FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.

» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Ubuntu > Ubuntu Kernel Team

LinkBack Thread Tools
Old 05-07-2008, 10:39 PM
Kees Cook
Default security update time

It's that time again... I've cherry picked and backported various CVE
and related bug fixes into the ubuntu-security/* git trees. Bad news:
excepting Hardy, the dnotify patch[1] appears to be an ABI bump. Debian
avoided[1] it using methods I don't understand. However, since I also
have another minor update that is deferred waiting for an ABI bump
(CVE-2007-4571), maybe it's time to do the ABI bump. If there isn't a
way to sanely avoid the dnotify ABI bump, let me know, and I'll add the
patches for CVE-2007-4571. Currently:

dapper feisty gutsy hardy
CVE-2007-4571: deferred deferred N/A N/A
CVE-2007-5904: pending pending pending N/A
CVE-2007-6694: pending pending pending pending
CVE-2008-0007: pending pending pending N/A
CVE-2008-1294: pending pending N/A N/A
CVE-2008-1375: pending pending pending pending
CVE-2008-1669: pending pending pending pending
CVE-2008-1675: N/A N/A N/A pending




[1] http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=214b7049a7929f03bbd2786aaef 04b8b79db34e2
[2] http://svn.debian.org/wsvn/kernel/dists/etch-security/linux-2.6/debian/patches/bugfix/dnotify-race-avoid-abi-change.patch?op=file&rev=0&sc=0

Kees Cook
Ubuntu Security Team

kernel-team mailing list

Thread Tools

All times are GMT. The time now is 12:43 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org