security update of stable kernels
 

Hello!

I need to have builds/tests of security updates for Dapper through Gutsy
for a number of updates.

I've already merged fixes for the following CVEs:
* CVE-2007-3107 - e f -
* CVE-2007-5966 - e f g
* CVE-2007-6063 d e f g
* CVE-2007-6151 d e f g
* CVE-2007-6206 d e f g
* CVE-2007-6417 d e f g
* CVE-2008-0001 d e f g

And incorporated fixes from the NFSv4 regression (bug 164231) needed in
Feisty and Gutsy. They are in the security git trees:
* git://kernel.ubuntu.com/kees/ubuntu-dapper-security.git
* git://kernel.ubuntu.com/kees/ubuntu-edgy-security.git
* git://kernel.ubuntu.com/kees/ubuntu-feisty-security.git
* git://kernel.ubuntu.com/kees/ubuntu-gutsy-security.git

The following CVE needs more attention from the kernel team, as it did
not merge cleanly:
* CVE-2007-5904
It is fixed with upstream commits:
* a761ac579b89bc1f00212a42401398108deba65c
* 133672efbc1085f9af990bdc145e1822ea93bcf3

I would also ask that Dapper's update be regenerated to include all the
outstanding updates in 2.6.15-51.65 (which hasn't been released yet,
pending the 6.06.2 publication, which just happened). When doing the
upload to jackass, all packages tied to the Dapper kernel ABI need to be
version-bumped as well, and uploaded to jackass so that people only
using -updates will have a sane view of what to install.

These updates are rather urgent (due to CVE-2008-0001).

Let me know if I can help further, I want to make sure this gets
published before the Distro Sprint.

Thanks,

-Kees

--
Kees Cook
--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team