| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 1 Aug 2010 02:19:19 -0400 From: Chuck Ebbert <cebbert@...hat.com> To: Greg KH <gregkh@...e.de> Cc: linux-kernel@...r.kernel.org, stable@...nel.org, stable-review@...nel.org, torvalds@...ux-foundation.org, akpm@...ux-foundation.org, alan@...rguk.ukuu.org.uk, "Theodore Ts'o" <tytso@....edu> Subject: Re: [000/165] 2.6.32.17-rc1 -stable review On Fri, 30 Jul 2010 10:15:50 -0700 Greg KH <gregkh@...e.de> wrote: > > This is the start of the stable review cycle for the 2.6.32.17 release. > There are 165 patches in this series, all will be posted as a response > to this one. If anyone has any issues with these being applied, please > let us know. If anyone is a maintainer of the proper subsystem, and > wants to add a Signed-off-by: line to the patch, please respond with it. > > Responses should be made by August 1, 2010, 18:00:00 UTC. > Anything received after that time might be too late. > > The whole patch series can be found in one patch at: > kernel.org/pub/linux/kernel/v2.6/stable-review/patch-2.6.32.17-rc1.gz > and the diffstat can be found below. > I still don't see this one in 2.6.32-stable: commit 1f5a81e41f8b1a782c68d3843e9ec1bfaadf7d72 upstream. Subject: ext4: Make sure the MOVE_EXT ioctl can't overwrite append-only files This fixes CVE-2010-2066; I'm pretty sure 2.6.32 is vulnerable. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists