| 1 |
On Wed, 25 Sep 2013 17:13:14 +0000 (UTC) |
| 2 |
TomWij@g.o (Tom Wijsman ) wrote: |
| 3 |
|
| 4 |
> This is an automated email announcing the release of |
| 5 |
> genpatches-3.10.7-1 |
| 6 |
> |
| 7 |
> PATCHES |
| 8 |
> ------- |
| 9 |
> |
| 10 |
> When the website updates, the complete patch list and split-out |
| 11 |
> patches will be available here: |
| 12 |
> http://dev.gentoo.org/~mpagano/genpatches/patches-3.10.7-1.htm |
| 13 |
> http://dev.gentoo.org/~mpagano/genpatches/tarballs/genpatches-3.10.7-1.base.tar.bz2 |
| 14 |
> http://dev.gentoo.org/~mpagano/genpatches/tarballs/genpatches-3.10.7-1.extras.tar.bz2 |
| 15 |
> http://dev.gentoo.org/~mpagano/genpatches/tarballs/genpatches-3.10.7-1.experimental.tar.bz2 |
| 16 |
|
| 17 |
If you are wondering what this is... |
| 18 |
|
| 19 |
This is a revision bump to =sys-kernel/gentoo-sources-3.10.7, it |
| 20 |
backports some stability and security fixes that are a bit more |
| 21 |
important than the usual fixes; here is the summary: |
| 22 |
|
| 23 |
|
| 24 |
Revision 2497: |
| 25 |
Import 3.10-13 (3.10.7 release) as 3.10.7 branch, to bring security |
| 26 |
fixes to stable. (tomwij) |
| 27 |
|
| 28 |
Revision 2498: |
| 29 |
fs/proc/task_mmu.c: fix buffer overflow in add_page_map() reported by |
| 30 |
stintel on IRC, backported from 3.10.8. (tomwij) |
| 31 |
Added: 1500_task-mmu_fix-buffer-overflow-in-add_page_map.patch |
| 32 |
|
| 33 |
Revision 2517: |
| 34 |
Added CVE-2013-4300 patch to 3.10 and 3.10.7 branches for security bug |
| 35 |
#483614. (tomwij) |
| 36 |
Added: |
| 37 |
1500_CVE-2013-4300-net-Check-the-correct-namespace-when-spoofing-pid-ov.patch |
| 38 |
|
| 39 |
Revision 2527: |
| 40 |
Added patches for HID security flaws for CVE-2013-2888 - CVE-2013-2899, |
| 41 |
see bug #482896 for more information. (tomwij) |
| 42 |
Added: 1500_CVE-2013-2888-HID-validate-HID-report-id-size.patch |
| 43 |
Added: |
| 44 |
1500_CVE-2013-2889-HID-zeroplus-validate-output-report-details.patch |
| 45 |
Added: |
| 46 |
1500_CVE-2013-2891-HID-steelseries-validate-output-report-details.patch |
| 47 |
Added: |
| 48 |
1500_CVE-2013-2892-HID-pantherlord-validate-output-report-details.patch |
| 49 |
Added: |
| 50 |
1500_CVE-2013-2894-HID-lenovo-tpkbd-validate-output-report-details.patch |
| 51 |
Added: |
| 52 |
1500_CVE-2013-2895-HID-logitech-dj-validate-output-report-details.patch |
| 53 |
Added: |
| 54 |
1500_CVE-2013-2896-HID-ntrig-validate-feature-report-details.patch |
| 55 |
Added: 1500_CVE-2013-2897-HID-multitouch-validate-indexes-details.patch |
| 56 |
Added: |
| 57 |
1500_CVE-2013-2898-HID-sensor-hub-validate-feature-report-details.patch |
| 58 |
Added: |
| 59 |
1500_CVE-2013-2899-HID-picolcd_core-validate-output-report-details.patch |
| 60 |
Added: 1500_HID-check-for-NULL-field-when-setting-values.patch |
| 61 |
Added: 1500_HID-provide-a-helper-for-validating-hid-reports.patch |
| 62 |
|
| 63 |
|
| 64 |
The commit message used for =sys-kernel/gentoo-sources-3.10.7-r1: |
| 65 |
|
| 66 |
|
| 67 |
Revision bump for 3.10.7. Fixed an important buffer overflow in |
| 68 |
add_page_map() causing kernel panics, backported from 3.10.8; reported |
| 69 |
by stintel on IRC. Fixed PID Spoofing Privilege Escalation, backported |
| 70 |
from 3.11, see bug #483614; CVE-2013-4300. Fixed multiple HID security |
| 71 |
flaws, backported from GregKH's stable queue and Linus' master, see bug |
| 72 |
#482896; from CVE-2013-2888 till CVE-2013-2899. Users that had kernel |
| 73 |
panics due to buffer overflows or need additional security are |
| 74 |
suggested to update. |
| 75 |
|
| 76 |
|
| 77 |
Not sure if anybody needs this information, just added for completeness. |
| 78 |
|
| 79 |
-- |
| 80 |
With kind regards, |
| 81 |
|
| 82 |
Tom Wijsman (TomWij) |
| 83 |
Gentoo Developer |
| 84 |
|
| 85 |
E-mail address : TomWij@g.o |
| 86 |
GPG Public Key : 6D34E57D |
| 87 |
GPG Fingerprint : C165 AF18 AB4C 400B C3D2 ABF0 95B2 1FCD 6D34 E57D |
Archives