On Wed, 25 Sep 2013 17:13:14 +0000 (UTC) [email protected] (Tom Wijsman ) wrote:
> This is an automated email announcing the release of > genpatches-3.10.7-1 > > PATCHES > ------- > > When the website updates, the complete patch list and split-out > patches will be available here: > http://dev.gentoo.org/~mpagano/genpatches/patches-3.10.7-1.htm > http://dev.gentoo.org/~mpagano/genpatches/tarballs/genpatches-3.10.7-1.base.tar.bz2 > http://dev.gentoo.org/~mpagano/genpatches/tarballs/genpatches-3.10.7-1.extras.tar.bz2 > http://dev.gentoo.org/~mpagano/genpatches/tarballs/genpatches-3.10.7-1.experimental.tar.bz2 If you are wondering what this is... This is a revision bump to =sys-kernel/gentoo-sources-3.10.7, it backports some stability and security fixes that are a bit more important than the usual fixes; here is the summary: Revision 2497: Import 3.10-13 (3.10.7 release) as 3.10.7 branch, to bring security fixes to stable. (tomwij) Revision 2498: fs/proc/task_mmu.c: fix buffer overflow in add_page_map() reported by stintel on IRC, backported from 3.10.8. (tomwij) Added: 1500_task-mmu_fix-buffer-overflow-in-add_page_map.patch Revision 2517: Added CVE-2013-4300 patch to 3.10 and 3.10.7 branches for security bug #483614. (tomwij) Added: 1500_CVE-2013-4300-net-Check-the-correct-namespace-when-spoofing-pid-ov.patch Revision 2527: Added patches for HID security flaws for CVE-2013-2888 - CVE-2013-2899, see bug #482896 for more information. (tomwij) Added: 1500_CVE-2013-2888-HID-validate-HID-report-id-size.patch Added: 1500_CVE-2013-2889-HID-zeroplus-validate-output-report-details.patch Added: 1500_CVE-2013-2891-HID-steelseries-validate-output-report-details.patch Added: 1500_CVE-2013-2892-HID-pantherlord-validate-output-report-details.patch Added: 1500_CVE-2013-2894-HID-lenovo-tpkbd-validate-output-report-details.patch Added: 1500_CVE-2013-2895-HID-logitech-dj-validate-output-report-details.patch Added: 1500_CVE-2013-2896-HID-ntrig-validate-feature-report-details.patch Added: 1500_CVE-2013-2897-HID-multitouch-validate-indexes-details.patch Added: 1500_CVE-2013-2898-HID-sensor-hub-validate-feature-report-details.patch Added: 1500_CVE-2013-2899-HID-picolcd_core-validate-output-report-details.patch Added: 1500_HID-check-for-NULL-field-when-setting-values.patch Added: 1500_HID-provide-a-helper-for-validating-hid-reports.patch The commit message used for =sys-kernel/gentoo-sources-3.10.7-r1: Revision bump for 3.10.7. Fixed an important buffer overflow in add_page_map() causing kernel panics, backported from 3.10.8; reported by stintel on IRC. Fixed PID Spoofing Privilege Escalation, backported from 3.11, see bug #483614; CVE-2013-4300. Fixed multiple HID security flaws, backported from GregKH's stable queue and Linus' master, see bug #482896; from CVE-2013-2888 till CVE-2013-2899. Users that had kernel panics due to buffer overflows or need additional security are suggested to update. Not sure if anybody needs this information, just added for completeness. -- With kind regards, Tom Wijsman (TomWij) Gentoo Developer E-mail address : [email protected] GPG Public Key : 6D34E57D GPG Fingerprint : C165 AF18 AB4C 400B C3D2 ABF0 95B2 1FCD 6D34 E57D
signature.asc
Description: PGP signature
