It's that time again... I've cherry picked and backported various CVE
and related bug fixes into the ubuntu-security/* git trees. Bad news:
excepting Hardy, the dnotify patch[1] appears to be an ABI bump. Debian
avoided[1] it using methods I don't understand. However, since I also
have another minor update that is deferred waiting for an ABI bump
(CVE-2007-4571), maybe it's time to do the ABI bump. If there isn't a
way to sanely avoid the dnotify ABI bump, let me know, and I'll add the
patches for CVE-2007-4571. Currently:

dapper feisty gutsy hardy
CVE-2007-4571: deferred deferred N/A N/A
CVE-2007-5904: pending pending pending N/A
CVE-2007-6694: pending pending pending pending
CVE-2008-0007: pending pending pending N/A
CVE-2008-1294: pending pending N/A N/A
CVE-2008-1375: pending pending pending pending
CVE-2008-1669: pending pending pending pending
CVE-2008-1675: N/A N/A N/A pending

Trees:
http://kernel.ubuntu.com/git?p=ubuntu-security/ubuntu-dapper.git;a=summary
http://kernel.ubuntu.com/git?p=ubuntu-security/ubuntu-feisty.git;a=summary
http://kernel.ubuntu.com/git?p=ubuntu-security/ubuntu-gutsy.git;a=summary
http://kernel.ubuntu.com/git?p=ubuntu-security/ubuntu-hardy.git;a=summary

Thanks,

-Kees

[1] http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=214b7049a7929f03bbd2786aaef 04b8b79db34e2
[2] http://svn.debian.org/wsvn/kernel/dists/etch-security/linux-2.6/debian/patches/bugfix/dnotify-race-avoid-abi-change.patch?op=file&rev=0&sc=0

--
Kees Cook
Ubuntu Security Team

--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team