[ddh-sys] apt-listchanges: changelogs for less
root
root op ddh.nl
Wo mei 20 11:42:07 CEST 2009
linux-2.6 (2.6.26-15lenny2) stable-security; urgency=high
* mips: implement is_compat_task macro, fixing FTBFS introduced
by CVE-2009-0835 fix.
-- dann frazier <dannf op debian.org> Mon, 11 May 2009 11:57:56 -0600
linux-2.6 (2.6.26-15lenny1) stable-security; urgency=high
* copy_process: fix CLONE_PARENT && parent_exec_id interaction
(CVE-2009-0028)
* [amd64] syscall-audit: fix 32/64 syscall hole (CVE-2009-0834)
* seccomp: fix 32/64 syscall hole (CVE-2009-0835)
* shm: fix shmctl(SHM_INFO) lockup with !CONFIG_SHMEM (CVE-2009-0859)
This issue does not effect pre-build Debian kernels.
* Fix an off-by-two memory error in console selection (CVE-2009-1046)
* nfsd: drop CAP_MKNOD for non-root (CVE-2009-1072)
* af_rose/x25: Sanity check the maximum user frame size (CVE-2009-1265)
* KVM: VMX: Don't allow uninhibited access to EFER on i386 (CVE-2009-1242)
* exit_notify: kill the wrong capable(CAP_KILL) check (CVE-2009-1337)
* Make 'kill sig -1' only apply to caller's namespace (CVE-2009-1338)
* cifs: Fix memory overwrite when saving nativeFileSystem field during mount
(CVE-2009-1439)
* agp: zero pages before sending to userspace (CVE-2009-1192)
* Fix unreached code in selinux_ip_postroute_iptables_compat()
(CVE-2009-1184)
-- dann frazier <dannf op debian.org> Mon, 04 May 2009 16:10:11 -0600
linux-2.6 (2.6.26-15) stable; urgency=high
* Switch out mips/llseek regression fix for the less invasive one
that is more likely to be accepted upstream.
-- dann frazier <dannf op debian.org> Wed, 25 Mar 2009 16:48:44 -0600
linux-2.6 (2.6.26-14) stable; urgency=high
[ Moritz Muehlenhoff ]
* Add support for Acer Aspire One with ALC269 codec chip. (Closes: #505250)
* Allow authenticated deep NFS mounts, a regression from etch
(Closes: #512031)
* ALSA HDA hardware support (closes: #514567)
- Backport ALSA driver quirks for various HP notebooks
- Add appletv support
- Fix SPDIF output on AD1989B
- Add ALC887 support
- Add support for Dell Studio 15
- Add support for MEDION MD96630
- Support Asus P5Q Premium/Pro boards
- Add support for ECS/PC Chips boards with Sigmatel codecs
- Add support for Toshiba L305
* Add USB mass storage quirk for "Kyocera / Contax SL300R T*" digital
cameras. (Closes: #518899)
* ALSA: Fix OOPS with MIDI in caiaq driver. (Closes: #518900)
* Add USB mass storage quirks (Closes: #520561)
- Nikon D300 and Nikon D2H cameras
- Mio C520-GPS units and Mio Moov 330 GPS
- Nokia phones: 7610, Supernova, 3500c, 3109c, 5300 and 5310
- Nokia 6233 (Closes: #493415)
* [cifs] Fix oops when mounting servers that don't specify their OS
(Closes: #463402)
* Remove invalid truesize detection (Closes: #509716)
[ dann frazier ]
* Fix softlockups in sungem driver (Closes: #514624)
* intel-agp: Add support for G41 chipset (Closes: #513228)
* [openvz] 777e816 Fix wrong size of ub0_percpu.
(Closes: #500876, #503097, #514149)
* [openvz] b5e1f74 Fix oops in netlink conntrack module when loaded after
a ve start (Closes: #511165)
* [openvz] 6d18ba3 CPT: revert check on sk_reuse>1 (Closes: #500645)
* Fixes for CVE-2009-0029 broke uml compilation; fix.
* [openvz] 20bd907 simfs: fix oops if filesystem passes NULL mnt arg to
getattr. (Closes: #508773)
* Add -fwrapv to CFLAGS to prevent gcc from optimizing out certain
wrap tests. (Closes: #520548)
* Bump ABI to 2.
* [parisc] Fix the loading of large kernel modules (Closes: #401439)
* Make the max number of lockd connections configurable and increase
the default from 80 to the more reasonable 1024 (Closes: #520379)
* [x86, vmi] Fix missing paravirt_release_pmd in pgd_dtor (Closes: #520677)
* [mips64] Fix sign extend issue in llseek syscall (Closes: #521016)
[ Martin Michlmayr ]
* rt2x00: Fix VGC lower bound initialization. (Closes: #510607)
* sata_mv: Fix 8-port timeouts on 508x/6081 chips (Closes: #514155)
* sata_mv: Properly initialize main irq mask.
* IP32: Add platform device for CMOS RTC; remove dead code.
* [mips/r5k-ip32] Build in RTC_DRV_CMOS. (Closes: #516775)
* [arm, armel] Enable USB_HIDDEV. (Closes: #517771)
* [arm, armel] Enable various V4L USB devices. (Closes: #518582)
* [arm/iop32x, arm/ixp4xx, arm/orion5x] Enable INPUT_JOYDEV, GAMEPORT
and INPUT_JOYSTICK (Closes: #520433).
[ Bastian Blank ]
* [sparc] Revert: Reintroduce dummy PCI host controller to workaround broken
X.org. Not supportable and breaks to many things.
* [amd64] Fix errno on nonexistant syscalls. (closes: #518921)
[ Ian Campbell ]
* [nfs] Backport upstream patches to fix NFS "task blocked for more than 120
seconds" issue (Closes: #518431)
[ Aurelien Jarno ]
* [mips/mipsel] Fix errno on inexistent syscalls. (Closes: #520034).
[ maximilian attems ]
* [openvz] 849af42 [UB]: Double free for UDP socket.
* [openvz] 7ebcbe3 autofs: fix default pgrp vnr.
* [openvz] 17b09e1 conntrack: prevent double allocate/free of protos.
(closes: #494445)
* [openvz] 7d3f10f conntrack: prevent call register_pernet_subsys() from VE
context.
* [openvz] 482dd20 conntrack: prevent call nf_register_hooks() from VE
context.
* [openvz] ff3483a Fix erratum that causes memory corruption.
* [openvz] 5fff3eb conntrack: adjust context during freeing.
* [openvz] 3cb8bc3 netfilter: NAT: assign nf_nat_seq_adjust_hook from VE0
context only.
* [openvz] 4909102 netfilter: call nf_register_hooks from VE0 context only.
* [openvz] ce67d5b iptables: setup init iptables mask before net
initialization.
* [openvz] 134416f Correct per-process capabilities bounding set in CT.
* [openvz] 029cecb cpt: Make the proper check for sigmask.
* [openvz] 86d7416 ms: fix inotify umount.
* [openvz] c5c1032 Don't dereference NULL tsk->mm in ve_move_task.
* [openvz] 5c591ae bridge: don't leak master device on brctl addif.
* [openvz] c578262 net: NETIF_F_VIRTUAL intersects with NETIF_F_LRO.
* [openvz] 8aa7044 Fix broken permissions for Unix98 pty.
* [openvz] 09686c1 Free skb->nf_bridge in veth_xmit() and venet_xmit().
* [openvz] 397500c autofs4: fix ia32 compat mode.
* [openvz] 0328e3d pidns: update leader_pid at pidns attach.
* [openvz] 66ec7f7 nfs: fix nfs clinet in VE (finally).
* [openvz] 4fc3a18 cpt: bump image version to VERSION_26.
* [openvz] 2a08380 nfs: add missed ve_nfs.h file.
* [openvz] 4c9010e autofs4: pidns friendly oz_mode.
* [openvz] 2c1b2f7 conntrack: Allocate/free ve_nf_conntrack_l3proto_ipv6.
* [openvz] e29a555 ct: Move _nf_conntrack_l3proto_ipv6 to net namespace.
* [openvz] 4355344 conntrack: fix oops in nf_ct_frag6_gather.
* [openvz] bd5e806 Add "VE features" for sit and ipip devices.
* [openvz] 9baf6095 Simplify call __dev_change_net_namespace() by remove
parameters.
* [openvz] 35f41f11 Adjust VE before call
netdev_unregister_kobject/netdev_register_kobject.
* [openvz] 83ea78e netns: fix net_generic array leak.
* [openvz] ce67d5b iptables: setup init iptables mask before net
initialization.
* [openvz] fffc6ff net: set ve context when init/exit method is called.
(closes: #517892, #520740)
* [openvz] 6b9fe02 vzwdog: walk through the block devices list properly.
* [openvz] 6b9fe02 netns: enable cross-ve Unix sockets.
* [openvz] 1acba85 netfilter: Fix NULL dereference in nf_nat_setup_info.
* [openvz] b405aed netfilter: Add check to the nat hooks.
* [openvz] b8b70c7 nfs: Fix access to freed memory.
* [openvz] 840ea01 NFS: NFS super blocks in different VEs should be
different.
* [openvz] 14131d2 ve: sanitize capability checks for namespaces creation.
* [openvz] 39bb1ee nfs: Fix nfs_match_client(). (closes: #501985)
* [openvz] 32e9103 Add do_ve_enter_hook.
* [openvz] d4988b6 Add kthread_create_ve() and kthread_run_ve() functions.
* [openvz] ba0ce90 nfs: use kthread_run_ve to start lockd. (closes: #505174)
* [openvz] 672ab37 pidns: lost task debug print uses wrong prototype.
* [openvz] d876c93 pidns: zap ve process only when killing ve's init pid-ns.
* [openvz] 9abe1a6 bc: fix permissions on /proc/bc.
* [openvz] Reenable NF_CONNTRACK_IPV6.
-- dann frazier <dannf op debian.org> Sun, 22 Mar 2009 14:09:23 -0600
ntp (1:4.2.4p4+dfsg-8lenny2) stable-security; urgency=high
* Fixed stack buffer overflow in ntpd (CVE-2009-1252)
-- Peter Eisentraut <petere op debian.org> Sun, 10 May 2009 20:09:47 +0300
ntp (1:4.2.4p4+dfsg-8lenny1) stable-security; urgency=high
* Fixed limited buffer overflow in ntpq (CVE-2009-0159) (closes: #525373)
-- Peter Eisentraut <petere op debian.org> Sat, 25 Apr 2009 00:38:54 +0300
More information about the ddh-sys
mailing list