kernel-image-2.4.27-m68k (2.4.27-3sarge7) oldstable-security; urgency=high

  * Build against kernel-tree-2.4.27-10sarge7:
    * [ERRATA] 268_ext2_readdir-f_pos-fix-2.diff
      Fix regression caused by 258_ext2_readdir-f_pos-fix.diff which can
      cause lock ups on ext2 mounts.

 -- dann frazier <dannf@debian.org>  Tue, 04 Mar 2008 00:23:10 -0700

kernel-image-2.4.27-m68k (2.4.27-3sarge6) oldstable-security; urgency=high

  * Build against kernel-tree-2.4.27-10sarge6:
    * 239_mincore-hang.diff
      [SECURITY] Fix a potential deadlock in mincore
      See CVE-2006-4814
    * [ERRATA] 240_smbfs-honor-mount-opts-2.diff
      Fix some regressions with respect to file types (e.g., symlinks)
      introduced by the fix for CVE-2006-5871 in 2.4.27-10sarge5
    * 241_bluetooth-capi-size-checks.diff
      [SECURITY] Add additional length checks to avoid potential remote
      DoS attacks in the handling of CAPI messages in the bluetooth driver
      See CVE-2006-6106
    * 242_ext3-fsfuzz.diff
      [SECURITY] Fix a DoS vulnerability that can be triggered by a local
      user with the ability to mount a corrupted ext3 filesystem
      See CVE-2006-6053
    * 243_ipv6_fl_socklist-no-share.diff
      [SECURITY] Fix local DoS vulnerability caused by inadvertently sharing
      ipv6_fl_socklist between the listening socket and the socket created
      for connection.
      See CVE-2007-1592
    * 244_bluetooth-l2cap-hci-info-leaks.diff
      245_bluetooth-l2cap-hci-info-leaks-2.diff
      [SECURITY] Fix information leaks in setsockopt() implementations
      See CVE-2007-1353
    * 246_dn_fib-out-of-bounds.diff
      266_ipv4-fib_props-out-of-bounds.diff
      267_ipv4-fib_props-out-of-bounds-2.diff
      [SECURITY] Fix out of bounds condition in dn_fib_props[]
      See CVE-2007-2172
    * 247_reset-pdeathsig-on-suid.diff
      [SECURITY] Fix potential privilege escalation caused by improper
      clearing of the child process' pdeath signal.
      Thanks to Marcel Holtmann for the patch.
      See CVE-2007-3848
    * 248_random-reseed-sizeof-fix.diff
      [SECURITY] Fix a bug in the random driver reseeding code that reduces
      entropy by reseeding a smaller buffer size than expected
      See CVE-2007-4311
    * 249_openpromfs-signedness-bug.diff
      250_openpromfs-checks-1.diff
      251_openpromfs-checks-2.diff
      252_openpromfs-checks-3.diff
      [SECURITY] Fix a number of data checks in openprom code
      See CVE-2004-2731
    * 253_coredump-only-to-same-uid.diff
      [SECURITY] Fix an issue where core dumping over a file that
      already exists retains the ownership of the original file
      See CVE-2007-6206
    * 254_cramfs-check-block-length.diff
      [SECURITY] Add a sanity check of the block length in cramfs_readpage to
      avoid a potential oops condition
      See CVE-2006-5823
    * 255_pppoe-socket-release-mem-leak.diff
      [SECURITY] fix unpriveleged memory leak when a PPPoE socket is released
      after connect but before PPPIOCGCHAN ioctl is called upon it
      See CVE-2007-2525
    * 256_i4l-isdn_ioctl-mem-overrun.diff
      [SECURITY] Fix potential isdn ioctl memory overrun
      See CVE-2007-6151
    * 257_isdn-net-overflow.diff
      [SECURITY] Fix potential overflows in the ISDN subsystem
      See CVE-2007-6063
    * 258_ext2_readdir-f_pos-fix.diff,
      259_ext2_readdir-infinite-loop.diff,
      260_ext2-skip-pages-past-num-blocks.diff
      [SECURITY] Add some sanity checking for a corrupted i_size in
      ext2_find_entry()
      See CVE-2006-6054
    * 261_listxattr-mem-corruption.diff
      [SECURITY] Fix userspace corruption vulnerability caused by
      incorrectly promoted return values in bad_inode_ops
      This patches changes the kernel ABI.
      See CVE-2006-5753
    * 262_aacraid-ioctl-perm-check.diff
      [SECURITY] Require admin capabilities to issue ioctls to aacraid devices
      See CVE-2007-4308
    * 263_usb-pwc-disconnect-block.diff
      [SECURITY] Fix issue with unplugging webcams that use the pwc driver.
      If userspace still has the device open it can result, the driver would
      wait for the device to close, blocking the USB subsystem.
      See CVE-2007-5093
    * 264_mmap-VM_DONTEXPAND.diff
      [SECURITY] Add VM_DONTEXPAND to vm_flags in drivers that register
      a fault handler but do not bounds check the offset argument
      See CVE-2008-0007
    * 265_powerpc-chrp-null-deref.diff
      [SECURITY][powerpc] Fix NULL pointer dereference if get_property
      fails on the subarchitecture
      See CVE-2007-6694

 -- dann frazier <dannf@debian.org>  Mon, 18 Feb 2008 04:27:46 -0700

kernel-image-2.4.27-m68k (2.4.27-3sarge5) stable-security; urgency=high

  * Build against kernel-tree-2.4.27-10sarge5:
    * 233_ia64-sparc-cross-region-mappings.diff
      [SECURITY] Prevent cross-region mappings on ia64 and sparc which
      could be used in a local DoS attack (system crash)
      See CVE-2006-4538
    * 234_atm-clip-freed-skb-deref.diff
      [SECURITY] Avoid dereferencing an already freed skb, preventing a
      potential remote DoS (system crash) vector
      See CVE-2006-4997
    * 235_ppc-alignment-exception-table-check.diff
      [SECURITY][ppc] Avoid potential DoS which can be triggered by some
      futex ops
      See CVE-2006-5649
    * 236_s390-uaccess-memleak.diff
      [SECURITY][s390] Fix memory leak in copy_from_user by clearing the
      remaining bytes of the kernel buffer after a fault on the userspace
      address in copy_from_user()
      See CVE-2006-5174
    * 237_smbfs-honor-mount-opts.diff
      Honor uid, gid and mode mount options for smbfs even when unix extensions
      are enabled (closes: #310982)
      See CVE-2006-5871
    * 238_ppc-hid0-dos.diff
      [SECURITY] [ppc] Fix local DoS by clearing HID0 attention enable on
      PPC970 at boot time
      See CVE-2006-4093

 -- dann frazier <dannf@debian.org>  Tue,  5 Dec 2006 02:23:02 -0700

kernel-image-2.4.27-m68k (2.4.27-3sarge4) stable-security; urgency=high

  * Build against kernel-tree-2.4.27-10sarge4:
    * [ERRATA] 213_madvise_remove-restrict.diff
      [SECURITY] The 2.4.27-10sarge3 changelog associated this patch with
      CVE-2006-1524. However, this patch fixes an mprotect issue that was
      split off from the original report into CVE-2006-2071. 2.4.27 is not
      vulnerable to CVE-2006-1524 the madvise_remove issue.
      See CVE-2006-2071
    * 223_nfs-handle-long-symlinks.diff
      [SECURITY] Fix buffer overflow in NFS readline handling that allows a
      remote server to cause a denial of service (crash) via a long symlink
      See CVE-2005-4798
    * 224_cdrom-bad-cgc.buflen-assign.diff
      [SECURITY] Fix buffer overflow in dvd_read_bca which could potentially
      be used by a local user to trigger a buffer overflow via a specially
      crafted DVD, USB stick, or similar automatically mounted device.
      See CVE-2006-2935
    * 225_sg-no-mmap-VM_IO.diff
      [SECURITY] Fix DoS vulnerability whereby a local user could attempt
      a dio/mmap and cause the sg driver to oops.
      See CVE-2006-1528
    * 226_snmp-nat-mem-corruption-fix.diff
      [SECURITY] Fix memory corruption in snmp_trap_decode
      See CVE-2006-2444
    * 227_kfree_skb.diff
      [SECURITY] Fix race between kfree_skb and __skb_unlink
      See CVE-2006-2446
    * 228_sparc-mb-extraneous-semicolons.diff
      Fix a syntax error caused by extranous semicolons in smp_mb() macros
      which resulted in a build failure with 227_kfree_skb.diff
    * 229_sctp-priv-elevation.diff, 230_sctp-priv-elevation-2.diff
      [SECURITY] Fix SCTP privelege escalation
      See CVE-2006-3745
    * 231_udf-deadlock.diff
      [SECURITY] Fix possible UDF deadlock and memory corruption
      See CVE-2006-4145
    * 232_sparc-membar-extraneous-semicolons.diff
      Fix an additional syntax error caused by extraneous semicolons
      in membar macros on sparc

 -- dann frazier <dannf@debian.org>  Wed, 13 Sep 2006 20:21:24 -0600

kernel-image-2.4.27-m68k (2.4.27-3sarge3) stable-security; urgency=high

  * Build against kernel-tree-2.4.27-10sarge3:
    * 207_smbfs-chroot-escape.diff
      [SECURITY] Fix directory traversal vulnerability in smbfs that permits
      local users to escape chroot restrictions
      See CVE-2006-1864
    * 208_ia64-die_if_kernel-returns.diff
      [SECURITY][ia64] Fix a potential local DoS on ia64 systems caused by
      an incorrect 'noreturn' attribute on die_if_kernel()
      See CVE-2006-0742
    * 209_sctp-discard-unexpected-in-closed.diff
      [SECURITY] Fix remote DoS in SCTP code by discarding unexpected chunks
      received in CLOSED state instead of calling BUG()
      See CVE-2006-2271
    * 210_ipv4-id-no-increment.diff
      [SECURITY] Fix vulnerability that allows remote attackers to conduct an
      Idle Scan attack, bypassing intended protections against such attacks
      See CVE-2006-1242
    * 211_usb-gadget-rndis-bufoverflow.diff
      [SECURITY] Fix buffer overflow in the USB Gadget RNDIS implementation
      that allows for a remote DoS attack (kmalloc'd memory corruption)
      See CVE-2006-1368
    * 212_ipv4-sin_zero_clear.diff
      [SECURITY] Fix local information leak in af_inet code
      See CVE-2006-1343
    * 213_madvise_remove-restrict.diff
      [SECURITY] Fix vulnerability that allows local users to bypass IPC
      permissions and replace portions of read-only tmpfs files with zeroes.
      See CVE-2006-1524
    * 214_mcast-ip-route-null-deref.diff
      [SECURITY] Fix local DoS vulnerability that allows local users to panic
      a system by requesting a route for a multicast IP
      See CVE-2006-1525
    * 215_sctp-fragment-recurse.diff
      [SECURITY] Fix remote DoS vulnerability that can lead to infinite
      recursion when a packet containing two or more DATA fragments is received
      See CVE-2006-2274
    * 216_sctp-fragmented-receive-fix.diff
      [SECURITY] Fix remote DoS vulnerability that allows IP fragmented
      COOKIE_ECHO and HEARTBEAT SCTP control chunks to cause a kernel panic
      See CVE-2006-2272
    * 217_amd64-fp-reg-leak.diff
      [SECURITY][amd64] Fix an information leak that allows a process to see
      a portion of the floating point state of other processes, possibly
      exposing sensitive information.
      See CVE-2006-1056
    * 218_do_add_counters-race.diff
      [SECURITY] Fix race condition in the do_add_counters() function in
      netfilter that allows local users with CAP_NET_ADMIN capabilities to
      read kernel memory
      See CVE-2006-0039
    * 219_sctp-hb-ack-overflow.diff
      [SECURITY] Fix a remote buffer overflow that can result from a badly
      formatted HB-ACK chunk
      See CVE-2006-1857
    * 220_sctp-param-bound-checks.diff
      [SECURITY] Fix a bound checking error (remote DoS) in the SCTP parameter
      checking code
      See CVE-2006-1858
    * 221_netfilter-do_replace-overflow.diff
      [SECURITY] Fix buffer overflow in netfilter do_replace which can could
      be triggered by users with CAP_NET_ADMIN rights.
      See CVE-2006-0038
    * 222_binfmt-bad-elf-entry-address.diff
      [SECURITY][amd64] Fix potential local DoS vulnerability in the binfmt_elf
      code on em64t processors
      See CVE-2006-0741

 -- dann frazier <dannf@debian.org>  Wed, 31 May 2006 10:05:58 -0600

kernel-image-2.4.27-m68k (2.4.27-3sarge2) stable-security; urgency=high

  * Build against kernel-source 2.4.27-10sarge2

 -- Christian T. Steigies <cts@debian.org>  Sun, 12 Feb 2006 13:15:17 +0100

kernel-image-2.4.27-m68k (2.4.27-3sarge1) stable-security; urgency=high

  * build against kernel-source-2.4.27 (2.4.27-10sarge1)

 -- Christian T. Steigies <cts@debian.org>  Tue, 30 Aug 2005 11:19:05 +0200

kernel-image-2.4.27-m68k (2.4.27-3) unstable; urgency=high

  * rebuild with kernel-source-2.4.27-8

 -- Christian T. Steigies <cts@debian.org>  Wed, 12 Jan 2005 22:07:22 +0100

kernel-image-2.4.27-m68k (2.4.27-2) unstable; urgency=high

  * CONFIG_SINGLE_MEMORY_CHUNK and CONFIG_060_WRITETHROUGH 
    defined for mvme16x, otherwise the kernel crashes
  * also activate CONFIG_SINGLE_MEMORY_CHUNK for mvme147 and bvme6000

 -- Christian T. Steigies <cts@debian.org>  Wed,  8 Sep 2004 21:40:02 +0200

kernel-image-2.4.27-m68k (2.4.27-1) unstable; urgency=medium

  * Initial release.

 -- Christian T. Steigies <cts@debian.org>  Sun,  8 Aug 2004 16:55:17 +0200
