[ddh-sys] apt-listchanges: changelogs for less

root root op ddh.nl
Wo mei 20 11:42:07 CEST 2009

linux-2.6 (2.6.26-15lenny2) stable-security; urgency=high

  * mips: implement is_compat_task macro, fixing FTBFS introduced
    by CVE-2009-0835 fix.

 -- dann frazier <dannf op debian.org>  Mon, 11 May 2009 11:57:56 -0600

linux-2.6 (2.6.26-15lenny1) stable-security; urgency=high

  * copy_process: fix CLONE_PARENT && parent_exec_id interaction
  * [amd64] syscall-audit: fix 32/64 syscall hole (CVE-2009-0834)
  * seccomp: fix 32/64 syscall hole (CVE-2009-0835)
  * shm: fix shmctl(SHM_INFO) lockup with !CONFIG_SHMEM (CVE-2009-0859)
    This issue does not effect pre-build Debian kernels.
  * Fix an off-by-two memory error in console selection (CVE-2009-1046)
  * nfsd: drop CAP_MKNOD for non-root (CVE-2009-1072)
  * af_rose/x25: Sanity check the maximum user frame size (CVE-2009-1265)
  * KVM: VMX: Don't allow uninhibited access to EFER on i386 (CVE-2009-1242)
  * exit_notify: kill the wrong capable(CAP_KILL) check (CVE-2009-1337)
  * Make 'kill sig -1' only apply to caller's namespace (CVE-2009-1338)
  * cifs: Fix memory overwrite when saving nativeFileSystem field during mount
  * agp: zero pages before sending to userspace (CVE-2009-1192)
  * Fix unreached code in selinux_ip_postroute_iptables_compat()

 -- dann frazier <dannf op debian.org>  Mon, 04 May 2009 16:10:11 -0600

linux-2.6 (2.6.26-15) stable; urgency=high

  * Switch out mips/llseek regression fix for the less invasive one
    that is more likely to be accepted upstream.

 -- dann frazier <dannf op debian.org>  Wed, 25 Mar 2009 16:48:44 -0600

linux-2.6 (2.6.26-14) stable; urgency=high

  [ Moritz Muehlenhoff ]
  * Add support for Acer Aspire One with ALC269 codec chip. (Closes: #505250)
  * Allow authenticated deep NFS mounts, a regression from etch
    (Closes: #512031)
  * ALSA HDA hardware support (closes: #514567)
    - Backport ALSA driver quirks for various HP notebooks
    - Add appletv support
    - Fix SPDIF output on AD1989B
    - Add ALC887 support
    - Add support for Dell Studio 15
    - Add support for MEDION MD96630
    - Support Asus P5Q Premium/Pro boards
    - Add support for ECS/PC Chips boards with Sigmatel codecs
    - Add support for Toshiba L305
  * Add USB mass storage quirk for "Kyocera / Contax SL300R T*" digital
    cameras. (Closes: #518899)
  * ALSA: Fix OOPS with MIDI in caiaq driver. (Closes: #518900)
  * Add USB mass storage quirks (Closes: #520561)
     - Nikon D300 and Nikon D2H cameras
     - Mio C520-GPS units and Mio Moov 330 GPS
     - Nokia phones: 7610, Supernova, 3500c, 3109c, 5300 and 5310
     - Nokia 6233 (Closes: #493415)
  * [cifs] Fix oops when mounting servers that don't specify their OS
    (Closes: #463402)
  * Remove invalid truesize detection (Closes: #509716)

  [ dann frazier ]
  * Fix softlockups in sungem driver (Closes: #514624)
  * intel-agp: Add support for G41 chipset (Closes: #513228)
  * [openvz] 777e816 Fix wrong size of ub0_percpu.
    (Closes: #500876, #503097, #514149)
  * [openvz] b5e1f74 Fix oops in netlink conntrack module when loaded after
    a ve start (Closes: #511165)
  * [openvz] 6d18ba3 CPT: revert check on sk_reuse>1 (Closes: #500645)
  * Fixes for CVE-2009-0029 broke uml compilation; fix.
  * [openvz] 20bd907 simfs: fix oops if filesystem passes NULL mnt arg to
    getattr. (Closes: #508773)
  * Add -fwrapv to CFLAGS to prevent gcc from optimizing out certain
    wrap tests. (Closes: #520548)
  * Bump ABI to 2.
  * [parisc] Fix the loading of large kernel modules (Closes: #401439)
  * Make the max number of lockd connections configurable and increase
    the default from 80 to the more reasonable 1024 (Closes: #520379)
  * [x86, vmi] Fix missing paravirt_release_pmd in pgd_dtor (Closes: #520677)
  * [mips64] Fix sign extend issue in llseek syscall (Closes: #521016)

  [ Martin Michlmayr ]
  * rt2x00: Fix VGC lower bound initialization. (Closes: #510607)
  * sata_mv: Fix 8-port timeouts on 508x/6081 chips (Closes: #514155)
  * sata_mv: Properly initialize main irq mask.
  * IP32: Add platform device for CMOS RTC; remove dead code.
  * [mips/r5k-ip32] Build in RTC_DRV_CMOS. (Closes: #516775)
  * [arm, armel] Enable USB_HIDDEV. (Closes: #517771)
  * [arm, armel] Enable various V4L USB devices. (Closes: #518582)
  * [arm/iop32x, arm/ixp4xx, arm/orion5x] Enable INPUT_JOYDEV, GAMEPORT
    and INPUT_JOYSTICK (Closes: #520433).

  [ Bastian Blank ]
  * [sparc] Revert: Reintroduce dummy PCI host controller to workaround broken
    X.org. Not supportable and breaks to many things.
  * [amd64] Fix errno on nonexistant syscalls. (closes: #518921)

  [ Ian Campbell ]
  * [nfs] Backport upstream patches to fix NFS "task blocked for more than 120
    seconds" issue (Closes: #518431)
  [ Aurelien Jarno ]
  * [mips/mipsel] Fix errno on inexistent syscalls. (Closes: #520034).

  [ maximilian attems ]
  * [openvz] 849af42 [UB]: Double free for UDP socket.
  * [openvz] 7ebcbe3 autofs: fix default pgrp vnr.
  * [openvz] 17b09e1 conntrack: prevent double allocate/free of protos.
    (closes: #494445)
  * [openvz] 7d3f10f conntrack: prevent call register_pernet_subsys() from VE
  * [openvz] 482dd20 conntrack: prevent call nf_register_hooks() from VE
  * [openvz] ff3483a Fix erratum that causes memory corruption.
  * [openvz] 5fff3eb conntrack: adjust context during freeing.
  * [openvz] 3cb8bc3 netfilter: NAT: assign nf_nat_seq_adjust_hook from VE0
    context only.
  * [openvz] 4909102 netfilter: call nf_register_hooks from VE0 context only.
  * [openvz] ce67d5b iptables: setup init iptables mask before net
  * [openvz] 134416f Correct per-process capabilities bounding set in CT.
  * [openvz] 029cecb cpt: Make the proper check for sigmask.
  * [openvz] 86d7416 ms: fix inotify umount.
  * [openvz] c5c1032 Don't dereference NULL tsk->mm in ve_move_task.
  * [openvz] 5c591ae bridge: don't leak master device on brctl addif.
  * [openvz] c578262 net: NETIF_F_VIRTUAL intersects with NETIF_F_LRO.
  * [openvz] 8aa7044 Fix broken permissions for Unix98 pty.
  * [openvz] 09686c1 Free skb->nf_bridge in veth_xmit() and venet_xmit().
  * [openvz] 397500c autofs4: fix ia32 compat mode.
  * [openvz] 0328e3d pidns: update leader_pid at pidns attach.
  * [openvz] 66ec7f7 nfs: fix nfs clinet in VE (finally).
  * [openvz] 4fc3a18 cpt: bump image version to VERSION_26.
  * [openvz] 2a08380 nfs: add missed ve_nfs.h file.
  * [openvz] 4c9010e autofs4: pidns friendly oz_mode.
  * [openvz] 2c1b2f7 conntrack: Allocate/free ve_nf_conntrack_l3proto_ipv6.
  * [openvz] e29a555 ct: Move _nf_conntrack_l3proto_ipv6 to net namespace.
  * [openvz] 4355344 conntrack: fix oops in nf_ct_frag6_gather.
  * [openvz] bd5e806 Add "VE features" for sit and ipip devices.
  * [openvz] 9baf6095 Simplify call __dev_change_net_namespace() by remove
  * [openvz] 35f41f11 Adjust VE before call
  * [openvz] 83ea78e netns: fix net_generic array leak.
  * [openvz] ce67d5b iptables: setup init iptables mask before net
  * [openvz] fffc6ff net: set ve context when init/exit method is called.
    (closes: #517892, #520740)
  * [openvz] 6b9fe02 vzwdog: walk through the block devices list properly.
  * [openvz] 6b9fe02 netns: enable cross-ve Unix sockets.
  * [openvz] 1acba85 netfilter: Fix NULL dereference in nf_nat_setup_info.
  * [openvz] b405aed netfilter: Add check to the nat hooks.
  * [openvz] b8b70c7 nfs: Fix access to freed memory.
  * [openvz] 840ea01 NFS: NFS super blocks in different VEs should be
  * [openvz] 14131d2 ve: sanitize capability checks for namespaces creation.
  * [openvz] 39bb1ee nfs: Fix nfs_match_client(). (closes: #501985)
  * [openvz] 32e9103 Add do_ve_enter_hook.
  * [openvz] d4988b6 Add kthread_create_ve() and kthread_run_ve() functions.
  * [openvz] ba0ce90 nfs: use kthread_run_ve to start lockd. (closes: #505174)
  * [openvz] 672ab37 pidns: lost task debug print uses wrong prototype.
  * [openvz] d876c93 pidns: zap ve process only when killing ve's init pid-ns.
  * [openvz] 9abe1a6 bc: fix permissions on /proc/bc.
  * [openvz] Reenable NF_CONNTRACK_IPV6.

 -- dann frazier <dannf op debian.org>  Sun, 22 Mar 2009 14:09:23 -0600

ntp (1:4.2.4p4+dfsg-8lenny2) stable-security; urgency=high

  * Fixed stack buffer overflow in ntpd (CVE-2009-1252)

 -- Peter Eisentraut <petere op debian.org>  Sun, 10 May 2009 20:09:47 +0300

ntp (1:4.2.4p4+dfsg-8lenny1) stable-security; urgency=high

  * Fixed limited buffer overflow in ntpq (CVE-2009-0159) (closes: #525373)

 -- Peter Eisentraut <petere op debian.org>  Sat, 25 Apr 2009 00:38:54 +0300

More information about the ddh-sys mailing list