Author: horms Date: Wed Feb 1 03:49:57 2006 New Revision: 5662 Modified: patch-tracking/CVE-2004-0813 Log: I'm pretty sure CVE-2004-0813 is fixed in all our 2.6 kernels. And I'm not convinced it is applicable to our 2.4 kernels
Modified: patch-tracking/CVE-2004-0813 ============================================================================== --- patch-tracking/CVE-2004-0813 (original) +++ patch-tracking/CVE-2004-0813 Wed Feb 1 03:49:57 2006 @@ -11,10 +11,18 @@ dannf> RedHat is still vulnerable, but there has been recent activity: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=133098 dannf> I wonder if one of the patches listed for CVE-2004-1190 fixes this? + horms> I'm pretty sure this is fixed by the series of patches for SG_IO + added upstream in 2.6.8 and the immediately following period. + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=300162 + That should clean things up for 2.6. + 2.4 doesn't suffer this problem exactly, unless + the permisions of /dev/sg* are botched. + Alan Cox seems to think that is bad, but I'm not so sure. + https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=133098 Bugs: -upstream: -linux-2.6: -2.6.8-sarge-security: +upstream: fixed (2.6.10) +linux-2.6: N/A +2.6.8-sarge-security: fixed (2.6.8-14) 2.4.27-sarge-security: 2.4.19-woody-security: 2.4.18-woody-security: _______________________________________________ Kernel-svn-changes mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/kernel-svn-changes
