Debian Package Tracker

Date: Wed, 15 May 2013 15:51:51 +0000
From: dann frazier <dannf@debian.org>
To: <debian-changes@lists.debian.org>
Subject: Accepted user-mode-linux 2.6.32-1um-4+48squeeze3 (source amd64)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 14 May 2013 09:27:34 -0600
Source: user-mode-linux
Binary: user-mode-linux
Architecture: source amd64
Version: 2.6.32-1um-4+48squeeze3
Distribution: squeeze-security
Urgency: high
Maintainer: User Mode Linux Maintainers <pkg-uml-pkgs@lists.alioth.debian.org>
Changed-By: dann frazier <dannf@debian.org>
Description: 
 user-mode-linux - User-mode Linux (kernel)
Closes: 704437
Changes: 
 user-mode-linux (2.6.32-1um-4+48squeeze3) squeeze-security; urgency=high
 .
   * Rebuild against linux-source-2.6.32 (2.6.32-48squeeze1):
     * USB: io_ti: Fix NULL dereference in chase_port() (CVE-2013-1774)
     * keys: fix race with concurrent install_user_keyrings() (CVE-2013-1792)
     * atm: update msg_namelen in vcc_recvmsg() (CVE-2013-3222)
     * ax25: fix info leak via msg_name in ax25_recvmsg() (CVE-2013-3223)
     * Bluetooth: fix possible info leak in bt_sock_recvmsg() (CVE-2013-3224)
     * Bluetooth: RFCOMM - Fix missing msg_namelen update in
       rfcomm_sock_recvmsg() (CVE-2013-3225)
     * irda: Fix missing msg_namelen update in irda_recvmsg_dgram()
       (CVE-2013-3228)
     * iucv: Fix missing msg_namelen update in iucv_sock_recvmsg()
       (CVE-2013-3229)
     * llc: Fix missing msg_namelen update in llc_ui_recvmsg() (CVE-2013-3231)
     * rose: fix info leak via msg_name in rose_recvmsg() (CVE-2013-3234)
     * tipc: fix info leaks via msg_name in recv_msg/recv_stream (CVE-2013-3235)
     * ext4: AIO vs fallocate stale data exposure (CVE-2012-4508)
     * ext4: avoid hang when mounting non-journal filesystems with orphan list
       (CVE-2013-2015)
     * ptrace: Fix ptrace when task is in task_is_stopped() state
       (regression in 2.6.32-48squeeze1) (Closes: #704437)
     * [x86] KVM: unmap pages from the iommu when slots are removed
       (CVE-2012-2121)
     * inet: add RCU protection to inet->opt (CVE-2012-3552)
     * [x86] KVM: invalid opcode oops on SET_SREGS with OSXSAVE bit set
       (CVE-2012-4461)
     * xfrm_user: fix info leaks in copy_to_user_{policy,state,tmpl}()
       (CVE-2012-6537)
     * net: fix info leak in compat dev_ifconf() (CVE-2012-6539)
     * ipvs: fix info leak in getsockopt(IP_VS_SO_GET_TIMEOUT) (CVE-2012-6540)
     * llc: fix info leak via getsockname() (CVE-2012-6542)
     * Bluetooth: Fix information leaks (CVE-2012-6544, CVE-2012-6545)
     * atm: Fix information leaks (CVE-2012-6546)
     * udf: avoid info leak on export (CVE-2012-6548)
     * isofs: avoid info leak on export (CVE-2012-6549)
     * Bluetooth: Fix incorrect strncpy() in hidp_setup_hid() (CVE-2013-0349)
     * signal: always clear sa_restorer on execve (CVE-2013-0914)
     * tmpfs: fix use-after-free of mempolicy object (CVE-2013-1767)
     * fat: Fix stat->f_namelen
     * NLS: improve UTF8 -> UTF16 string conversion routine (CVE-2013-1773)
     * KVM: x86: fix for buffer overflow in handling of MSR_KVM_SYSTEM_TIME
       (CVE-2013-1796)
     * KVM: Fix bounds checking in ioapic indirect register reads (CVE-2013-1798)
     * xfrm_user: return error pointer instead of NULL (CVE-2013-1826)
     * USB: cdc-wdm: fix buffer overflow (CVE-2013-1860)
     * dcbnl: Fix netlink info leak (CVE-2013-2634)
     * intel-iommu: Flush unmaps at domain_exit
     * fs/compat_ioctl.c: VIDEO_SET_SPU_PALETTE missing error check
       (CVE-2013-1928)
     * tg3: fix length overflow in VPD firmware parsing (CVE-2013-1929)
Checksums-Sha1: 
 6b5f5b9554c64ccb4ad73d856caddb30b97f24ef 2070 user-mode-linux_2.6.32-1um-4+48squeeze3.dsc
 18c782b9fe19ced63d38a7214fd3bd1fe2cec7d3 24988 user-mode-linux_2.6.32-1um-4+48squeeze3.diff.gz
 a0d7fb826c4d8b76d776174610715bf781b34d68 7095782 user-mode-linux_2.6.32-1um-4+48squeeze3_amd64.deb
Checksums-Sha256: 
 e2c3881506128775c14f0484722c375d474f0b63b6a000f4121ee75a3a647f84 2070 user-mode-linux_2.6.32-1um-4+48squeeze3.dsc
 ff930d0e5216365dbdfe8fd51af420251dff606975b5cf01392475d624666035 24988 user-mode-linux_2.6.32-1um-4+48squeeze3.diff.gz
 00b1a9e07487dbdedf68cdabfc27378807ce6a62d12777c3fbb34d458ece4562 7095782 user-mode-linux_2.6.32-1um-4+48squeeze3_amd64.deb
Files: 
 f8b66ecfdb726a737ff34862803eb51d 2070 kernel extra user-mode-linux_2.6.32-1um-4+48squeeze3.dsc
 a7fc426220f19bb5c0e4983d751117dd 24988 kernel extra user-mode-linux_2.6.32-1um-4+48squeeze3.diff.gz
 aa4544794bb5fd9f9bba49dec5249222 7095782 kernel extra user-mode-linux_2.6.32-1um-4+48squeeze3_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJRkm3oAAoJEBv4PF5U/IZAdDIP/1OoG9smXjZtsMQFPQ0e7eEA
wrOwO4hJedwhc9EyuCepONtiz/7Q8qDrbjWLYmhXxFEHNi2BvLg/YHArozyfqA9S
fUmRvv92FnRd23PG3v3ZOSmkrJbVeBvTiWdN0ji857HowyWDGcqRSOiMeIj+xNzb
gkh1aPIdoR2bkAmpO7xqkN4UdPwFGfS5cLJqoN1zpfiucySkTo5RiCo38JDmCHn5
IIie1fNOMuRpBAWGMOwqcMeKVkLdqC+IzpCIyzBHykicFOGWGanLjLM8tU4XG+85
C4H0xto/l44OXyWYsYtY5bmMyTTbtCjoDdt4hVqzAIc16Qi0lZTLsER+8Pk9pMzi
cC6//rY5K4sUh/TZ3ZBShby4ZUnbcsFpDmmzxFkWrjRaua8P5nuOCxqNgtvYD3wj
eBysvSEqy7pKyfANybjUm8flygS+5bwrqH0f5AwI6J4ckUHKjmAeJrQFbsAnrqYM
K2BZIcYRn4hfzgXVZ5r1cXWNv3qddDfVNxUWINGeUVBBOi+a1nk40ciSiriluTf+
pqNnHr8aHAbSfxB+va+Zzai69+y8XHIj77FSGqwedv4lrA9y5bwcjcc5J9aqe/2d
yF5KUA0KH8Ci39XvytJtw3X3uD370V0Vn81nHsq8voVYH4U9Hd7ZZ0u0cgsaPi4N
b7AFWA3AVS3R5EbB5IL8
=jkB1
-----END PGP SIGNATURE-----
News for package user-mode-linux
