]> said:
>
> >> So, if there is an explicit value, use that, or else fall back
> >> through any of mkinitrd, mkinitramfs, or yaird, which happen to be
> >> installed
On Thu, Oct 06, 2005 at 06:43:54PM +0200, Maximilian Attems wrote:
> On Thu, Oct 06, 2005 at 05:57:08PM +0200, Sven Luther wrote:
> > On Thu, Oct 06, 2005 at 09:29:06AM -0500, Manoj Srivastava wrote:
> > > On Mon, 3 Oct 2005 13:03:45 +0200, Maximilian Attems
> > > <[EMAIL PROTECTED]> said:
> > >
On Thu, 6 Oct 2005 18:07:24 +0200, Sven Luther <[EMAIL PROTECTED]> said:
>> So, if there is an explicit value, use that, or else fall back
>> through any of mkinitrd, mkinitramfs, or yaird, which happen to be
>> installed.
> What about delegating the initrd creation to the
> /etc/kernel/postinst
On Thu, Oct 06, 2005 at 05:57:08PM +0200, Sven Luther wrote:
> On Thu, Oct 06, 2005 at 09:29:06AM -0500, Manoj Srivastava wrote:
> > On Mon, 3 Oct 2005 13:03:45 +0200, Maximilian Attems
> > <[EMAIL PROTECTED]> said:
> >
> > > naa initramfs-tools are in the archive an working for all arch but
> >
Horms wrote:
> > > It also seems to me that none of the patches in 2.6.13.3 are security
> > > related, I'd apprciate someone casting an eye over that.
> >
> > It's not obvious from the code, but the description for
> >
> > | Stephen Hemminger:
> > | skge: set mac address oops with bonding
> >
On Thu, Oct 06, 2005 at 03:16:26PM +0200, Moritz Muehlenhoff wrote:
> Hi,
> as usual; to minimize the overhead I'm sending these again by email and not
> through the BTS.
thanks, I've put that in my new holding pen,
kernel/people/horms/patch_note on svn.debian.org as
newcve-2005-10-06
I'm not sur
On Thu, Oct 06, 2005 at 03:39:22PM +0200, Moritz Muehlenhoff wrote:
> Horms wrote:
> > The next things I will be looking at are:
> > Checking off CAN Numbers
> >
> > I have put my notes in SVN - there is nothing private there.
> > These include notes on each of 2.6.13.{123} and a list
> > of rec
On Thu, Oct 06, 2005 at 02:20:53PM +0200, Jonas Smedegaard wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On Thu, 6 Oct 2005 12:30:28 +0100
> Colin Watson <[EMAIL PROTECTED]> wrote:
>
> > On Thu, Oct 06, 2005 at 01:09:59PM +0200, Sven Luther wrote:
> > > On Thu, Oct 06, 2005 at 06:4
On Thu, Oct 06, 2005 at 09:21:11AM -0500, Manoj Srivastava wrote:
> On Wed, 5 Oct 2005 18:25:40 +0200, Sven Luther <[EMAIL PROTECTED]> said:
>
> > On Wed, Oct 05, 2005 at 12:12:10PM -0400, Joey Hess wrote:
> >> d-i contains code to install and set up initrd-tools. The
> >> likelyhood of yaird or
On Thu, Oct 06, 2005 at 09:29:06AM -0500, Manoj Srivastava wrote:
> Err. putting
> ramdisk = /usr/sbin/mkinitramfs
> in /etc/kernel-img.conf does seem to work.
indeed, thanks for pointing that out.
> Or are you talking about
> using mkinitramfs by default? mkinitramfs fails if the
On Thu, Oct 06, 2005 at 09:29:06AM -0500, Manoj Srivastava wrote:
> On Mon, 3 Oct 2005 13:03:45 +0200, Maximilian Attems
> <[EMAIL PROTECTED]> said:
>
> > naa initramfs-tools are in the archive an working for all arch but
> > sparc (klibc ftbfs there with gcc3.4/4.0).
>
> > the kernel-package d
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
These are the CVE assignments I requested from Mitre for the security
patches that have been already applied to the 2.6.8sarge1 update.
I will work with horms to get these added to the changelog entries
next to the patches which address the problems.
On Mon, 3 Oct 2005 13:03:45 +0200, Maximilian Attems
<[EMAIL PROTECTED]> said:
> naa initramfs-tools are in the archive an working for all arch but
> sparc (klibc ftbfs there with gcc3.4/4.0).
> the kernel-package does not yet use the initramfs-tools. you need to
> invoke update-initramfs like
On Wed, 5 Oct 2005 18:25:40 +0200, Sven Luther <[EMAIL PROTECTED]> said:
> On Wed, Oct 05, 2005 at 12:12:10PM -0400, Joey Hess wrote:
>> d-i contains code to install and set up initrd-tools. The
>> likelyhood of yaird or initramfs-tools working everywhere with no
>> d-i changes is zero.
> Ah, ..
Horms wrote:
On Fri, Aug 19, 2005 at 08:46:29AM -0500, Chris Leigh wrote:
I have tried the patched kernel, and although it was able to compile,
it did not work correctly.
Sorry, its seems that I missed part of the patch, could
you please try the revised version that is
Horms wrote:
> The next things I will be looking at are:
> Checking off CAN Numbers
>
> I have put my notes in SVN - there is nothing private there.
> These include notes on each of 2.6.13.{123} and a list
> of recently released CAN numbers. I think some of the
> CAN numbers correlate to 2.6.13
Hi,
as usual; to minimize the overhead I'm sending these again by email and not
through the BTS.
CAN-2005-3110:
DoS on SMP, potentially 2.4 and 2.6
http://sourceforge.net/mailarchive/forum.php?thread_id=6800453&forum_id=8572
CAN-2005-3109:
Local DoS through oops by mounting a non-HFS+ filesystem
Hello,
I'm trying to synchronize with my iPaq (rx3715) and get the following error (in
dmesg):
usb 1-1: new full speed USB device using ohci_hcd and address 9
ipaq 1-1:2.0: PocketPC PDA converter detected
drivers/usb/serial/ipaq.c: active config #2 != 1 ??
ipaq: probe of 1-1:2.0 failed with erro
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thu, 6 Oct 2005 12:30:28 +0100
Colin Watson <[EMAIL PROTECTED]> wrote:
> On Thu, Oct 06, 2005 at 01:09:59PM +0200, Sven Luther wrote:
> > On Thu, Oct 06, 2005 at 06:45:13PM +0900, Horms wrote:
> > > I am, right at this moment, building 2.6.13-1.exp
On Thu, Oct 06, 2005 at 01:09:59PM +0200, Sven Luther wrote:
> On Thu, Oct 06, 2005 at 06:45:13PM +0900, Horms wrote:
> > I am, right at this moment, building 2.6.13-1.experimental.1, and
>
> This should be 2.6.13-0.experimental.1, which would be lower than 2.6.13-1
> which we would upload to unst
On Thu, Oct 06, 2005 at 06:45:13PM +0900, Horms wrote:
> I am, right at this moment, building 2.6.13-1.experimental.1, and
This should be 2.6.13-0.experimental.1, which would be lower than 2.6.13-1
which we would upload to unstable. Don't forget to make sure you include the
.orig tarball though, a
Hello !
I'm a very young and energetic lady! I have very positive attitude to life and
people. I do enjoy new experience life can offer me: to see new interesting
places, to meet new people.
I do try to enjoy every moment of life and accept everything the way it comes
without complaining.
Thou
On Thu, Oct 06, 2005 at 12:00:12PM +0200, Norbert Tretkowski wrote:
> * Horms wrote:
> > I am, right at this moment, building 2.6.13-1.experimental.1, and
> > assuming the i386 build completes I will upload. I already know it
> > doesn't compile on HPPA, and I expect other FTBFS.
>
> It will fail
Hi,
I have now gone through all of 2.6.13.{123} for 2.6.8 sarge
and sarge-security. And these changes are all in SVN.
2.6.13.{123} are in trunk/ (2.6.13)
2.6.13.{12} are in sid/ (2.6.12)
I will add 2.6.13.3 if it looks like 2.6.12-11 is going to happen.
The next things I will be looking at are
* Horms wrote:
> I am, right at this moment, building 2.6.13-1.experimental.1, and
> assuming the i386 build completes I will upload. I already know it
> doesn't compile on HPPA, and I expect other FTBFS.
It will fail on alpha too, I hope I'll find time next weekend to
update the configs.
Norbert
Hello, my name is Maria Freeman
I'd realy like to know:
Happy with your sexual performance?
We have another answer!
The generic advantage http://schlesinger.e.50.happinessischeap.com
good bye
Velma Orr
S..t..o..p : http://schlesinger.youthisgreatmeds.com/leavemealone.php
--
To U
On Thu, Oct 06, 2005 at 10:10:34AM +0200, Ludovic Drolez wrote:
> On Thu, Oct 06, 2005 at 10:39:50AM +0900, Horms wrote:
> > I have talked with upstream, and Juergen Kreidleder who originally
> > discovered this bug about this problem. Unfortunately there is no patch
> > that fixes this problem tha
Hello, Hi mate, my name is Mindy Ledford
I'm curious:
Having troubles getting a full erection?
I recommend this Impotence levels solutions
Enetr our site http://chenille.e.50.happinessischeap.com
yours,
Mitzi Swanson
n..a..d..a : http://chenille.happinessischeap.com/nomore.php
--
On Thu, Oct 06, 2005 at 11:15:04AM +0200, Jonas Smedegaard wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On Thu, 6 Oct 2005 10:13:05 +0200
> Sven Luther <[EMAIL PROTECTED]> wrote:
>
> > On Wed, Oct 05, 2005 at 08:19:14PM +0200, Jonas Smedegaard wrote:
> > > -BEGIN PGP SIGNED ME
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thu, 6 Oct 2005 10:13:05 +0200
Sven Luther <[EMAIL PROTECTED]> wrote:
> On Wed, Oct 05, 2005 at 08:19:14PM +0200, Jonas Smedegaard wrote:
> > -BEGIN PGP SIGNED MESSAGE-
> > > > If not, why?
> > >
> > > I guess generic miscomprehension, or
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wed, 05 Oct 2005 16:49:54 -0600
dann frazier <[EMAIL PROTECTED]> wrote:
> On Thu, 2005-10-06 at 00:22 +0200, Marco Amadori wrote:
> > Alle 23:13, mercoledì 5 ottobre 2005, dann frazier ha scritto:
> >
> > > And also, what will be the best way to m
On Wed, Oct 05, 2005 at 08:19:14PM +0200, Jonas Smedegaard wrote:
> -BEGIN PGP SIGNED MESSAGE-
> > > If not, why?
> >
> > I guess generic miscomprehension, or whatever. The fact that ubuntu
> > uses initramfs-tools for example, and so on.
>
> I would guess similarly. My interest was (and
On Thu, Oct 06, 2005 at 10:39:50AM +0900, Horms wrote:
> I have talked with upstream, and Juergen Kreidleder who originally
> discovered this bug about this problem. Unfortunately there is no patch
> that fixes this problem that upstream is comfortable, so I would rather
But replacing jiffies with
53 matches
Mail list logo
