lp://staging/ubuntu/karmic-security/linux-ec2
- Get this branch:
- bzr branch lp://staging/ubuntu/karmic-security/linux-ec2
Branch merges
Related source package recipes
Branch information
Recent revisions
- 16. By Brad Figg
-
[ Brad Figg ]
* Release Tracking Bug
- LP: #737761[ Brad Figg ]
* Rebased to 2.6.31-23.75
[ Ubuntu: 2.6.31-23.75 ]
* Release Tracking Bug
- LP: #737663
* do_exit(): make sure that we run with get_fs() == USER_DS,
CVE-2010-4258
- LP: #723945
- CVE-2010-4258
* xfs: always use iget in bulkstat
- LP: #692848
* x25: Prevent crashing when parsing bad X.25 facilities CVE-2010-4164
- LP: #731199
- CVE-2010-4164
* Revised [CVE-2010-4345 Karmic] install_special_ mapping skips
security_file_mmap check. CVE-2010-4346
- LP: #731971
- CVE-2010-4346
* econet: Fix crash in aun_incoming(). CVE-2010-4342
- LP: #736394
- CVE-2010-4342 - 15. By Steve Conklin
-
[ Steve Conklin ]
* Release Tracking Bug
- LP: #726786
* Rebased to 2.6.31-23.74[ Ubuntu: 2.6.31-23.74 ]
* Release Tracking Bug
- LP: #725232
* bluetooth: Fix missing NULL check, CVE-2010-4242
- LP: #714846
- CVE-2010-4242
* bio: take care not overflow page count when mapping/copying user data,
CVE-2010-4162
- LP: #721441
- CVE-2010-4162
* filter: make sure filters dont read uninitialized memory
- LP: #721282
- CVE-2010-4158
* tty: Make tiocgicount a handler, CVE-2010-4076, CVE-2010-4077
- LP: #720189
- CVE-2010-4077
* block: check for proper length of iov entries in blk_rq_map_user_ iov(),
CVE-2010-4163
- LP: #721504
- CVE-2010-4163
* block: check for proper length of iov entries earlier in
blk_rq_map_user_ iov(), CVE-2010-4163
- LP: #721504
- CVE-2010-4163
* rds: Integer overflow in RDS cmsg handling, CVE-2010-4175
- LP: #721455
- CVE-2010-4175 - 14. By Stefan Bader
-
[ Stefan Bader ]
* Rebased to 2.6.31-22.73
[ Ubuntu: 2.6.31-22.73 ]
* Release Tracking Bug
- LP: #716648
* net: Limit socket I/O iovec total length to INT_MAX., CVE-2010-3859
- LP: #708839, #711855
- CVE-2010-4160
* net: Truncate recvfrom and sendto length to INT_MAX., CVE-2010-3859
- LP: #708839, #711855
- CVE-2010-4160
* net: fix rds_iovec page count overflow, CVE-2010-3865
- LP: #709153
- CVE-2010-3865
* net: ax25: fix information leak to userland, CVE-2010-3875
- LP: #710714
- CVE-2010-3875
* net: ax25: fix information leak to userland harder, CVE-2010-3875
- LP: #710714
- CVE-2010-3875
* can-bcm: fix minor heap overflow
- LP: #710680
- CVE-2010-3874
* memory corruption in X.25 facilities parsing, CVE-2010-3873
- LP: #709372
- CVE-2010-3873
* net: packet: fix information leak to userland, CVE-2010-3876
- LP: #710714
- CVE-2010-3876
* net: tipc: fix information leak to userland, CVE-2010-3877
- LP: #711291
- CVE-2010-3877
* KVM: VMX: fix vmx null pointer dereference on debug register access,
CVE-2010-0435
- LP: #712615
- CVE-2010-0435
* gdth: integer overflow in ioctl, CVE-2010-4157
- LP: #711797
- CVE-2010-4157
* posix-cpu-timers: workaround to suppress the problems with mt exec,
CVE-2010-4248
- LP: #712609
- CVE-2010-4248
* ALSA: sound/pci/rme9652: prevent reading uninitialized stack memory,
CVE-2010-4080, CVE-2010-4081
- LP: #712723, #712737
- CVE-2010-4081
* drivers/video/via/ ioctl.c: prevent reading uninitialized stack memory,
CVE-2010-4082
- LP: #712744
- CVE-2010-4082
* sys_semctl: fix kernel stack leakage, CVE-2010-4083
- LP: #712749
- CVE-2010-4083
* inet_diag: Make sure we actually run the same bytecode we audited,
CVE-2010-3880
- LP: #711865
- CVE-2010-3880 - 13. By Brad Figg
-
[ Brad Figg ]
- LP: #698298
[ Brad Figg ]
* Rebased to 2.6.31-22.71
[ Ubuntu: 2.6.31-22.71 ]
* ipc: initialize structure memory to zero for compat functions
* tcp: Increase TCP_MAXSEG socket option minimum.
- CVE-2010-4165
* perf_events: Fix perf_counter_mmap() hook in mprotect()
- CVE-2010-4169
* af_unix: limit unix_tot_inflight
- CVE-2010-4249 - 12. By Stefan Bader
-
[ Stefan Bader ]
* Rebased to 2.6.31-22.70
[ Upstream Kernel Changes ]
* xen, compat: Test %rax for the syscall number, not %eax
- CVE-2010-3301
* xen, compat: Retruncate rax after ia32 syscall entry tracing
- CVE-2010-3301[ Ubuntu: 2.6.31-22.70 ]
* Revert "SAUCE: AF_ECONET saddr->cookie prevent NULL pointer
dereference"
* Revert "SAUCE: AF_ECONET SIOCSIFADDR ioctl does not check privileges"
* Revert "SAUCE: AF_ECONET prevent kernel stack overflow"
* Btrfs: fix checks in BTRFS_IOC_CLONE_RANGE
- CVE-2010-2538
* xfs: validate untrusted inode numbers during lookup
- CVE-2010-2943
* xfs: rename XFS_IGET_BULKSTAT to XFS_IGET_UNTRUSTED
- CVE-2010-2943
* xfs: remove block number from inode lookup code
- CVE-2010-2943
* xfs: fix untrusted inode number lookup
- CVE-2010-2943
* drm/i915: Sanity check pread/pwrite
- CVE-2010-2962
* drm/i915: Rephrase pwrite bounds checking to avoid any potential
overflow
- CVE-2010-2962
* tracing: Do not allow llseek to set_ftrace_filter
- CVE-2010-3079
* drivers/net/cxgb3/ cxgb3_main. c: prevent reading uninitialized stack
memory
- CVE-2010-3296
* drivers/net/eql.c: prevent reading uninitialized stack memory
- CVE-2010-3297
* drivers/net/usb/ hso.c: prevent reading uninitialized memory
- CVE-2010-3298
* setup_arg_pages: diagnose excessive argument size
- CVE-2010-3858
* net: clear heap allocation for ETHTOOL_GRXCLSRLALL
- CVE-2010-3861
* ipc: shm: fix information leak to userland
- CVE-2010-4072
* econet: disallow NULL remote addr for sendmsg(), fixes CVE-2010-3849
- CVE-2010-3849
* econet: fix CVE-2010-3850
- CVE-2010-3850
* econet: fix CVE-2010-3848
- CVE-2010-3848 - 11. By Stefan Bader
-
[ Stefan Bader ]
* Rebased to 2.6.31-22.66
[ Ubuntu: 2.6.31-22.66 ]
* SAUCE: (no-up) Modularize vesafb -- fix initialization
- LP: #611471
* SAUCE: sched: update load count only once per cpu in 10 tick update
window
- LP: #513848
* (pre-stable) x86-32, resume: do a global tlb flush in S4 resume
- LP: #531309
* PCI: Ensure we re-enable devices on resume
- LP: #566149[ Ubuntu: 2.6.31-22.65 ]
* x86-64, compat: Test %rax for the syscall number, not %eax
- CVE-2010-3301
* x86-64, compat: Retruncate rax after ia32 syscall entry tracing
- CVE-2010-3301
* compat: Make compat_alloc_user_ space() incorporate the access_ok()
- CVE-2010-3081 - 10. By Stefan Bader
-
[ Stefan Bader ]
* Rebased to 2.6.31-22.64
[ Ubuntu: 2.6.31-22.64 ]
* SAUCE: (no-up) Modularize vesafb -- fix initialization
- LP: #611471
* SAUCE: sched: update load count only once per cpu in 10 tick update
window
- LP: #513848
* (pre-stable) x86-32, resume: do a global tlb flush in S4 resume
- LP: #531309
* PCI: Ensure we re-enable devices on resume
- LP: #566149 - 9. By Stefan Bader
-
[ Stefan Bader ]
* Rebased to 2.6.31-21.59
[ Ubuntu: 2.6.31-21.59 ]
* [Config] generic-pae switch to M586TSC
- LP: #519448
* (pre-stable) drm/i915: Increase fb alignment to 64k
- LP: #404064
* Input: i8042 - bypass AUX IRQ delivery test on laptops
- LP: #534448
* SAUCE: Fix volume hotkeys for Dell Studio 1557
- LP: #465250
* SAUCE: aufs: Fix header files inclusion in debug.h
- LP: #517151
* [Config] Enable all CGROUP configuration options
- LP: #480739
* Revert "[Upstream] acerhdf: Limit modalias matching to supported
boards"
- LP: #509730
* [Config] ext3 defaults to ordered mode
- LP: #510067
* [Config] Fix sub-flavours package conflicts
- LP: #454827
* PCI/cardbus: Add a fixup hook and fix powerpc
- LP: #455723
* fnctl: f_modown should call write_lock_irqsave/ restore
- LP: #519436
* ACPI: enable C2 and Turbo-mode on Nehalem notebooks on A/C
- LP: #516325
* tg3: Add 57788, remove 57720
- LP: #515390
* HID: ignore all recent SoundGraph iMON devices
- LP: #488443
* Input: ALPS - add interleaved protocol support (Dell E6x00 series)
- LP: #296610
* acerhdf: limit modalias matching to supported
- LP: #509730
* ASoC: Do not write to invalid registers on the wm9712.
- LP: #509730
* cifs: NULL out tcon, pSesInfo, and srvTcp pointers when chasing DFS
referrals
- LP: #509730
* clockevents: Prevent clockevent_devices list corruption on cpu hotplug
- LP: #509730
* dma: at_hdmac: correct incompatible type for argument 1 of
'spin_lock_bh'
- LP: #509730
* drivers/net/usb: Correct code taking the size of a pointer
- LP: #509730
* Libertas: fix buffer overflow in lbs_get_essid()
- LP: #509730
* md: Fix unfortunate interaction with evms
- LP: #509730
* pata_cmd64x: fix overclocking of UDMA0-2 modes
- LP: #509730
* pata_hpt3x2n: fix clock turnaround
- LP: #509730
* SCSI: fc class: fix fc_transport_init error handling
- LP: #509730
* sound: sgio2audio/pdaudiocf/ usb-audio: initialize PCM buffer
- LP: #509730
* USB: emi62: fix crash when trying to load EMI 6|2 firmware
- LP: #509730
* USB: Fix a bug on appledisplay.c regarding signedness
- LP: #509730
* USB: musb: gadget_ep0: avoid SetupEnd interrupt
- LP: #509730
* USB: option: support hi speed for modem Haier CE100
- LP: #490068, #509730
* x86, cpuid: Add "volatile" to asm in native_cpuid()
- LP: #509730
* e100: Use pci pool to work around GFP_ATOMIC order 5 memory allocation
failure
- LP: #509730
* e100: Fix broken cbs accounting due to missing memset.
- LP: #509730
* hostap: Revert a toxic part of the conversion to net_device_ops
- LP: #509730
* hwmon: (fschmd) Fix check on unsigned in watchdog_write()
- LP: #509730
* hwmon: (sht15) Off-by-one error in array index + incorrect constants
- LP: #509730
* i2c/tsl2550: Fix lux value in extended mode
- LP: #509730
* ipv6: reassembly: use seperate reassembly queues for conntrack and
local delivery
- LP: #509730
* S390: dasd: support DIAG access for read-only devices
- LP: #509730
* udf: Try harder when looking for VAT inode
- LP: #509730
* V4L/DVB (13596): ov511.c typo: lock => unlock
- LP: #509730
* x86/ptrace: make genregs[32]_get/set more robust
- LP: #509730
* XFS bug in log recover with quota (bugzilla id 855)
- LP: #509730
* generic_permission: MAY_OPEN is not write access
- LP: #509730
* memcg: avoid oom-killing innocent task in case of use_hierarchy
- LP: #509730
* Input: atkbd - add force relese key quirk for Samsung R59P/R60P/R61P
- LP: #253874, #509730
* Add unlocked version of inode_add_bytes() function
- LP: #509730
* ext4: fix sleep inside spinlock issue with quota and dealloc (#14739)
- LP: #509730
* Linux 2.6.31.10
- LP: #509730
* Linux 2.6.31.11
- LP: #509730
* quota: decouple fs reserved space from quota reservation
- LP: #510674
* ext4: Convert to generic reserved quota's space management.
- LP: #510674
* hwmon: (adt7462) Fix pin 28 monitoring
- LP: #510674
* netfilter: nf_ct_ftp: fix out of bounds read in update_nl_seq()
- LP: #510674
* quota: Fix dquot_transfer for filesystems different from ext4
- LP: #510674
* fix braindamage in audit_tree.c untag_chunk()
- LP: #510674
* fix more leaks in audit_tree.c tag_chunk()
- LP: #510674
* ACPI: sleep: another HP DMI entry for init_set_sci_en_ on_resume
- LP: #453963, #510674
* ACPI: add DMI entry for SCI_EN resume quirk on HP dv4
- LP: #453963, #510674
* ACPI: sleep: another HP/Compaq DMI entries for
init_set_sci_ en_on_resume
- LP: #453963, #510674
* ACPI: DMI init_set_sci_en_ on_resume for HP-Compaq C700
- LP: #453963, #510674
* Linux 2.6.31.12
- LP: #510674 - 7. By Leann Ogasawara
-
[ Leann Ogasawara ]
* Rebase to 2.6.31-19.56
* XEN: untangle the do_mremap() mess[ Ubuntu: 2.6.31-19.56 ]
* [Upstream] e1000: enhance frame fragment detection
- CVE-2009-4536
* [Upstream] e1000e: enhance frame fragment detection
- CVE-2009-4538
* hfs: fix a potential buffer overflow
- CVE-2009-4020
* KVM: x86 emulator: limit instructions to 15 bytes
- CVE-2009-4031
* ext4: Avoid null pointer dereference when decoding EROFS w/o a journal
- CVE-2009-4308
* firewire: ohci: handle receive packets with a data length of zero
- CVE-2009-4138
* fasync: split 'fasync_helper()' into separate add/remove functions
- CVE-2009-4141
* ipv6: skb_dst() can be NULL in ipv6_hop_jumbo().
- CVE-2010-0006
* kernel/signal.c: fix kernel information leak with print-fatal-signals= 1
- CVE-2010-0003
* netfilter: ebtables: enforce CAP_NET_ADMIN
- CVE-2010-0007
* untangle the do_mremap() mess
- CVE-2010-0291
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp://staging/ubuntu/lucid/linux-ec2
