Willy, here are the security patches I've recently applied to Debian's 2.6.32 branch, aside from those for CVE-2015-2925 - which we already discussed - and for issues not yet fixed upstream.
These have already been released without reported regressions. The
mapping to CVE IDs is:
* md: use kzalloc() when bitmap is disabled (CVE-2015-5697)
* ipv6: addrconf: validate new MTU before applying it (CVE-2015-0272)
* virtio-net: drop NETIF_F_FRAGLIST (CVE-2015-5156)
* USB: whiteheat: fix potential null-deref at probe (CVE-2015-5257)
* ipc/sem.c: fully initialize sem_array before making it visible
(no CVE ID, but similar issue to the following fix)
* Initialize msg/shm IPC objects before doing ipc_addid()
(CVE-2015-7613)
Ben.
--
Ben Hutchings
Anthony's Law of Force: Don't force it, get a larger hammer.
security-2.6.32.mbox
Description: application/mbox
signature.asc
Description: This is a digitally signed message part
