Bug #816550 “CVE-2011-1493” : Bugs : linux package : Ubuntu

Revision history for this message

Kees Cook (kees) wrote on 2011-07-26:

#1

CVE-2011-1493

tags:	added: kernel-cve-tracking-bug
security vulnerability:	no → yes

Kees Cook (kees) on 2011-07-26

Changed in linux-lts-backport-natty (Ubuntu Oneiric):
status:	New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Hardy):
status:	New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Maverick):
status:	New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Natty):
status:	New → Invalid
Changed in linux-mvl-dove (Ubuntu Oneiric):
status:	New → Invalid
Changed in linux-mvl-dove (Ubuntu Hardy):
status:	New → Invalid
Changed in linux-mvl-dove (Ubuntu Natty):
status:	New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Oneiric):
status:	New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Hardy):
status:	New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Maverick):
status:	New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Natty):
status:	New → Invalid
Changed in linux (Ubuntu Oneiric):
status:	New → Invalid
Changed in linux-ti-omap4 (Ubuntu Lucid):
status:	New → Invalid
Changed in linux-ti-omap4 (Ubuntu Oneiric):
status:	New → Fix Committed
Changed in linux-ti-omap4 (Ubuntu Hardy):
status:	New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Oneiric):
status:	New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Hardy):
status:	New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Maverick):
status:	New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Natty):
status:	New → Invalid
description:	updated

Andy Whitcroft (apw) on 2011-07-28

Changed in linux (Ubuntu Natty):
assignee:	nobody → Andy Whitcroft (apw)
status:	New → In Progress
Changed in linux (Ubuntu Maverick):
assignee:	nobody → Andy Whitcroft (apw)
status:	New → In Progress

Andy Whitcroft (apw) on 2011-07-28

Changed in linux (Ubuntu Lucid):
assignee:	nobody → Andy Whitcroft (apw)
status:	New → In Progress
Changed in linux-fsl-imx51 (Ubuntu Lucid):
assignee:	nobody → Andy Whitcroft (apw)
status:	New → In Progress
Changed in linux-lts-backport-maverick (Ubuntu Lucid):
status:	New → In Progress
Changed in linux-lts-backport-natty (Ubuntu Lucid):
assignee:	nobody → Andy Whitcroft (apw)
assignee:	Andy Whitcroft (apw) → nobody
status:	New → In Progress

Andy Whitcroft (apw) on 2011-07-28

Changed in linux-ti-omap4 (Ubuntu Natty):
assignee:	nobody → Andy Whitcroft (apw)
status:	New → In Progress
Changed in linux-ti-omap4 (Ubuntu Maverick):
assignee:	nobody → Andy Whitcroft (apw)
status:	New → In Progress
Changed in linux-mvl-dove (Ubuntu Lucid):
status:	New → In Progress
Changed in linux-mvl-dove (Ubuntu Maverick):
status:	New → In Progress

Andy Whitcroft (apw) on 2011-07-28

Changed in linux (Ubuntu Hardy):
assignee:	nobody → Andy Whitcroft (apw)
status:	New → In Progress

Tim Gardner (timg-tpi) on 2011-07-28

Changed in linux (Ubuntu Hardy):
status:	In Progress → Fix Committed

Tim Gardner (timg-tpi) on 2011-07-28

Changed in linux-fsl-imx51 (Ubuntu Lucid):
status:	In Progress → Fix Committed
Changed in linux (Ubuntu Lucid):
status:	In Progress → Fix Committed
Changed in linux-ti-omap4 (Ubuntu Maverick):
status:	In Progress → Fix Committed
Changed in linux (Ubuntu Maverick):
status:	In Progress → Fix Committed
Changed in linux-ti-omap4 (Ubuntu Natty):
status:	In Progress → Fix Committed
Changed in linux (Ubuntu Natty):
status:	In Progress → Fix Committed

Kees Cook (kees) on 2011-08-02

Changed in linux-lts-backport-natty (Ubuntu Lucid):
status:	In Progress → Fix Committed
Changed in linux-mvl-dove (Ubuntu Lucid):
status:	In Progress → Fix Committed
Changed in linux-mvl-dove (Ubuntu Maverick):
status:	In Progress → Fix Committed
Changed in linux-lts-backport-maverick (Ubuntu Lucid):
status:	In Progress → Fix Committed

Kees Cook (kees) on 2011-08-10

Changed in linux-ec2 (Ubuntu Lucid):
status:	New → Fix Committed
Changed in linux-ec2 (Ubuntu Oneiric):
status:	New → Invalid
Changed in linux-ec2 (Ubuntu Hardy):
status:	New → Invalid
Changed in linux-ec2 (Ubuntu Maverick):
status:	New → Invalid
Changed in linux-ec2 (Ubuntu Natty):
status:	New → Invalid
description:	updated

Kees Cook (kees) on 2011-08-16

Changed in linux-ec2 (Ubuntu Lucid):
importance:	Undecided → Low
Changed in linux-ec2 (Ubuntu Oneiric):
importance:	Undecided → Low
Changed in linux-ec2 (Ubuntu Hardy):
importance:	Undecided → Low
Changed in linux-ec2 (Ubuntu Maverick):
importance:	Undecided → Low
Changed in linux-ec2 (Ubuntu Natty):
importance:	Undecided → Low
Changed in linux-lts-backport-natty (Ubuntu Lucid):
importance:	Undecided → Low
Changed in linux-lts-backport-natty (Ubuntu Oneiric):
importance:	Undecided → Low
Changed in linux-lts-backport-natty (Ubuntu Hardy):
importance:	Undecided → Low
Changed in linux-lts-backport-natty (Ubuntu Maverick):
importance:	Undecided → Low
Changed in linux-lts-backport-natty (Ubuntu Natty):
importance:	Undecided → Low
Changed in linux-mvl-dove (Ubuntu Lucid):
importance:	Undecided → Low
Changed in linux-mvl-dove (Ubuntu Oneiric):
importance:	Undecided → Low
Changed in linux-mvl-dove (Ubuntu Hardy):
importance:	Undecided → Low
Changed in linux-mvl-dove (Ubuntu Maverick):
importance:	Undecided → Low
Changed in linux-mvl-dove (Ubuntu Natty):
importance:	Undecided → Low
Changed in linux-lts-backport-maverick (Ubuntu Lucid):
importance:	Undecided → Low
Changed in linux-lts-backport-maverick (Ubuntu Oneiric):
importance:	Undecided → Low
Changed in linux-lts-backport-maverick (Ubuntu Hardy):
importance:	Undecided → Low
Changed in linux-lts-backport-maverick (Ubuntu Maverick):
importance:	Undecided → Low
Changed in linux-lts-backport-maverick (Ubuntu Natty):
importance:	Undecided → Low
Changed in linux (Ubuntu Lucid):
importance:	Undecided → Low
Changed in linux (Ubuntu Oneiric):
importance:	Undecided → Low
Changed in linux (Ubuntu Hardy):
importance:	Undecided → Low
Changed in linux (Ubuntu Maverick):
importance:	Undecided → Low
Changed in linux (Ubuntu Natty):
importance:	Undecided → Low
Changed in linux-ti-omap4 (Ubuntu Lucid):
importance:	Undecided → Low
Changed in linux-ti-omap4 (Ubuntu Oneiric):
importance:	Undecided → Low
Changed in linux-ti-omap4 (Ubuntu Hardy):
importance:	Undecided → Low
Changed in linux-ti-omap4 (Ubuntu Maverick):
importance:	Undecided → Low
Changed in linux-ti-omap4 (Ubuntu Natty):
importance:	Undecided → Low
Changed in linux-fsl-imx51 (Ubuntu Lucid):
importance:	Undecided → Low
Changed in linux-fsl-imx51 (Ubuntu Oneiric):
importance:	Undecided → Low
Changed in linux-fsl-imx51 (Ubuntu Hardy):
importance:	Undecided → Low
Changed in linux-fsl-imx51 (Ubuntu Maverick):
importance:	Undecided → Low
Changed in linux-fsl-imx51 (Ubuntu Natty):
importance:	Undecided → Low
description:	updated

Revision history for this message

Launchpad Janitor (janitor) wrote on 2011-08-19:

#2

This bug was fixed in the package linux - 2.6.24-29.93

---------------
linux (2.6.24-29.93) hardy-proposed; urgency=low

[Herton R. Krzesinski]

* Release Tracking Bug
- LP: #823912

[Upstream Kernel Changes]

  * close races in /proc/*/{environ,auxv}, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * dccp: fix oops on Reset after close, CVE-2011-1093
    - LP: #814087
    - CVE-2011-1093
  * Bluetooth: sco: fix information leak to userspace, CVE-2011-1078
    - LP: #816542
    - CVE-2011-1078
  * Bluetooth: bnep: fix buffer overflow, CVE-2011-1079
    - LP: #816544
    - CVE-2011-1079
  * bridge: netfilter: fix information leak, CVE-2011-1080
    - LP: #816545
    - CVE-2011-1080
  * char/tpm: Fix unitialized usage of data buffer, CVE-2011-1160
    - LP: #816546
    - CVE-2011-1160
  * irda: validate peer name and attribute lengths, CVE-2011-1180
    - LP: #816547
    - CVE-2011-1180
  * rose_loopback_timer sets VC number <= ROSE_DEFAULT_MAXVC, CVE-2011-1493
    - LP: #816550
    - CVE-2011-1493
  * ROSE: prevent heap corruption with bad facilities, CVE-2011-1493
    - LP: #816550
    - CVE-2011-1493
  * rose: Add length checks to CALL_REQUEST parsing, CVE-2011-1493
    - LP: #816550
    - CVE-2011-1493
  * Bluetooth: l2cap and rfcomm: fix 1 byte infoleak to userspace.
    - LP: #819569
    - CVE-2011-2492
-- Herton Ronaldo Krzesinski <email address hidden> Wed, 10 Aug 2011 10:07:45 -0300

Changed in linux (Ubuntu Hardy):
status:	Fix Committed → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2011-09-13:

#3

Download full text (6.2 KiB)

This bug was fixed in the package linux-fsl-imx51 - 2.6.31-610.28

---------------
linux-fsl-imx51 (2.6.31-610.28) lucid-proposed; urgency=low

* Release tracking bug
- LP: #837802

[ Upstream Kernel Changes ]

  * ipv6: make fragment identifications less predictable, CVE-2011-2699
    - LP: #827685
    - CVE-2011-2699
  * perf: Fix software event overflow, CVE-2011-2918
    - LP: #834121
    - CVE-2011-2918
  * proc: fix oops on invalid /proc/<pid>/maps access, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020

linux-fsl-imx51 (2.6.31-610.27) lucid-proposed; urgency=low

* Release tracking bug
- LP: #829160

[ Upstream Kernel Changes ]

  * fs/partitions/efi.c: corrupted GUID partition tables can cause kernel
    oops
    - LP: #795418
    - CVE-2011-1577
  * Fix corrupted OSF partition table parsing
    - LP: #796606
    - CVE-2011-1163
  * can: Add missing socket check in can/bcm release.
    - LP: #796502
    - CVE-2011-1598
  * proc: protect mm start_code/end_code in /proc/pid/stat
    - LP: #799906
    - CVE-2011-0726
  * sctp: Fix a race between ICMP protocol unreachable and connect()
  * tty: Make tiocgicount a handler, CVE-2010-4076, CVE-2010-4077
    - LP: #794034
    - CVE-2010-4077
  * filter: make sure filters dont read uninitialized memory CVE-2010-4158
    - LP: #721282
    - CVE-2010-4158
  * bio: take care not overflow page count when mapping/copying user data
    CVE-2010-4162
    - LP: #721441
    - CVE-2010-4162
  * block: check for proper length of iov entries in blk_rq_map_user_iov()
    - LP: #721504
    - CVE-2010-4163
  * block: check for proper length of iov entries earlier in
    blk_rq_map_user_iov(), CVE-2010-4163
    - LP: #721504
    - CVE-2010-4163
  * rds: Integer overflow in RDS cmsg handling, CVE-2010-4175
    - LP: #721455
    - CVE-2010-4175
  * bluetooth: Fix missing NULL check CVE-2010-4242
    - LP: #714846
    - CVE-2010-4242
  * IB/uverbs: Handle large number of entries in poll CQ CVE-2010-4649
    - LP: #800121
    - CVE-2010-4649
  * epoll: prevent creating circular epoll structures CVE-2011-1082
    - LP: #800758
    - CVE-2011-1082
  * nfs4: Ensure that ACL pages sent over NFS were not allocated from the
    slab (v3) CVE-2011-1090
    - LP: #800775
  * ldm: corrupted partition table can cause kernel oops CVE-2011-1012
    - LP: #801083
    - CVE-2011-1012
  * netfilter: ipt_CLUSTERIP: fix buffer overflow CVE-2011-2534
    - LP: #801473
    - CVE-2011-2534
  * netfilter: arp_tables: fix infoleak to userspace CVE-2011-1170
    - LP: #801480
    - CVE-2011-1170
  * netfilter: ip_tables: fix infoleak to userspace CVE-2011-1171
    - LP: #801482
    - CVE-2011-1171
  * ipv6: netfilter: ip6_tables: fix infoleak to userspace CVE-2011-1172
    - LP: #801483
    - CVE-2011-1172
  * econet: 4 byte infoleak to the network CVE-2011-1173
    - LP: #801484
    - CVE-2011-1173
  * net: Limit socket I/O iovec total length to INT_MAX.
    - LP: #708839
  * fs/partitions: Validate map_count in Mac partition tables -
    CVE-2011-1010
    - LP: #804225
    - CVE-2011-1010
  * drm: fix unsigned vs signed comparison issue in modeset ctl ioctl,
    CVE-2011-1013
    - LP: #804229
    - CVE-2011-1013
...

This bug was fixed in the package linux-ti-omap4 - 2.6.35-903.24

---------------
linux-ti-omap4 (2.6.35-903.24) maverick-proposed; urgency=low

* Release tracking bug
    - LP: #838037

[ Upstream Kernel Changes ]

* ipv6: make fragment identifications less predictable, CVE-2011-2699
    - LP: #827685
    - CVE-2011-2699
  * perf: Fix software event overflow, CVE-2011-2918
    - LP: #834121
    - CVE-2011-2918
  * proc: fix oops on invalid /proc/<pid>/maps access, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020

linux-ti-omap4 (2.6.35-903.23) maverick-proposed; urgency=low

* Release tracking bug
    - LP: #829655

[ Upstream Kernel Changes ]

* drm/radeon/kms: check AA resolve registers on r300, CVE-2011-1016
    - LP: #745686
    - CVE-2011-1016
  * drm/radeon: fix regression with AA resolve checking, CVE-2011-1016
    - LP: #745686
    - CVE-2011-1016
  * can-bcm: fix minor heap overflow
    - LP: #690730
  * CAN: Use inode instead of kernel address for /proc file, CVE-2010-4565
    - LP: #765007
    - CVE-2010-4565
  * av7110: check for negative array offset
    - LP: #747520
  * xfs: prevent leaking uninitialized stack memory in FSGEOMETRY_V1,
    CVE-2011-0711
    - LP: #767740
    - CVE-2011-0711
  * ALSA: caiaq - Fix possible string-buffer overflow
    - LP: #747520
  * IB/cm: Bump reference count on cm_id before invoking callback,
    CVE-2011-0695
    - LP: #770369
    - CVE-2011-0695
  * RDMA/cma: Fix crash in request handlers, CVE-2011-0695
    - LP: #770369
    - CVE-2011-0695
  * Treat writes as new when holes span across page boundaries,
    CVE-2011-0463
    - LP: #770483
    - CVE-2011-0463
  * net: clear heap allocations for privileged ethtool actions
    - LP: #686158
  * usb: iowarrior: don't trust report_size for buffer size
    - LP: #747520
  * fs/partitions/ldm.c: fix oops caused by corrupted partition table,
    CVE-2011-1017
    - LP: #771382
    - CVE-2011-1017
  * Prevent rt_sigqueueinfo and rt_tgsigqueueinfo from spoofing the signal
    code
    - LP: #747520
  * Relax si_code check in rt_sigqueueinfo and rt_tgsigqueueinfo
    - LP: #747520
  * exec: make argv/envp memory visible to oom-killer
    - LP: #690730
  * next_pidmap: fix overflow condition
    - LP: #772560
  * proc: do proper range check on readdir offset
    - LP: #772560
  * ALSA: sound/pci/asihpi: check adapter index in hpi_ioctl, CVE-2011-1169
    - LP: #785331
    - CVE-2011-1169
  * mpt2sas: prevent heap overflows and unchecked reads, CVE-2011-1494
    - LP: #787145
    - CVE-2011-1494
  * agp: fix arbitrary kernel memory writes, CVE-1011-2022
    - LP: #788684
    - CVE-1011-2022
  * can: add missing socket check in can/raw release, CVE-2011-1748
    - LP: #788694
    - CVE-2011-1748
  * agp: fix OOM and buffer overflow
    - LP: #788700
  * drivers/net/cxgb3/cxgb3_main.c: prevent reading uninitialized stack
    memory - CVE-2010-3296
    - CVE-2010-3296
  * drivers/net/eql.c: prevent reading uninitialized stack memory -
    CVE-2010-3297
    - CVE-2010-3297
  * inet_diag: Make sure we actually run the same bytecode we audited,
    CVE-2010-3880
    - LP: #711865
    - CVE-2010-3880
  * setup_arg_pages: diagnose excessive argument size - CVE-2010-3858
    - LP: #672664
    - CVE-2010-3858
  * net: Truncate recvfrom and sendto length to INT_MAX - CVE-2010-3859
    - LP: #690730
    - CVE-2010-3859
  * net: Limit socket I/O iovec total length to INT_MAX - CVE-2010-3859
    - LP: #690730
    - CVE-2010-3859
  * ipc: initialize structure memory to zero for compat functions -
    CVE-2010-4073
    - LP: #690730
    - CVE-2010-4073
  * ALSA: sound/pci/rme9652: prevent reading uninitialized stack memory -
    CVE-2010-4080, CVE-2010-4081
    - LP: #672664
    - CVE-2010-4080, CVE-2010-4081
  * drivers/video/via/ioctl.c: prevent reading uninitialized stack memory -
    CVE-2010-4082
    - CVE-2010-4082
  * sys_semctl: fix kernel stack leakage, CVE-2010-4083
    - LP: #712749
    - CVE-2010-4083
  * gdth: integer overflow in ioctl - CVE-2010-4157
    - LP: #686158
    - CVE-2010-4157
  * bio: take care not overflow page count when mapping/copying user data -
    CVE-2010-4162
    - LP: #721441
    - CVE-2010-4162
  * bluetooth: Fix missing NULL check - CVE-2010-4242
    - LP: #686158
  * rds: Integer overflow in RDS cmsg handling, CVE-2010-4175
    - LP: #721455
    - CVE-2010-4175
  * perf_events: Fix perf_counter_mmap() hook in mprotect() - CVE-2010-4169
    - LP: #690730
    - CVE-2010-4169
  * block: check for proper length of iov entries in blk_rq_map_user_iov()
    - CVE-2010-4163
    - LP: #690730
    - CVE-2010-4163
  * block: check for proper length of iov entries earlier in
    blk_rq_map_user_iov(), CVE-2010-4163
    - LP: #721504
    - CVE-2010-4163
  * fs/partitions/efi.c: corrupted GUID partition tables can cause kernel
    oops
    - LP: #795418
    - CVE-2011-1577
  * Fix corrupted OSF partition table parsing
    - LP: #796606
    - CVE-2011-1163
  * can: Add missing socket check in can/bcm release.
    - LP: #796502
    - CVE-2011-1598
  * proc: protect mm start_code/end_code in /proc/pid/stat
    - LP: #799906
    - CVE-2011-0726
  * tty: icount changeover for other main devices, CVE-2010-4076,
    CVE-2010-4077
    - LP: #720189
    - CVE-2010-4077
  * tty: Make tiocgicount a handler, CVE-2010-4076, CVE-2010-4077
    - LP: #794034
    - CVE-2010-4077
  * posix-cpu-timers: workaround to suppress the problems with mt exec,
    CVE-2010-4248
    - LP: #712609
    - CVE-2010-4248
  * Rename 'pipe_info()' to 'get_pipe_info()' CVE-2010-4256
    - LP: #799805
    - CVE-2010-4256
  * Export 'get_pipe_info()' to other users CVE-2010-4256
    - LP: #799805
    - CVE-2010-4256
  * IB/uverbs: Handle large number of entries in poll CQ CVE-2010-4649
    - LP: #800121
    - CVE-2010-4649
  * nfs4: Ensure that ACL pages sent over NFS were not allocated from the
    slab (v3) CVE-2011-1090
    - LP: #800775
    - CVE-2011-1090
  * epoll: prevent creating circular epoll structures CVE-2011-1082
    - LP: #800758
    - CVE-2011-1082
  * xfs: zero proper structure size for geometry calls CVE-2011-0711
    - LP: #767740
    - CVE-2011-0711
  * ldm: corrupted partition table can cause kernel oops CVE-2011-1012
    - LP: #801083
    - CVE-2011-1012
  * netfilter: ipt_CLUSTERIP: fix buffer overflow CVE-2011-2534
    - LP: #801473
    - CVE-2011-2534
  * netfilter: arp_tables: fix infoleak to userspace CVE-2011-1170
    - LP: #801480
    - CVE-2011-1170
  * netfilter: ip_tables: fix infoleak to userspace CVE-2011-1171
    - LP: #801482
    - CVE-2011-1171
  * ipv6: netfilter: ip6_tables: fix infoleak to userspace CVE-2011-1172
    - LP: #801483
    - CVE-2011-1172
  * econet: 4 byte infoleak to the network CVE-2011-1173
    - LP: #801484
    - CVE-2011-1173
  * fs/partitions: Validate map_count in Mac partition tables CVE-2011-1010
    - LP: #804225
    - CVE-2011-1010
  * drm: fix unsigned vs signed comparison issue in modeset ctl ioctl
    CVE-2011-1013
    - LP: #804229
  * net: don't allow CAP_NET_ADMIN to load non-netdev kernel modules
    CVE-2011-1019
    - LP: #804366
    - CVE-2011-1019
  * exec: copy-and-paste the fixes into compat_do_execve() paths
    CVE-2010-4243
    - LP: #804234
    - CVE-2010-4243
  * taskstats: don't allow duplicate entries in listener mode,
    CVE-2011-2484
    - LP: #806390
    - CVE-2011-2484
  * dccp: handle invalid feature options length, CVE-2011-1770
    - LP: #806375
    - CVE-2011-1770
  * pagemap: close races with suid execve, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * report errors in /proc/*/*map* sanely, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * close race in /proc/*/environ, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * auxv: require the target to be tracable (or yourself), CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * deal with races in /proc/*/{syscall, stack, personality}, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * dccp: fix oops on Reset after close, CVE-2011-1093
    - LP: #814087
    - CVE-2011-1093
  * Bluetooth: sco: fix information leak to userspace, CVE-2011-1078
    - LP: #816542
    - CVE-2011-1078
  * Bluetooth: bnep: fix buffer overflow, CVE-2011-1079
    - LP: #816544
    - CVE-2011-1079
  * bridge: netfilter: fix information leak, CVE-2011-1080
    - LP: #816545
    - CVE-2011-1080
  * gro: Reset dev pointer on reuse, CVE-2011-1478
    - LP: #816549
    - CVE-2011-1478
  * gro: reset skb_iif on reuseu, CVE-2011-1478
    - LP: #816549
    - CVE-2011-1478
  * char/tpm: Fix unitialized usage of data buffer, CVE-2011-1160
    - LP: #816546
    - CVE-2011-1160
  * irda: validate peer name and attribute lengths, CVE-2011-1180
    - LP: #816547
    - CVE-2011-1180
  * ROSE: prevent heap corruption with bad facilities, CVE-2011-1493
    - LP: #816550
    - CVE-2011-1493
  * rose: Add length checks to CALL_REQUEST parsing, CVE-2011-1493
    - LP: #816550
    - CVE-2011-1493
  * Bluetooth: l2cap and rfcomm: fix 1 byte infoleak to userspace.
    - LP: #819569
    - CVE-2011-2492
  * Add mount option to check uid of device being mounted = expect uid,
    CVE-2011-1833
    - LP: #732628
    - CVE-2011-1833
 -- Paolo Pisati <paolo.pisati@canonical.com>   Wed, 31 Aug 2011 16:46:35 +0200

Changed in linux-ti-omap4 (Ubuntu Maverick):
status:	Fix Committed → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2011-09-13:

#6

This bug was fixed in the package linux - 2.6.35-30.59

---------------
linux (2.6.35-30.59) maverick-proposed; urgency=low

[Herton R. Krzesinski]

* Release Tracking Bug
- LP: #837449

[ Upstream Kernel Changes ]

  * Revert "drm/nv50-nvc0: work around an evo channel hang that some people
    see"
  * Revert "eCryptfs: Handle failed metadata read in lookup"

linux (2.6.35-30.58) maverick-proposed; urgency=low

[Herton R. Krzesinski]

* Release Tracking Bug
- LP: #828376

[ Upstream Kernel Changes ]

  * proc: fix oops on invalid /proc/<pid>/maps access, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020

linux (2.6.35-30.57) maverick-proposed; urgency=low

[Herton R. Krzesinski]

* Release Tracking Bug
- LP: #823306

[ Tim Gardner ]

  * SAUCE: rtl8192se: Force a build for a 2.6/3.0 kernel
    - LP: #805494
  * [Config] Add enic/fnic to udebs
    - LP: #801610

[ Upstream Kernel Changes ]

  * taskstats: don't allow duplicate entries in listener mode,
    CVE-2011-2484
    - LP: #806390
    - CVE-2011-2484
  * dccp: handle invalid feature options length, CVE-2011-1770
    - LP: #806375
    - CVE-2011-1770
  * eCryptfs: Handle failed metadata read in lookup
    - LP: #509180
  * pagemap: close races with suid execve, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * report errors in /proc/*/*map* sanely, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * close race in /proc/*/environ, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * auxv: require the target to be tracable (or yourself), CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * deal with races in /proc/*/{syscall, stack, personality}, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * rose: Add length checks to CALL_REQUEST parsing, CVE-2011-1493
    - LP: #816550
    - CVE-2011-1493
  * Bluetooth: l2cap and rfcomm: fix 1 byte infoleak to userspace.
    - LP: #819569
    - CVE-2011-2492
  * drm/nv50-nvc0: work around an evo channel hang that some people see
    - LP: #583760
-- Herton Ronaldo Krzesinski <email address hidden> Tue, 30 Aug 2011 12:11:13 -0300

This bug was fixed in the package linux - 2.6.35-30.59

---------------
linux (2.6.35-30.59) maverick-proposed; urgency=low

[Herton R. Krzesinski]

* Release Tracking Bug
    - LP: #837449

[ Upstream Kernel Changes ]

* Revert "drm/nv50-nvc0: work around an evo channel hang that some people
    see"
  * Revert "eCryptfs: Handle failed metadata read in lookup"

linux (2.6.35-30.58) maverick-proposed; urgency=low

[Herton R. Krzesinski]

* Release Tracking Bug
    - LP: #828376

[ Upstream Kernel Changes ]

* proc: fix oops on invalid /proc/<pid>/maps access, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020

linux (2.6.35-30.57) maverick-proposed; urgency=low

[Herton R. Krzesinski]

* Release Tracking Bug
    - LP: #823306

[ Tim Gardner ]

* SAUCE: rtl8192se: Force a build for a 2.6/3.0 kernel
    - LP: #805494
  * [Config] Add enic/fnic to udebs
    - LP: #801610

[ Upstream Kernel Changes ]

* taskstats: don't allow duplicate entries in listener mode,
    CVE-2011-2484
    - LP: #806390
    - CVE-2011-2484
  * dccp: handle invalid feature options length, CVE-2011-1770
    - LP: #806375
    - CVE-2011-1770
  * eCryptfs: Handle failed metadata read in lookup
    - LP: #509180
  * pagemap: close races with suid execve, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * report errors in /proc/*/*map* sanely, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * close race in /proc/*/environ, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * auxv: require the target to be tracable (or yourself), CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * deal with races in /proc/*/{syscall, stack, personality}, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * rose: Add length checks to CALL_REQUEST parsing, CVE-2011-1493
    - LP: #816550
    - CVE-2011-1493
  * Bluetooth: l2cap and rfcomm: fix 1 byte infoleak to userspace.
    - LP: #819569
    - CVE-2011-2492
  * drm/nv50-nvc0: work around an evo channel hang that some people see
    - LP: #583760
 -- Herton Ronaldo Krzesinski <herton.krzesinski@canonical.com>   Tue, 30 Aug 2011 12:11:13 -0300

Changed in linux (Ubuntu Maverick):
status:	Fix Committed → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2011-09-13:

#7

This bug was fixed in the package linux-lts-backport-maverick - 2.6.35-30.59~lucid1

---------------
linux-lts-backport-maverick (2.6.35-30.59~lucid1) lucid-proposed; urgency=low

[Herton R. Krzesinski]

* Release Tracking Bug
- LP: #838043

[ Upstream Kernel Changes ]

  * Revert "drm/nv50-nvc0: work around an evo channel hang that some people
    see"
  * Revert "eCryptfs: Handle failed metadata read in lookup"

linux (2.6.35-30.58) maverick-proposed; urgency=low

[Herton R. Krzesinski]

* Release Tracking Bug
- LP: #828376

[ Upstream Kernel Changes ]

  * proc: fix oops on invalid /proc/<pid>/maps access, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020

linux (2.6.35-30.57) maverick-proposed; urgency=low

[Herton R. Krzesinski]

* Release Tracking Bug
- LP: #823306

[ Tim Gardner ]

  * SAUCE: rtl8192se: Force a build for a 2.6/3.0 kernel
    - LP: #805494
  * [Config] Add enic/fnic to udebs
    - LP: #801610

[ Upstream Kernel Changes ]

  * taskstats: don't allow duplicate entries in listener mode,
    CVE-2011-2484
    - LP: #806390
    - CVE-2011-2484
  * dccp: handle invalid feature options length, CVE-2011-1770
    - LP: #806375
    - CVE-2011-1770
  * eCryptfs: Handle failed metadata read in lookup
    - LP: #509180
  * pagemap: close races with suid execve, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * report errors in /proc/*/*map* sanely, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * close race in /proc/*/environ, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * auxv: require the target to be tracable (or yourself), CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * deal with races in /proc/*/{syscall, stack, personality}, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * rose: Add length checks to CALL_REQUEST parsing, CVE-2011-1493
    - LP: #816550
    - CVE-2011-1493
  * Bluetooth: l2cap and rfcomm: fix 1 byte infoleak to userspace.
    - LP: #819569
    - CVE-2011-2492
  * drm/nv50-nvc0: work around an evo channel hang that some people see
    - LP: #583760

linux (2.6.35-30.56) maverick-proposed; urgency=low

[Herton R. Krzesinski]

* Release Tracking Bug
- LP: #808934

[ Herton Ronaldo Krzesinski ]

* Revert "SAUCE: mmc: Enable MMC card reader for RICOH [1180:e823]"

[ Upstream Kernel Changes ]

* Revert "x86: Flush TLB if PGD entry is changed in i386 PAE mode"
- LP: #805209
-- Herton Ronaldo Krzesinski <email address hidden> Thu, 01 Sep 2011 13:40:57 -0300

This bug was fixed in the package linux-lts-backport-maverick - 2.6.35-30.59~lucid1

---------------
linux-lts-backport-maverick (2.6.35-30.59~lucid1) lucid-proposed; urgency=low

[Herton R. Krzesinski]

* Release Tracking Bug
    - LP: #838043

[ Upstream Kernel Changes ]

* Revert "drm/nv50-nvc0: work around an evo channel hang that some people
    see"
  * Revert "eCryptfs: Handle failed metadata read in lookup"

linux (2.6.35-30.58) maverick-proposed; urgency=low

[Herton R. Krzesinski]

* Release Tracking Bug
    - LP: #828376

[ Upstream Kernel Changes ]

* proc: fix oops on invalid /proc/<pid>/maps access, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020

linux (2.6.35-30.57) maverick-proposed; urgency=low

[Herton R. Krzesinski]

* Release Tracking Bug
    - LP: #823306

[ Tim Gardner ]

* SAUCE: rtl8192se: Force a build for a 2.6/3.0 kernel
    - LP: #805494
  * [Config] Add enic/fnic to udebs
    - LP: #801610

[ Upstream Kernel Changes ]

* taskstats: don't allow duplicate entries in listener mode,
    CVE-2011-2484
    - LP: #806390
    - CVE-2011-2484
  * dccp: handle invalid feature options length, CVE-2011-1770
    - LP: #806375
    - CVE-2011-1770
  * eCryptfs: Handle failed metadata read in lookup
    - LP: #509180
  * pagemap: close races with suid execve, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * report errors in /proc/*/*map* sanely, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * close race in /proc/*/environ, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * auxv: require the target to be tracable (or yourself), CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * deal with races in /proc/*/{syscall, stack, personality}, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * rose: Add length checks to CALL_REQUEST parsing, CVE-2011-1493
    - LP: #816550
    - CVE-2011-1493
  * Bluetooth: l2cap and rfcomm: fix 1 byte infoleak to userspace.
    - LP: #819569
    - CVE-2011-2492
  * drm/nv50-nvc0: work around an evo channel hang that some people see
    - LP: #583760

linux (2.6.35-30.56) maverick-proposed; urgency=low

[Herton R. Krzesinski]

* Release Tracking Bug
    - LP: #808934

[ Herton Ronaldo Krzesinski ]

* Revert "SAUCE: mmc: Enable MMC card reader for RICOH [1180:e823]"

[ Upstream Kernel Changes ]

* Revert "x86: Flush TLB if PGD entry is changed in i386 PAE mode"
    - LP: #805209
 -- Herton Ronaldo Krzesinski <herton.krzesinski@canonical.com>   Thu, 01 Sep 2011 13:40:57 -0300

Changed in linux-lts-backport-maverick (Ubuntu Lucid):
status:	Fix Committed → Fix Released

Marc Deslauriers (mdeslaur) on 2011-09-19

Changed in linux-mvl-dove (Ubuntu Maverick):
status:	Fix Committed → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2011-09-21:

#8

Download full text (38.0 KiB)

This bug was fixed in the package linux-ti-omap4 - 2.6.38-1209.15

---------------
linux-ti-omap4 (2.6.38-1209.15) natty-proposed; urgency=low

* Release tracking bug
- LP: #837761

[ Paolo Pisati ]

* [Config] Turn on CONFIG_USER_NS and DEVPTS_MULTIPLE_INSTANCES.
- LP: #787749

[ Tim Gardner ]

* [Config] Add enic/fnic to nic-modules udeb, CVE-2011-1020
- LP: #801610

[ Upstream Kernel Changes ]

  * mpt2sas: prevent heap overflows and unchecked reads
    - LP: #780546
  * agp: fix arbitrary kernel memory writes
    - LP: #775809
  * can: add missing socket check in can/raw release
    - LP: #780546
  * agp: fix OOM and buffer overflow
    - LP: #775809
  * bonding: Incorrect TX queue offset, CVE-2011-1581
    - LP: #792312
    - CVE-2011-1581
  * fs/partitions/efi.c: corrupted GUID partition tables can cause kernel
    oops
    - LP: #795418
    - CVE-2011-1577
  * can: Add missing socket check in can/bcm release.
    - LP: #796502
    - CVE-2011-1598
  * USB: ehci: remove structure packing from ehci_def
    - LP: #791552
  * taskstats: don't allow duplicate entries in listener mode,
    CVE-2011-2484
    - LP: #806390
    - CVE-2011-2484
  * ext4: init timer earlier to avoid a kernel panic in __save_error_info,
    CVE-2011-2493
    - LP: #806929
    - CVE-2011-2493
  * dccp: handle invalid feature options length, CVE-2011-1770
    - LP: #806375
    - CVE-2011-1770
  * pagemap: close races with suid execve, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * report errors in /proc/*/*map* sanely, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * close race in /proc/*/environ, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * auxv: require the target to be tracable (or yourself), CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * deal with races in /proc/*/{syscall, stack, personality}, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * rose: Add length checks to CALL_REQUEST parsing, CVE-2011-1493
    - LP: #816550
    - CVE-2011-1493
  * GFS2: make sure fallocate bytes is a multiple of blksize, CVE-2011-2689
    - LP: #819572
    - CVE-2011-2689
  * Bluetooth: l2cap and rfcomm: fix 1 byte infoleak to userspace.
    - LP: #819569
    - CVE-2011-2492
  * Add mount option to check uid of device being mounted = expect uid,
    CVE-2011-1833
    - LP: #732628
    - CVE-2011-1833
  * ipv6: make fragment identifications less predictable, CVE-2011-2699
    - LP: #827685
    - CVE-2011-2699
  * perf: Fix software event overflow, CVE-2011-2918
    - LP: #834121
    - CVE-2011-2918
  * proc: fix oops on invalid /proc/<pid>/maps access, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020

linux-ti-omap4 (2.6.38-1209.13) natty; urgency=low

[ Tim Gardner ]

* Release Tracking Bug
- LP: #772381

[ Brad Figg ]

* Ubuntu-2.6.38-9.43

[ Bryan Wu ]

  * merge Ubuntu-2.6.38-9.43
  * cherry-pick 6 patches from u2 of 'for-ubuntu' branch
  * [Config] Sync up configs for 2.6.38.4

[ Herton Ronaldo Krzesinski ]

* SAUCE: Revert "x86, hibernate: Initialize mmu_cr4_features during boot"
- LP: #764758

[ Leann Ogasawara ]

* [Config] updateconfigs for 2.6.38.4

[ Paolo Pisati ]

* [Conf...

This bug was fixed in the package linux-ti-omap4 - 2.6.38-1209.15

---------------
linux-ti-omap4 (2.6.38-1209.15) natty-proposed; urgency=low

* Release tracking bug
    - LP: #837761

[ Paolo Pisati ]

* [Config] Turn on CONFIG_USER_NS and DEVPTS_MULTIPLE_INSTANCES.
    - LP: #787749

[ Tim Gardner ]

* [Config] Add enic/fnic to nic-modules udeb, CVE-2011-1020
    - LP: #801610

[ Upstream Kernel Changes ]

* mpt2sas: prevent heap overflows and unchecked reads
    - LP: #780546
  * agp: fix arbitrary kernel memory writes
    - LP: #775809
  * can: add missing socket check in can/raw release
    - LP: #780546
  * agp: fix OOM and buffer overflow
    - LP: #775809
  * bonding: Incorrect TX queue offset, CVE-2011-1581
    - LP: #792312
    - CVE-2011-1581
  * fs/partitions/efi.c: corrupted GUID partition tables can cause kernel
    oops
    - LP: #795418
    - CVE-2011-1577
  * can: Add missing socket check in can/bcm release.
    - LP: #796502
    - CVE-2011-1598
  * USB: ehci: remove structure packing from ehci_def
    - LP: #791552
  * taskstats: don't allow duplicate entries in listener mode,
    CVE-2011-2484
    - LP: #806390
    - CVE-2011-2484
  * ext4: init timer earlier to avoid a kernel panic in __save_error_info,
    CVE-2011-2493
    - LP: #806929
    - CVE-2011-2493
  * dccp: handle invalid feature options length, CVE-2011-1770
    - LP: #806375
    - CVE-2011-1770
  * pagemap: close races with suid execve, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * report errors in /proc/*/*map* sanely, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * close race in /proc/*/environ, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * auxv: require the target to be tracable (or yourself), CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * deal with races in /proc/*/{syscall, stack, personality}, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * rose: Add length checks to CALL_REQUEST parsing, CVE-2011-1493
    - LP: #816550
    - CVE-2011-1493
  * GFS2: make sure fallocate bytes is a multiple of blksize, CVE-2011-2689
    - LP: #819572
    - CVE-2011-2689
  * Bluetooth: l2cap and rfcomm: fix 1 byte infoleak to userspace.
    - LP: #819569
    - CVE-2011-2492
  * Add mount option to check uid of device being mounted = expect uid,
    CVE-2011-1833
    - LP: #732628
    - CVE-2011-1833
  * ipv6: make fragment identifications less predictable, CVE-2011-2699
    - LP: #827685
    - CVE-2011-2699
  * perf: Fix software event overflow, CVE-2011-2918
    - LP: #834121
    - CVE-2011-2918
  * proc: fix oops on invalid /proc/<pid>/maps access, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020

linux-ti-omap4 (2.6.38-1209.13) natty; urgency=low

[ Tim Gardner ]

* Release Tracking Bug
    - LP: #772381

[ Brad Figg ]

* Ubuntu-2.6.38-9.43

[ Bryan Wu ]

* merge Ubuntu-2.6.38-9.43
  * cherry-pick 6 patches from u2 of 'for-ubuntu' branch
  * [Config] Sync up configs for 2.6.38.4

[ Herton Ronaldo Krzesinski ]

* SAUCE: Revert "x86, hibernate: Initialize mmu_cr4_features during boot"
    - LP: #764758

[ Leann Ogasawara ]

* [Config] updateconfigs for 2.6.38.4

[ Paolo Pisati ]

* [Config] s/USB_MUSB_TUSB6010/USB_MUSB_OMAP2PLUS/ on omap3 to get musb
    - LP: #759913

[ Serge E. Hallyn ]

* SAUCE: kvm: fix push of wrong eip when doing softint
    - LP: #747090

[ Tim Gardner ]

* [Config] Add cachefiles.ko to virtual flavour
    - LP: #770430

[ Upstream Kernel Changes ]

* Revert "net/sunrpc: Use static const char arrays"
    - LP: #761134
  * Revert "x86: Cleanup highmap after brk is concluded"
    - LP: #761134
  * ALSA: hda - Fix SPDIF out regression on ALC889
    - LP: #761134
  * ALSA: Fix yet another race in disconnection
    - LP: #761134
  * ALSA: vmalloc buffers should use normal mmap
    - LP: #761134
  * perf: Better fit max unprivileged mlock pages for tools needs
    - LP: #761134
  * myri10ge: fix rmmod crash
    - LP: #761134
  * cciss: fix lost command issue
    - LP: #761134
  * ath9k: Fix kernel panic in AR2427
    - LP: #761134
  * sound/oss/opl3: validate voice and channel indexes
    - LP: #761134
  * mac80211: initialize sta->last_rx in sta_info_alloc
    - LP: #761134
  * ses: show devices for enclosures with no page 7
    - LP: #761134
  * ses: Avoid kernel panic when lun 0 is not mapped
    - LP: #761134
  * PCI/ACPI: Report ASPM support to BIOS if not disabled from command line
    - LP: #761134
  * eCryptfs: Unlock page in write_begin error path
    - LP: #761134
  * eCryptfs: ecryptfs_keyring_auth_tok_for_sig() bug fix
    - LP: #761134
  * crypto: aesni-intel - fixed problem with packets that are not multiple
    of 64bytes
    - LP: #761134
  * staging: usbip: bugfixes related to kthread conversion
    - LP: #761134
  * staging: usbip: bugfix add number of packets for isochronous frames
    - LP: #761134
  * staging: usbip: bugfix for isochronous packets and optimization
    - LP: #761134
  * staging: hv: use sync_bitops when interacting with the hypervisor
    - LP: #761134
  * staging: hv: Fix GARP not sent after Quick Migration
    - LP: #761134
  * xfs: register the inode cache shrinker before quotachecks
    - LP: #761134
  * amd64_edac: Fix potential memleak
    - LP: #761134
  * watchdog: s3c2410_wdt.c: Convert release_resource to
    release_region/release_mem_region
    - LP: #761134
  * watchdog: Convert release_resource to release_region/release_mem_region
    - LP: #761134
  * irda: validate peer name and attribute lengths
    - LP: #761134
  * irda: prevent heap corruption on invalid nickname
    - LP: #761134
  * powerpc: Fix accounting of softirq time when idle
    - LP: #761134
  * nilfs2: fix data loss in mmap page write for hole blocks
    - LP: #761134
  * ASoC: Explicitly say registerless widgets have no register
    - LP: #761134
  * ASoC: imx: set watermarks for mx2-dma
    - LP: #761134
  * ASoC: imx: fix burstsize for DMA
    - LP: #761134
  * ASoC: Fix CODEC device name for Corgi
    - LP: #761134
  * ALSA: ens1371: fix Creative Ectiva support
    - LP: #761134
  * ALSA: hda - HDMI: Fix MCP7x audio infoframe checksums
    - LP: #761134
  * ALSA: HDA: Fix single internal mic on ALC275 (Sony Vaio VPCSB1C5E)
    - LP: #752792, #761134
  * net: fix ethtool->set_flags not intended -EINVAL return value
    - LP: #761134
  * drm/radeon/kms: add some new ontario pci ids
    - LP: #761134
  * drm/radeon/kms: add some sanity checks to obj info record parsingi (v2)
    - LP: #761134
  * inotify: fix double free/corruption of stuct user
    - LP: #761134
  * HID: hid-magicmouse: Increase evdev buffer size
    - LP: #761134
  * perf: Fix task_struct reference leak
    - LP: #761134
  * perf: Rebase max unprivileged mlock threshold on top of page size
    - LP: #761134
  * ROSE: prevent heap corruption with bad facilities
    - LP: #761134
  * Btrfs: Fix uninitialized root flags for subvolumes
    - LP: #761134
  * x86, mtrr, pat: Fix one cpu getting out of sync during resume
    - LP: #761134
  * Input: synaptics - fix crash in synaptics_module_init()
    - LP: #761134
  * ath9k: fix a chip wakeup related crash in ath9k_start
    - LP: #761134
  * mac80211: fix a crash in minstrel_ht in HT mode with no supported MCS
    rates
    - LP: #761134
  * staging: IIO: IMU: ADIS16400: Fix up SPI messages cs_change behavior
    - LP: #761134
  * staging: IIO: IMU: ADIS16400: Add delay after self test
    - LP: #761134
  * staging: IIO: IMU: ADIS16400: Fix addresses of GYRO and ACCEL
    calibration offset
    - LP: #761134
  * staging: IIO: IMU: ADIS16400: Make sure only enabled scan_elements are
    pushed into the ring
    - LP: #761134
  * UBIFS: do not read flash unnecessarily
    - LP: #761134
  * UBIFS: fix oops on error path in read_pnode
    - LP: #761134
  * UBIFS: fix debugging failure in dbg_check_space_info
    - LP: #761134
  * quota: Don't write quota info in dquot_commit()
    - LP: #761134
  * mm: avoid wrapping vm_pgoff in mremap()
    - LP: #761134
  * iwlwifi: accept EEPROM version 0x423 for iwl6000
    - LP: #761134
  * p54usb: IDs for two new devices
    - LP: #761134
  * rt2x00: Fix radio off hang issue for PCIE interface
    - LP: #662288, #761134
  * rt2x00: fix cancelling uninitialized work
    - LP: #761134
  * wl12xx: fix potential buffer overflow in testmode nvs push
    - LP: #761134
  * media/radio/wl1273: fix build errors
    - LP: #761134
  * b43: allocate receive buffers big enough for max frame len + offset
    - LP: #761134
  * Bluetooth: sco: fix information leak to userspace
    - LP: #761134
  * bridge: netfilter: fix information leak
    - LP: #761134
  * Bluetooth: bnep: fix buffer overflow
    - LP: #761134
  * Bluetooth: add support for Apple MacBook Pro 8,2
    - LP: #761134
  * Treat writes as new when holes span across page boundaries
    - LP: #761134
  * char/tpm: Fix unitialized usage of data buffer
    - LP: #761134
  * netfilter: ip_tables: fix infoleak to userspace
    - LP: #761134
  * netfilter: xtables: fix reentrancy
    - LP: #761134
  * netfilter: arp_tables: fix infoleak to userspace
    - LP: #761134
  * netfilter: ipt_CLUSTERIP: fix buffer overflow
    - LP: #761134
  * ipv6: netfilter: ip6_tables: fix infoleak to userspace
    - LP: #761134
  * scsi_transport_iscsi: make priv_sess file writeable only by root
    - LP: #761134
  * mfd: ab8500: world-writable debugfs register-* files
    - LP: #761134
  * mfd: ab3500: world-writable debugfs register-* files
    - LP: #761134
  * mfd: ab3100: world-writable debugfs *_priv files
    - LP: #761134
  * drivers/rtc/rtc-ds1511.c: world-writable sysfs nvram file
    - LP: #761134
  * drivers/misc/ep93xx_pwm.c: world-writable sysfs files
    - LP: #761134
  * drivers/leds/leds-lp5523.c: world-writable engine* sysfs files
    - LP: #761134
  * drivers/leds/leds-lp5521.c: world-writable sysfs engine* files
    - LP: #761134
  * econet: 4 byte infoleak to the network
    - LP: #761134
  * netfilter: h323: bug in parsing of ASN1 SEQOF field
    - LP: #761134
  * sound/oss: remove offset from load_patch callbacks
    - LP: #761134
  * drivers/media/video/tlg2300/pd-video.c: Remove second mutex_unlock in
    pd_vidioc_s_fmt
    - LP: #761134
  * acer-wmi: does not set persistence state by rfkill_init_sw_state
    - LP: #761134
  * Squashfs: Use vmalloc rather than kmalloc for zlib workspace
    - LP: #761134
  * Squashfs: handle corruption of directory structure
    - LP: #761134
  * atm/solos-pci: Don't include frame pseudo-header on transmit hex-dump
    - LP: #761134
  * atm/solos-pci: Don't flap VCs when carrier state changes
    - LP: #761134
  * ext4: fix a double free in ext4_register_li_request
    - LP: #761134
  * ext4: fix credits computing for indirect mapped files
    - LP: #761134
  * nfsd: fix auth_domain reference leak on nlm operations
    - LP: #761134
  * nfsd4: fix oops on lock failure
    - LP: #761134
  * Linux 2.6.38.3
    - LP: #761134
  * vm: fix vm_pgoff wrap in stack expansion
    - LP: #769042
  * drm/radeon/kms: pll tweaks for rv6xx
    - LP: #769042
  * drm/radeon/kms: fix suspend on rv530 asics
    - LP: #769042
  * cifs: always do is_path_accessible check in cifs_mount
    - LP: #769042
  * cifs: check for private_data before trying to put it
    - LP: #769042
  * cifs: set ra_pages in backing_dev_info
    - LP: #769042
  * cifs: wrap received signature check in srv_mutex
    - LP: #769042
  * video: sn9c102: world-wirtable sysfs files
    - LP: #769042
  * UBIFS: restrict world-writable debugfs files
    - LP: #769042
  * ALSA: hda - Fix pin-config of Gigabyte mobo
    - LP: #769042
  * NET: cdc-phonet, handle empty phonet header
    - LP: #769042
  * x86: Fix a bogus unwind annotation in lib/semaphore_32.S
    - LP: #769042
  * tioca: Fix assignment from incompatible pointer warnings
    - LP: #769042
  * mca.c: Fix cast from integer to pointer warning
    - LP: #769042
  * vm: fix mlock() on stack guard page
    - LP: #769042
  * UBIFS: fix assertion warnings
    - LP: #769042
  * perf: Fix task context scheduling
    - LP: #769042
  * bridge: Fix possibly wrong MLD queries' ethernet source address
    - LP: #769042
  * fib: add rtnl locking in ip_fib_net_exit
    - LP: #769042
  * gianfar: Fall back to software tcp/udp checksum on older controllers
    - LP: #769042
  * l2tp: fix possible oops on l2tp_eth module unload
    - LP: #769042
  * net ipv6: Fix duplicate /proc/sys/net/ipv6/neigh directory entries.
    - LP: #769042
  * net_sched: fix ip_tos2prio
    - LP: #769042
  * pppoe: drop PPPOX_ZOMBIEs in pppoe_flush_dev
    - LP: #769042
  * sctp: Pass __GFP_NOWARN to hash table allocation attempts.
    - LP: #769042
  * tcp: avoid cwnd moderation in undo
    - LP: #769042
  * xfrm: Refcount destination entry on xfrm_lookup
    - LP: #769042
  * vlan: should take into account needed_headroom
    - LP: #769042
  * bridge: Reset IPCB when entering IP stack on NF_FORWARD
    - LP: #769042
  * sparc: Fix .size directive for do_int_load
    - LP: #769042
  * sparc32: Fix might-be-used-uninitialized warning in do_sparc_fault().
    - LP: #769042
  * sparc32: Pass task_struct to schedule_tail() in ret_from_fork
    - LP: #769042
  * sparc64: Fix build errors with gcc-4.6.0
    - LP: #769042
  * futex: Set FLAGS_HAS_TIMEOUT during futex_wait restart setup
    - LP: #769042
  * kstrto*: converting strings to integers done (hopefully) right
    - LP: #769042
  * mm/thp: use conventional format for boolean attributes
    - LP: #769042
  * ramfs: fix memleak on no-mmu arch
    - LP: #769042
  * oom-kill: remove boost_dying_task_prio()
    - LP: #769042
  * MAINTAINERS: update STABLE BRANCH info
    - LP: #769042
  * UBIFS: fix oops when R/O file-system is fsync'ed
    - LP: #769042
  * x86, AMD: Set ARAT feature on AMD processors
    - LP: #769042
  * x86, amd: Disable GartTlbWlkErr when BIOS forgets it
    - LP: #769042
  * vfs: Fix absolute RCU path walk failures due to uninitialized seq
    number
    - LP: #769042
  * ARM: 6864/1: hw_breakpoint: clear DBGVCR out of reset
    - LP: #769042
  * i2c-algo-bit: Call pre/post_xfer for bit_test
    - LP: #769042
  * RTC: add missing "return 0" in new alarm func for rtc-bfin.c
    - LP: #769042
  * sched: Fix erroneous all_pinned logic
    - LP: #769042
  * vmscan: all_unreclaimable() use zone->all_unreclaimable as a name
    - LP: #769042
  * brk: COMPAT_BRK: fix detection of randomized brk
    - LP: #769042
  * usb: musb: temporarily make it bool
    - LP: #769042
  * USB: ftdi_sio: Added IDs for CTI USB Serial Devices
    - LP: #769042
  * USB: ftdi_sio: add PID for OCT DK201 docking station
    - LP: #769042
  * USB: ftdi_sio: add ids for Hameg HO720 and HO730
    - LP: #769042
  * USB: option: Added support for Samsung GT-B3730/GT-B3710 LTE USB modem.
    - LP: #769042
  * next_pidmap: fix overflow condition
    - LP: #769042
  * proc: do proper range check on readdir offset
    - LP: #769042
  * powerpc: Fix oops if scan_dispatch_log is called too early
    - LP: #769042
  * powerpc/perf_event: Skip updating kernel counters if register value
    shrinks
    - LP: #769042
  * usb: Fix qcserial memory leak on rmmod
    - LP: #769042
  * usb: qcserial avoid pointing to freed memory
    - LP: #769042
  * usb: qcserial add missing errorpath kfrees
    - LP: #769042
  * USB: EHCI: unlink unused QHs when the controller is stopped
    - LP: #769042
  * USB: fix formatting of SuperSpeed endpoints in /proc/bus/usb/devices
    - LP: #769042
  * USB: xhci - fix unsafe macro definitions
    - LP: #769042
  * USB: xhci - fix math in xhci_get_endpoint_interval()
    - LP: #769042
  * USB: xhci - also free streams when resetting devices
    - LP: #769042
  * USB: Fix unplug of device with active streams
    - LP: #769042
  * radeon: Fix KMS CP writeback on big endian machines.
    - LP: #769042
  * Bluetooth: Fix HCI_RESET command synchronization
    - LP: #700292, #769042
  * perf tool: Fix gcc 4.6.0 issues
    - LP: #769042
  * bridge: reset IPCB in br_parse_ip_options
    - LP: #769042
  * ip: ip_options_compile() resilient to NULL skb route
    - LP: #769042
  * Linux 2.6.38.4
    - LP: #769042
  * (pre stable) ath9k_hw: partially revert "fix dma descriptor rx error
    bit parsing"
    - LP: #735171
  * fs/partitions/ldm.c: fix oops caused by corrupted partition table,
    CVE-2011-1017
    - LP: #771382
    - CVE-2011-1017
  * (pre-stable) drm/i915: Sanitize the output registers after resume
    - LP: #745304
  * ARM: EXYNOS4: Register HSMMC2 before HSMMC0 on SMDKV310 board
  * ARM: vexpress: add basic DT platform matching support
  * ARM: vexpress: add basic dts DT source
  * OMAP: Fixed gpio polarity of gpio USB-phy reset.
  * arm/dt: Fix broken dtbs rule.
  * arm/dt: vexpress: Update basic DT to use skeleton.dtsi file.

[ u2 of for-ubuntu ]

* arm/dt: vexpress: Update basic DT to use skeleton.dtsi file.
  * arm/dt: Fix broken dtbs rule.
  * OMAP: Fixed gpio polarity of gpio USB-phy reset.
  * ARM: vexpress: add basic dts DT source
  * ARM: vexpress: add basic DT platform matching support
  * ARM: EXYNOS4: Register HSMMC2 before HSMMC0 on SMDKV310 board

[ Ubuntu: 2.6.38-9.43 ]

* Release Tracking Bug
    - LP: #772096
  * SAUCE: Revert "x86, hibernate: Initialize mmu_cr4_features during boot"
    - LP: #764758
  * [Config] updateconfigs for 2.6.38.4
  * [Config] s/USB_MUSB_TUSB6010/USB_MUSB_OMAP2PLUS/ on omap3 to get musb
    - LP: #759913
  * SAUCE: kvm: fix push of wrong eip when doing softint
    - LP: #747090
  * [Config] Add cachefiles.ko to virtual flavour
    - LP: #770430
  * Revert "net/sunrpc: Use static const char arrays"
    - LP: #761134
  * Revert "x86: Cleanup highmap after brk is concluded"
    - LP: #761134
  * ALSA: hda - Fix SPDIF out regression on ALC889
    - LP: #761134
  * ALSA: Fix yet another race in disconnection
    - LP: #761134
  * ALSA: vmalloc buffers should use normal mmap
    - LP: #761134
  * perf: Better fit max unprivileged mlock pages for tools needs
    - LP: #761134
  * myri10ge: fix rmmod crash
    - LP: #761134
  * cciss: fix lost command issue
    - LP: #761134
  * ath9k: Fix kernel panic in AR2427
    - LP: #761134
  * sound/oss/opl3: validate voice and channel indexes
    - LP: #761134
  * mac80211: initialize sta->last_rx in sta_info_alloc
    - LP: #761134
  * ses: show devices for enclosures with no page 7
    - LP: #761134
  * ses: Avoid kernel panic when lun 0 is not mapped
    - LP: #761134
  * PCI/ACPI: Report ASPM support to BIOS if not disabled from command line
    - LP: #761134
  * eCryptfs: Unlock page in write_begin error path
    - LP: #761134
  * eCryptfs: ecryptfs_keyring_auth_tok_for_sig() bug fix
    - LP: #761134
  * crypto: aesni-intel - fixed problem with packets that are not multiple
    of 64bytes
    - LP: #761134
  * staging: usbip: bugfixes related to kthread conversion
    - LP: #761134
  * staging: usbip: bugfix add number of packets for isochronous frames
    - LP: #761134
  * staging: usbip: bugfix for isochronous packets and optimization
    - LP: #761134
  * staging: hv: use sync_bitops when interacting with the hypervisor
    - LP: #761134
  * staging: hv: Fix GARP not sent after Quick Migration
    - LP: #761134
  * xfs: register the inode cache shrinker before quotachecks
    - LP: #761134
  * amd64_edac: Fix potential memleak
    - LP: #761134
  * watchdog: s3c2410_wdt.c: Convert release_resource to
    release_region/release_mem_region
    - LP: #761134
  * watchdog: Convert release_resource to release_region/release_mem_region
    - LP: #761134
  * irda: validate peer name and attribute lengths
    - LP: #761134
  * irda: prevent heap corruption on invalid nickname
    - LP: #761134
  * powerpc: Fix accounting of softirq time when idle
    - LP: #761134
  * nilfs2: fix data loss in mmap page write for hole blocks
    - LP: #761134
  * ASoC: Explicitly say registerless widgets have no register
    - LP: #761134
  * ASoC: imx: set watermarks for mx2-dma
    - LP: #761134
  * ASoC: imx: fix burstsize for DMA
    - LP: #761134
  * ASoC: Fix CODEC device name for Corgi
    - LP: #761134
  * ALSA: ens1371: fix Creative Ectiva support
    - LP: #761134
  * ALSA: hda - HDMI: Fix MCP7x audio infoframe checksums
    - LP: #761134
  * ALSA: HDA: Fix single internal mic on ALC275 (Sony Vaio VPCSB1C5E)
    - LP: #752792, #761134
  * net: fix ethtool->set_flags not intended -EINVAL return value
    - LP: #761134
  * drm/radeon/kms: add some new ontario pci ids
    - LP: #761134
  * drm/radeon/kms: add some sanity checks to obj info record parsingi (v2)
    - LP: #761134
  * inotify: fix double free/corruption of stuct user
    - LP: #761134
  * HID: hid-magicmouse: Increase evdev buffer size
    - LP: #761134
  * perf: Fix task_struct reference leak
    - LP: #761134
  * perf: Rebase max unprivileged mlock threshold on top of page size
    - LP: #761134
  * ROSE: prevent heap corruption with bad facilities
    - LP: #761134
  * Btrfs: Fix uninitialized root flags for subvolumes
    - LP: #761134
  * x86, mtrr, pat: Fix one cpu getting out of sync during resume
    - LP: #761134
  * Input: synaptics - fix crash in synaptics_module_init()
    - LP: #761134
  * ath9k: fix a chip wakeup related crash in ath9k_start
    - LP: #761134
  * mac80211: fix a crash in minstrel_ht in HT mode with no supported MCS
    rates
    - LP: #761134
  * staging: IIO: IMU: ADIS16400: Fix up SPI messages cs_change behavior
    - LP: #761134
  * staging: IIO: IMU: ADIS16400: Add delay after self test
    - LP: #761134
  * staging: IIO: IMU: ADIS16400: Fix addresses of GYRO and ACCEL
    calibration offset
    - LP: #761134
  * staging: IIO: IMU: ADIS16400: Make sure only enabled scan_elements are
    pushed into the ring
    - LP: #761134
  * UBIFS: do not read flash unnecessarily
    - LP: #761134
  * UBIFS: fix oops on error path in read_pnode
    - LP: #761134
  * UBIFS: fix debugging failure in dbg_check_space_info
    - LP: #761134
  * quota: Don't write quota info in dquot_commit()
    - LP: #761134
  * mm: avoid wrapping vm_pgoff in mremap()
    - LP: #761134
  * iwlwifi: accept EEPROM version 0x423 for iwl6000
    - LP: #761134
  * p54usb: IDs for two new devices
    - LP: #761134
  * rt2x00: Fix radio off hang issue for PCIE interface
    - LP: #662288, #761134
  * rt2x00: fix cancelling uninitialized work
    - LP: #761134
  * wl12xx: fix potential buffer overflow in testmode nvs push
    - LP: #761134
  * media/radio/wl1273: fix build errors
    - LP: #761134
  * b43: allocate receive buffers big enough for max frame len + offset
    - LP: #761134
  * Bluetooth: sco: fix information leak to userspace
    - LP: #761134
  * bridge: netfilter: fix information leak
    - LP: #761134
  * Bluetooth: bnep: fix buffer overflow
    - LP: #761134
  * Bluetooth: add support for Apple MacBook Pro 8,2
    - LP: #761134
  * Treat writes as new when holes span across page boundaries
    - LP: #761134
  * char/tpm: Fix unitialized usage of data buffer
    - LP: #761134
  * netfilter: ip_tables: fix infoleak to userspace
    - LP: #761134
  * netfilter: xtables: fix reentrancy
    - LP: #761134
  * netfilter: arp_tables: fix infoleak to userspace
    - LP: #761134
  * netfilter: ipt_CLUSTERIP: fix buffer overflow
    - LP: #761134
  * ipv6: netfilter: ip6_tables: fix infoleak to userspace
    - LP: #761134
  * scsi_transport_iscsi: make priv_sess file writeable only by root
    - LP: #761134
  * mfd: ab8500: world-writable debugfs register-* files
    - LP: #761134
  * mfd: ab3500: world-writable debugfs register-* files
    - LP: #761134
  * mfd: ab3100: world-writable debugfs *_priv files
    - LP: #761134
  * drivers/rtc/rtc-ds1511.c: world-writable sysfs nvram file
    - LP: #761134
  * drivers/misc/ep93xx_pwm.c: world-writable sysfs files
    - LP: #761134
  * drivers/leds/leds-lp5523.c: world-writable engine* sysfs files
    - LP: #761134
  * drivers/leds/leds-lp5521.c: world-writable sysfs engine* files
    - LP: #761134
  * econet: 4 byte infoleak to the network
    - LP: #761134
  * netfilter: h323: bug in parsing of ASN1 SEQOF field
    - LP: #761134
  * sound/oss: remove offset from load_patch callbacks
    - LP: #761134
  * drivers/media/video/tlg2300/pd-video.c: Remove second mutex_unlock in
    pd_vidioc_s_fmt
    - LP: #761134
  * acer-wmi: does not set persistence state by rfkill_init_sw_state
    - LP: #761134
  * Squashfs: Use vmalloc rather than kmalloc for zlib workspace
    - LP: #761134
  * Squashfs: handle corruption of directory structure
    - LP: #761134
  * atm/solos-pci: Don't include frame pseudo-header on transmit hex-dump
    - LP: #761134
  * atm/solos-pci: Don't flap VCs when carrier state changes
    - LP: #761134
  * ext4: fix a double free in ext4_register_li_request
    - LP: #761134
  * ext4: fix credits computing for indirect mapped files
    - LP: #761134
  * nfsd: fix auth_domain reference leak on nlm operations
    - LP: #761134
  * nfsd4: fix oops on lock failure
    - LP: #761134
  * Linux 2.6.38.3
    - LP: #761134
  * vm: fix vm_pgoff wrap in stack expansion
    - LP: #769042
  * drm/radeon/kms: pll tweaks for rv6xx
    - LP: #769042
  * drm/radeon/kms: fix suspend on rv530 asics
    - LP: #769042
  * cifs: always do is_path_accessible check in cifs_mount
    - LP: #769042
  * cifs: check for private_data before trying to put it
    - LP: #769042
  * cifs: set ra_pages in backing_dev_info
    - LP: #769042
  * cifs: wrap received signature check in srv_mutex
    - LP: #769042
  * video: sn9c102: world-wirtable sysfs files
    - LP: #769042
  * UBIFS: restrict world-writable debugfs files
    - LP: #769042
  * ALSA: hda - Fix pin-config of Gigabyte mobo
    - LP: #769042
  * NET: cdc-phonet, handle empty phonet header
    - LP: #769042
  * x86: Fix a bogus unwind annotation in lib/semaphore_32.S
    - LP: #769042
  * tioca: Fix assignment from incompatible pointer warnings
    - LP: #769042
  * mca.c: Fix cast from integer to pointer warning
    - LP: #769042
  * vm: fix mlock() on stack guard page
    - LP: #769042
  * UBIFS: fix assertion warnings
    - LP: #769042
  * perf: Fix task context scheduling
    - LP: #769042
  * bridge: Fix possibly wrong MLD queries' ethernet source address
    - LP: #769042
  * fib: add rtnl locking in ip_fib_net_exit
    - LP: #769042
  * gianfar: Fall back to software tcp/udp checksum on older controllers
    - LP: #769042
  * l2tp: fix possible oops on l2tp_eth module unload
    - LP: #769042
  * net ipv6: Fix duplicate /proc/sys/net/ipv6/neigh directory entries.
    - LP: #769042
  * net_sched: fix ip_tos2prio
    - LP: #769042
  * pppoe: drop PPPOX_ZOMBIEs in pppoe_flush_dev
    - LP: #769042
  * sctp: Pass __GFP_NOWARN to hash table allocation attempts.
    - LP: #769042
  * tcp: avoid cwnd moderation in undo
    - LP: #769042
  * xfrm: Refcount destination entry on xfrm_lookup
    - LP: #769042
  * vlan: should take into account needed_headroom
    - LP: #769042
  * bridge: Reset IPCB when entering IP stack on NF_FORWARD
    - LP: #769042
  * sparc: Fix .size directive for do_int_load
    - LP: #769042
  * sparc32: Fix might-be-used-uninitialized warning in do_sparc_fault().
    - LP: #769042
  * sparc32: Pass task_struct to schedule_tail() in ret_from_fork
    - LP: #769042
  * sparc64: Fix build errors with gcc-4.6.0
    - LP: #769042
  * futex: Set FLAGS_HAS_TIMEOUT during futex_wait restart setup
    - LP: #769042
  * kstrto*: converting strings to integers done (hopefully) right
    - LP: #769042
  * mm/thp: use conventional format for boolean attributes
    - LP: #769042
  * ramfs: fix memleak on no-mmu arch
    - LP: #769042
  * oom-kill: remove boost_dying_task_prio()
    - LP: #769042
  * MAINTAINERS: update STABLE BRANCH info
    - LP: #769042
  * UBIFS: fix oops when R/O file-system is fsync'ed
    - LP: #769042
  * x86, AMD: Set ARAT feature on AMD processors
    - LP: #769042
  * x86, amd: Disable GartTlbWlkErr when BIOS forgets it
    - LP: #769042
  * vfs: Fix absolute RCU path walk failures due to uninitialized seq
    number
    - LP: #769042
  * ARM: 6864/1: hw_breakpoint: clear DBGVCR out of reset
    - LP: #769042
  * i2c-algo-bit: Call pre/post_xfer for bit_test
    - LP: #769042
  * RTC: add missing "return 0" in new alarm func for rtc-bfin.c
    - LP: #769042
  * sched: Fix erroneous all_pinned logic
    - LP: #769042
  * vmscan: all_unreclaimable() use zone->all_unreclaimable as a name
    - LP: #769042
  * brk: COMPAT_BRK: fix detection of randomized brk
    - LP: #769042
  * usb: musb: temporarily make it bool
    - LP: #769042
  * USB: ftdi_sio: Added IDs for CTI USB Serial Devices
    - LP: #769042
  * USB: ftdi_sio: add PID for OCT DK201 docking station
    - LP: #769042
  * USB: ftdi_sio: add ids for Hameg HO720 and HO730
    - LP: #769042
  * USB: option: Added support for Samsung GT-B3730/GT-B3710 LTE USB modem.
    - LP: #769042
  * next_pidmap: fix overflow condition
    - LP: #769042
  * proc: do proper range check on readdir offset
    - LP: #769042
  * powerpc: Fix oops if scan_dispatch_log is called too early
    - LP: #769042
  * powerpc/perf_event: Skip updating kernel counters if register value
    shrinks
    - LP: #769042
  * usb: Fix qcserial memory leak on rmmod
    - LP: #769042
  * usb: qcserial avoid pointing to freed memory
    - LP: #769042
  * usb: qcserial add missing errorpath kfrees
    - LP: #769042
  * USB: EHCI: unlink unused QHs when the controller is stopped
    - LP: #769042
  * USB: fix formatting of SuperSpeed endpoints in /proc/bus/usb/devices
    - LP: #769042
  * USB: xhci - fix unsafe macro definitions
    - LP: #769042
  * USB: xhci - fix math in xhci_get_endpoint_interval()
    - LP: #769042
  * USB: xhci - also free streams when resetting devices
    - LP: #769042
  * USB: Fix unplug of device with active streams
    - LP: #769042
  * radeon: Fix KMS CP writeback on big endian machines.
    - LP: #769042
  * Bluetooth: Fix HCI_RESET command synchronization
    - LP: #700292, #769042
  * perf tool: Fix gcc 4.6.0 issues
    - LP: #769042
  * bridge: reset IPCB in br_parse_ip_options
    - LP: #769042
  * ip: ip_options_compile() resilient to NULL skb route
    - LP: #769042
  * Linux 2.6.38.4
    - LP: #769042
  * (pre stable) ath9k_hw: partially revert "fix dma descriptor rx error
    bit parsing"
    - LP: #735171
  * fs/partitions/ldm.c: fix oops caused by corrupted partition table,
    CVE-2011-1017
    - LP: #771382
    - CVE-2011-1017
  * (pre-stable) drm/i915: Sanitize the output registers after resume
    - LP: #745304

linux-ti-omap4 (2.6.38-1208.12) natty; urgency=low

[ Tim Gardner ]

* Release Tracking Bug
    - LP: #770368

[ Bryan Wu ]

* merge Ubuntu-2.6.38-8.41
  * merge Ubuntu-2.6.38-8.42
  * merge u1 of 'for-ubuntu' branch
  * [Config] sync up configs

[ David Henningsson ]

* SAUCE: (drop after 2.6.38) ALSA: HDA: Fix dock mic for Lenovo
    X220-tablet
    - LP: #751033

[ Gustavo F. Padovan ]

* SAUCE: Revert "Bluetooth: Add new PID for Atheros 3011"
    - LP: #720949

[ Herton Ronaldo Krzesinski ]

* SAUCE: (drop after 2.6.39) v4l: make sure drivers supply a zeroed
    struct v4l2_subdev
    - LP: #745213

[ John Johansen ]

* AppArmor: Fix masking of capabilities in complain mode
    - LP: #748656

[ Kees Cook ]

* SAUCE: nx-emu: further clarify dmesg reporting
    - LP: #745181

[ Leann Ogasawara ]

* Ubuntu-2.6.38-8.40
  * Ubuntu-2.6.38-8.41
  * [Config] Disable CONFIG_RTS_PSTOR for armel, powerpc
  * Ubuntu-2.6.38-8.42

[ Luke Yelavich ]

* [Config] Disable CONFIG_CRASH_DUMP on 32-bit powerpc kernels
    - LP: #745358
  * [Config] Disable CONFIG_DRM_RADEON_KMS on powerpc kernels
  * [Config] Build some framebuffer drivers as modules for powerpc kernels.

[ Manoj Iyer ]

* SAUCE: thinkpad-acpi: module autoloading for newer Lenovo ThinkPads.
    - LP: #745217
  * SAUCE: (drop after 2.6.38) add support for Lenovo tablet ID (0xE6)
    - LP: #746652

[ Seth Forshee ]

* SAUCE: (drop after 2.6.38) eeepc-wmi: Add support for T101MT
    Home/Express Gate key

[ Steve Langasek ]

* [Config] Make linux-libc-dev coinstallable under multiarch
    - LP: #750585

[ Tim Gardner ]

* SAUCE: Increase the default hard limit for open FDs to 4096
    - LP: #663090
  * [Config] CONFIG_RTS_PSTOR=m
    - LP: #698006

[ Upstream Kernel Changes ]

* Revert "tcp: disallow bind() to reuse addr/port"
    - LP: #731878
  * ALSA: pcm: fix infinite loop in snd_pcm_update_hw_ptr0()
  * Relax si_code check in rt_sigqueueinfo and rt_tgsigqueueinfo
  * ALSA: HDA: Add dock mic quirk for Lenovo Thinkpad X220
    - LP: #746259
  * ALSA: HDA: New AD1984A model for Dell Precision R5500
    - LP: #741516
  * Input: sparse-keymap - report scancodes with key events
  * Input: sparse-keymap - report KEY_UNKNOWN for unknown scan codes
  * KVM: SVM: Load %gs earlier if CONFIG_X86_32_LAZY_GS=n
    - LP: #729085
  * watchdog: sp5100_tco.c: Check if firmware has set correct value in
    tcobase.
    - LP: #740011
  * staging: add rts_pstor for Realtek PCIE cardreader
    - LP: #698006
  * staging: fix rts_pstor build errors
    - LP: #698006
  * Staging: rts_pstor: fixed some brace code styling issues
    - LP: #698006
  * staging: rts_pstor: potential NULL dereference
    - LP: #698006
  * Staging: rts_pstor: fix read past end of buffer
    - LP: #698006
  * staging: rts_pstor: delete a function
    - LP: #698006
  * staging: rts_pstor: fix sparse warning
    - LP: #698006
  * staging: rts_pstor: fix a bug that a greenhouse sd card can't be
    recognized
    - LP: #698006
  * staging: rts_pstor: optimize kmalloc to kzalloc
    - LP: #698006
  * staging: rts_pstor: MSXC card power class
    - LP: #698006
  * staging: rts_pstor: modify initial card clock
    - LP: #698006
  * staging: rts_pstor: set lun_mode in a different place
    - LP: #698006
  * x86, hibernate: Initialize mmu_cr4_features during boot
    - LP: #752870
  * ARM: EXYNOS4: CPUIDLE Support
  * ARM: EXYNOS4: Fix incorrect mapping of gpio pull-up macro to register
    setting
  * ARM: EXYNOS4: Fix card insert/removal event detection on smdkv310 board
  * ARM: 6864/1: hw_breakpoint: clear DBGVCR out of reset
  * ARM: 6865/1: perf: ensure pass through zero is counted on overflow
  * ARM: 6866/1: Do not restrict HIGHPTE to !OUTER_CACHE
  * ARM: 6867/1: Introduce THREAD_NOTIFY_COPY for copy_thread() hooks
  * ARM: 6868/1: Preserve the VFP state during fork
  * ARM: EXYNOS4: CPUIDLE Support
  * config slim down reference defconfig
  * MAKEFILE correct using shawn dtb method
  * omap2 sdp4430 protect hdmi with hdmi sound config
  * Subject: [PATCH 3/3] usb: musb: Moving the Vbus enable function call
    from to workqueue.
  * omap2 4430sdp board file rearrange
  * alsa soc implement abe constraint test
  * omap2 panda neutral reodering of structs
  * omap2 hwmod 44xx neutral reordering
  * alsa panda hdmi audio ensure cpu dai gets built
  * omap2 hwmod 2420 mmc devattr name fix
  * enable build omap3 boards

[ u1 of for-ubuntu ]

* ARM: EXYNOS4: CPUIDLE Support
  * ARM: EXYNOS4: Fix incorrect mapping of gpio pull-up macro to register
    setting
  * ARM: EXYNOS4: Fix card insert/removal event detection on smdkv310 board
  * ARM: 6864/1: hw_breakpoint: clear DBGVCR out of reset
  * ARM: 6865/1: perf: ensure pass through zero is counted on overflow
  * ARM: 6866/1: Do not restrict HIGHPTE to !OUTER_CACHE
  * ARM: 6867/1: Introduce THREAD_NOTIFY_COPY for copy_thread() hooks
  * ARM: 6868/1: Preserve the VFP state during fork
  * ARM: EXYNOS4: CPUIDLE Support
  * config slim down reference defconfig
  * MAKEFILE correct using shawn dtb method
  * omap2 sdp4430 protect hdmi with hdmi sound config
  * Subject: [PATCH 3/3] usb: musb: Moving the Vbus enable function call
    from to workqueue.
  * omap2 4430sdp board file rearrange
  * alsa soc implement abe constraint test
  * omap2 panda neutral reodering of structs
  * omap2 hwmod 44xx neutral reordering
  * alsa panda hdmi audio ensure cpu dai gets built
  * omap2 hwmod 2420 mmc devattr name fix
  * enable build omap3 boards

[ Ubuntu: 2.6.38-8.42 ]

* SAUCE: (drop after 2.6.38) ALSA: HDA: Fix dock mic for Lenovo
    X220-tablet
    - LP: #751033
  * SAUCE: Revert "Bluetooth: Add new PID for Atheros 3011"
    - LP: #720949
  * SAUCE: (drop after 2.6.39) v4l: make sure drivers supply a zeroed
    struct v4l2_subdev
    - LP: #745213
  * AppArmor: Fix masking of capabilities in complain mode
    - LP: #748656
  * [Config] Disable CONFIG_RTS_PSTOR for armel, powerpc
  * SAUCE: (drop after 2.6.38) add support for Lenovo tablet ID (0xE6)
    - LP: #746652
  * [Config] Make linux-libc-dev coinstallable under multiarch
    - LP: #750585
  * [Config] CONFIG_RTS_PSTOR=m
    - LP: #698006
  * Revert "tcp: disallow bind() to reuse addr/port"
    - LP: #731878
  * ALSA: HDA: Add dock mic quirk for Lenovo Thinkpad X220
    - LP: #746259
  * ALSA: HDA: New AD1984A model for Dell Precision R5500
    - LP: #741516
  * Input: sparse-keymap - report scancodes with key events
  * Input: sparse-keymap - report KEY_UNKNOWN for unknown scan codes
  * KVM: SVM: Load %gs earlier if CONFIG_X86_32_LAZY_GS=n
    - LP: #729085
  * watchdog: sp5100_tco.c: Check if firmware has set correct value in
    tcobase.
    - LP: #740011
  * staging: add rts_pstor for Realtek PCIE cardreader
    - LP: #698006
  * staging: fix rts_pstor build errors
    - LP: #698006
  * Staging: rts_pstor: fixed some brace code styling issues
    - LP: #698006
  * staging: rts_pstor: potential NULL dereference
    - LP: #698006
  * Staging: rts_pstor: fix read past end of buffer
    - LP: #698006
  * staging: rts_pstor: delete a function
    - LP: #698006
  * staging: rts_pstor: fix sparse warning
    - LP: #698006
  * staging: rts_pstor: fix a bug that a greenhouse sd card can't be
    recognized
    - LP: #698006
  * staging: rts_pstor: optimize kmalloc to kzalloc
    - LP: #698006
  * staging: rts_pstor: MSXC card power class
    - LP: #698006
  * staging: rts_pstor: modify initial card clock
    - LP: #698006
  * staging: rts_pstor: set lun_mode in a different place
    - LP: #698006
  * x86, hibernate: Initialize mmu_cr4_features during boot
    - LP: #752870

[ Ubuntu: 2.6.38-8.41 ]

* [Config] Disable CONFIG_CRASH_DUMP on 32-bit powerpc kernels
    - LP: #745358
  * [Config] Disable CONFIG_DRM_RADEON_KMS on powerpc kernels
  * [Config] Build some framebuffer drivers as modules for powerpc kernels.
  * SAUCE: (drop after 2.6.38) eeepc-wmi: Add support for T101MT
    Home/Express Gate key
  * SAUCE: Increase the default hard limit for open FDs to 4096
    - LP: #663090
  * ALSA: pcm: fix infinite loop in snd_pcm_update_hw_ptr0()
  * Relax si_code check in rt_sigqueueinfo and rt_tgsigqueueinfo
 -- Paolo Pisati <paolo.pisati@canonical.com>   Wed, 31 Aug 2011 18:34:36 +0200

Changed in linux-ti-omap4 (Ubuntu Natty):
status:	Fix Committed → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2011-09-21:

#9

This bug was fixed in the package linux - 2.6.38-11.50

---------------
linux (2.6.38-11.50) natty-proposed; urgency=low

[Herton R. Krzesinski]

* Release Tracking Bug
- LP: #848246

[ Upstream Kernel Changes ]

  * Revert "eCryptfs: Handle failed metadata read in lookup"
  * Revert "KVM: fix kvmclock regression due to missing clock update"
  * Revert "ath9k: use split rx buffers to get rid of order-1 skb
    allocations"

linux (2.6.38-11.49) natty-proposed; urgency=low

[Herton R. Krzesinski]

* Release Tracking Bug
- LP: #836903

[ Adam Jackson ]

* SAUCE: drm/i915/pch: Fix integer math bugs in panel fitting
- LP: #753994

[ Keng-Yu Lin ]

* SAUCE: Input: ALPS - Enable Intellimouse mode for Lenovo Zhaoyang E47
- LP: #632884, #803005

[ Stefan Bader ]

* [Config] Force perf to use libiberty for demangling
- LP: #783660

[ Tim Gardner ]

* [Config] Add enic/fnic to udebs
- LP: #801610

[ Upstream Kernel Changes ]

  * eeepc-wmi: add keys found on EeePC 1215T
    - LP: #812644
  * eCryptfs: Handle failed metadata read in lookup
    - LP: #509180
  * pagemap: close races with suid execve, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * report errors in /proc/*/*map* sanely, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * close race in /proc/*/environ, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * auxv: require the target to be tracable (or yourself), CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * deal with races in /proc/*/{syscall, stack, personality}, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * vmscan: fix a livelock in kswapd
    - LP: #813797
  * mmc: Add PCI fixup quirks for Ricoh 1180:e823 reader
    - LP: #773524
  * mmc: Added quirks for Ricoh 1180:e823 lower base clock frequency
    - LP: #773524
  * rose: Add length checks to CALL_REQUEST parsing, CVE-2011-1493
    - LP: #816550
    - CVE-2011-1493
  * pata_marvell: Add support for 88SE91A0, 88SE91A4
    - LP: #777325
  * GFS2: make sure fallocate bytes is a multiple of blksize, CVE-2011-2689
    - LP: #819572
    - CVE-2011-2689
  * Bluetooth: l2cap and rfcomm: fix 1 byte infoleak to userspace.
    - LP: #819569
    - CVE-2011-2492
  * drm/nv50-nvc0: work around an evo channel hang that some people see
    - LP: #583760
  * KVM: fix kvmclock regression due to missing clock update
    - LP: #795717
  * Add mount option to check uid of device being mounted = expect uid,
    CVE-2011-1833
    - LP: #732628
    - CVE-2011-1833
  * proc: fix oops on invalid /proc/<pid>/maps access, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * ipv6: make fragment identifications less predictable, CVE-2011-2699
    - LP: #827685
    - CVE-2011-2699
  * ath9k: use split rx buffers to get rid of order-1 skb allocations
    - LP: #728835
  * perf: Fix software event overflow, CVE-2011-2918
    - LP: #834121
    - CVE-2011-2918
-- Herton Ronaldo Krzesinski <email address hidden> Mon, 12 Sep 2011 17:23:38 -0300

This bug was fixed in the package linux - 2.6.38-11.50

---------------
linux (2.6.38-11.50) natty-proposed; urgency=low

[Herton R. Krzesinski]

* Release Tracking Bug
    - LP: #848246

[ Upstream Kernel Changes ]

* Revert "eCryptfs: Handle failed metadata read in lookup"
  * Revert "KVM: fix kvmclock regression due to missing clock update"
  * Revert "ath9k: use split rx buffers to get rid of order-1 skb
    allocations"

linux (2.6.38-11.49) natty-proposed; urgency=low

[Herton R. Krzesinski]

* Release Tracking Bug
    - LP: #836903

[ Adam Jackson ]

* SAUCE: drm/i915/pch: Fix integer math bugs in panel fitting
    - LP: #753994

[ Keng-Yu Lin ]

* SAUCE: Input: ALPS - Enable Intellimouse mode for Lenovo Zhaoyang E47
    - LP: #632884, #803005

[ Stefan Bader ]

* [Config] Force perf to use libiberty for demangling
    - LP: #783660

[ Tim Gardner ]

* [Config] Add enic/fnic to udebs
    - LP: #801610

[ Upstream Kernel Changes ]

* eeepc-wmi: add keys found on EeePC 1215T
    - LP: #812644
  * eCryptfs: Handle failed metadata read in lookup
    - LP: #509180
  * pagemap: close races with suid execve, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * report errors in /proc/*/*map* sanely, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * close race in /proc/*/environ, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * auxv: require the target to be tracable (or yourself), CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * deal with races in /proc/*/{syscall, stack, personality}, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * vmscan: fix a livelock in kswapd
    - LP: #813797
  * mmc: Add PCI fixup quirks for Ricoh 1180:e823 reader
    - LP: #773524
  * mmc: Added quirks for Ricoh 1180:e823 lower base clock frequency
    - LP: #773524
  * rose: Add length checks to CALL_REQUEST parsing, CVE-2011-1493
    - LP: #816550
    - CVE-2011-1493
  * pata_marvell: Add support for 88SE91A0, 88SE91A4
    - LP: #777325
  * GFS2: make sure fallocate bytes is a multiple of blksize, CVE-2011-2689
    - LP: #819572
    - CVE-2011-2689
  * Bluetooth: l2cap and rfcomm: fix 1 byte infoleak to userspace.
    - LP: #819569
    - CVE-2011-2492
  * drm/nv50-nvc0: work around an evo channel hang that some people see
    - LP: #583760
  * KVM: fix kvmclock regression due to missing clock update
    - LP: #795717
  * Add mount option to check uid of device being mounted = expect uid,
    CVE-2011-1833
    - LP: #732628
    - CVE-2011-1833
  * proc: fix oops on invalid /proc/<pid>/maps access, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * ipv6: make fragment identifications less predictable, CVE-2011-2699
    - LP: #827685
    - CVE-2011-2699
  * ath9k: use split rx buffers to get rid of order-1 skb allocations
    - LP: #728835
  * perf: Fix software event overflow, CVE-2011-2918
    - LP: #834121
    - CVE-2011-2918
 -- Herton Ronaldo Krzesinski <herton.krzesinski@canonical.com>   Mon, 12 Sep 2011 17:23:38 -0300

Changed in linux (Ubuntu Natty):
status:	Fix Committed → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2011-09-26:

#10

Download full text (16.4 KiB)

This bug was fixed in the package linux-ec2 - 2.6.32-318.38

---------------
linux-ec2 (2.6.32-318.38) lucid-proposed; urgency=low

[ Stefan Bader ]

  * Rebased to 2.6.32-34.76
  * Release Tracking Bug
    - LP: #837804

[ Ubuntu: 2.6.32-34.76 ]

  * Revert "drm/nv50-nvc0: work around an evo channel hang that some people
    see"
  * Revert "eCryptfs: Handle failed metadata read in lookup"
  * Revert "tunnels: fix netns vs proto registration ordering"

[ Ubuntu: 2.6.32-34.75 ]

* drm/i915: Remove BUG_ON from i915_gem_evict_something
- LP: #828550

linux-ec2 (2.6.32-318.37) lucid-proposed; urgency=low

[ Stefan Bader ]

  * Release Tracking Bug
    - LP: #829162
  * XEN: exec: delay address limit change until point of no return
    - LP: #802383
  * Rebased to 2.6.32-34.74

[ Ubuntu: 2.6.32-34.74 ]

  * proc: fix oops on invalid /proc/<pid>/maps access, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020

[ Ubuntu: 2.6.32-34.73 ]

  * SAUCE: rtl8192se: Force a build for a 2.6/3.0 kernel
    - LP: #805494
  * [Config] Add enic/fnic to udebs
    - LP: #801610
  * tty: icount changeover for other main devices, CVE-2010-4076,
    CVE-2010-4077
    - LP: #720189
    - CVE-2010-4077
  * fs/partitions/efi.c: corrupted GUID partition tables can cause kernel
    oops
    - LP: #795418
    - CVE-2011-1577
  * ftrace: Only update the function code on write to filter files
    - LP: #802383
  * kmemleak: Do not return a pointer to an object that kmemleak did not
    get
    - LP: #802383
  * CPU hotplug, re-create sysfs directory and symlinks
    - LP: #802383
  * Fix memory leak in cpufreq_stat
    - LP: #802383
  * powerpc/kexec: Fix memory corruption from unallocated slaves
    - LP: #802383
  * powerpc/oprofile: Handle events that raise an exception without
    overflowing
    - LP: #802383
  * mtd: mtdconcat: fix NAND OOB write
    - LP: #802383
  * x86, 64-bit: Fix copy_[to/from]_user() checks for the userspace address
    limit
    - LP: #802383
  * ext3: Fix fs corruption when make_indexed_dir() fails
    - LP: #802383
  * jbd: Fix forever sleeping process in do_get_write_access()
    - LP: #802383
  * jbd: fix fsync() tid wraparound bug
    - LP: #802383
  * ext4: release page cache in ext4_mb_load_buddy error path
    - LP: #802383
  * Fix Ultrastor asm snippet
    - LP: #802383
  * x86, amd: Do not enable ARAT feature on AMD processors below family
    0x12
    - LP: #802383
  * x86, amd: Use _safe() msr access for GartTlbWlk disable code
    - LP: #802383
  * rcu: Fix unpaired rcu_irq_enter() from locking selftests
    - LP: #802383
  * staging: usbip: fix wrong endian conversion
    - LP: #802383
  * Fix for buffer overflow in ldm_frag_add not sufficient
    - LP: #802383
  * seqlock: Don't smp_rmb in seqlock reader spin loop
    - LP: #802383
  * ALSA: HDA: Use one dmic only for Dell Studio 1558
    - LP: #731706, #802383
  * ASoC: Ensure output PGA is enabled for line outputs in wm_hubs
    - LP: #802383
  * ASoC: Add some missing volume update bit sets for wm_hubs devices
    - LP: #802383
  * mm/page_alloc.c: prevent unending loop in __alloc_pages_slowpath()
    - LP: #802383
  * loop: limit 'max_part' module param to D...

This bug was fixed in the package linux-ec2 - 2.6.32-318.38

---------------
linux-ec2 (2.6.32-318.38) lucid-proposed; urgency=low

[ Stefan Bader ]

* Rebased to 2.6.32-34.76
  * Release Tracking Bug
    - LP: #837804

[ Ubuntu: 2.6.32-34.76 ]

* Revert "drm/nv50-nvc0: work around an evo channel hang that some people
    see"
  * Revert "eCryptfs: Handle failed metadata read in lookup"
  * Revert "tunnels: fix netns vs proto registration ordering"

[ Ubuntu: 2.6.32-34.75 ]

* drm/i915: Remove BUG_ON from i915_gem_evict_something
    - LP: #828550

linux-ec2 (2.6.32-318.37) lucid-proposed; urgency=low

[ Stefan Bader ]

* Release Tracking Bug
    - LP: #829162
  * XEN: exec: delay address limit change until point of no return
    - LP: #802383
  * Rebased to 2.6.32-34.74

[ Ubuntu: 2.6.32-34.74 ]

* proc: fix oops on invalid /proc/<pid>/maps access, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020

[ Ubuntu: 2.6.32-34.73 ]

* SAUCE: rtl8192se: Force a build for a 2.6/3.0 kernel
    - LP: #805494
  * [Config] Add enic/fnic to udebs
    - LP: #801610
  * tty: icount changeover for other main devices, CVE-2010-4076,
    CVE-2010-4077
    - LP: #720189
    - CVE-2010-4077
  * fs/partitions/efi.c: corrupted GUID partition tables can cause kernel
    oops
    - LP: #795418
    - CVE-2011-1577
  * ftrace: Only update the function code on write to filter files
    - LP: #802383
  * kmemleak: Do not return a pointer to an object that kmemleak did not
    get
    - LP: #802383
  * CPU hotplug, re-create sysfs directory and symlinks
    - LP: #802383
  * Fix memory leak in cpufreq_stat
    - LP: #802383
  * powerpc/kexec: Fix memory corruption from unallocated slaves
    - LP: #802383
  * powerpc/oprofile: Handle events that raise an exception without
    overflowing
    - LP: #802383
  * mtd: mtdconcat: fix NAND OOB write
    - LP: #802383
  * x86, 64-bit: Fix copy_[to/from]_user() checks for the userspace address
    limit
    - LP: #802383
  * ext3: Fix fs corruption when make_indexed_dir() fails
    - LP: #802383
  * jbd: Fix forever sleeping process in do_get_write_access()
    - LP: #802383
  * jbd: fix fsync() tid wraparound bug
    - LP: #802383
  * ext4: release page cache in ext4_mb_load_buddy error path
    - LP: #802383
  * Fix Ultrastor asm snippet
    - LP: #802383
  * x86, amd: Do not enable ARAT feature on AMD processors below family
    0x12
    - LP: #802383
  * x86, amd: Use _safe() msr access for GartTlbWlk disable code
    - LP: #802383
  * rcu: Fix unpaired rcu_irq_enter() from locking selftests
    - LP: #802383
  * staging: usbip: fix wrong endian conversion
    - LP: #802383
  * Fix for buffer overflow in ldm_frag_add not sufficient
    - LP: #802383
  * seqlock: Don't smp_rmb in seqlock reader spin loop
    - LP: #802383
  * ALSA: HDA: Use one dmic only for Dell Studio 1558
    - LP: #731706, #802383
  * ASoC: Ensure output PGA is enabled for line outputs in wm_hubs
    - LP: #802383
  * ASoC: Add some missing volume update bit sets for wm_hubs devices
    - LP: #802383
  * mm/page_alloc.c: prevent unending loop in __alloc_pages_slowpath()
    - LP: #802383
  * loop: limit 'max_part' module param to DISK_MAX_PARTS
    - LP: #802383
  * loop: handle on-demand devices correctly
    - LP: #802383
  * USB: CP210x Add 4 Device IDs for AC-Services Devices
    - LP: #802383
  * USB: moto_modem: Add USB identifier for the Motorola VE240.
    - LP: #802383
  * USB: serial: ftdi_sio: adding support for TavIR STK500
    - LP: #802383
  * USB: gamin_gps: Fix for data transfer problems in native mode
    - LP: #802383
  * usb/gadget: at91sam9g20 fix end point max packet size
    - LP: #802383
  * usb: gadget: rndis: don't test against req->length
    - LP: #802383
  * OHCI: fix regression caused by nVidia shutdown workaround
    - LP: #802383
  * p54usb: add zoom 4410 usbid
    - LP: #802383
  * eCryptfs: Allow 2 scatterlist entries for encrypted filenames
    - LP: #802383
  * UBIFS: fix a rare memory leak in ro to rw remounting path
    - LP: #802383
  * i8k: Avoid lahf in 64-bit code
    - LP: #802383
  * cpuidle: menu: fixed wrapping timers at 4.294 seconds
    - LP: #802383
  * dm table: reject devices without request fns
    - LP: #802383
  * atm: expose ATM device index in sysfs
    - LP: #802383
  * brd: limit 'max_part' module param to DISK_MAX_PARTS
    - LP: #802383
  * brd: handle on-demand devices correctly
    - LP: #802383
  * SUNRPC: Deal with the lack of a SYN_SENT sk->sk_state_change
    callback...
    - LP: #802383
  * PCI: Add quirk for setting valid class for TI816X Endpoint
    - LP: #802383
  * xen mmu: fix a race window causing leave_mm BUG()
    - LP: #802383
  * netfilter: nf_conntrack_reasm: properly handle packets fragmented into
    a single fragment
    - LP: #802383
  * fix memory leak in scsi_report_lun_scan
    - LP: #802383
  * fix refcounting bug in scsi_get_host_dev
    - LP: #802383
  * fix duplicate removal on error path in scsi_sysfs_add_sdev
    - LP: #802383
  * UBIFS: fix shrinker object count reports
    - LP: #802383
  * UBIFS: fix memory leak on error path
    - LP: #802383
  * nbd: limit module parameters to a sane value
    - LP: #802383
  * mm: fix ENOSPC returned by handle_mm_fault()
    - LP: #802383
  * PCI: Set PCIE maxpayload for card during hotplug insertion
    - LP: #802383
  * nl80211: fix check for valid SSID size in scan operations
    - LP: #802383
  * lockdep: Fix lock_is_held() on recursion
    - LP: #802383
  * drm/i915: Add a no lvds quirk for the Asus EeeBox PC EB1007
    - LP: #802383
  * drm/radeon/kms: fix for radeon on systems >4GB without hardware iommu
    - LP: #802383
  * fat: Fix corrupt inode flags when remove ATTR_SYS flag
    - LP: #802383
  * xen: off by one errors in multicalls.c
    - LP: #802383
  * x86/amd-iommu: Fix 3 possible endless loops
    - LP: #802383
  * USB: cdc-acm: Adding second ACM channel support for Nokia E7 and C7
    - LP: #802383
  * USB: core: Tolerate protocol stall during hub and port status read
    - LP: #802383
  * USB: serial: add another 4N-GALAXY.DE PID to ftdi_sio driver
    - LP: #802383
  * ALSA: hda: Fix quirk for Dell Inspiron 910
    - LP: #792712, #802383
  * oprofile, dcookies: Fix possible circular locking dependency
    - LP: #802383
  * CPUFREQ: Remove cpufreq_stats sysfs entries on module unload.
    - LP: #802383
  * md: check ->hot_remove_disk when removing disk
    - LP: #802383
  * md/raid5: fix raid5_set_bi_hw_segments
    - LP: #802383
  * md/raid5: fix FUA request handling in ops_run_io()
    - LP: #802383
  * ata: use pci_dev->revision
    - LP: #802383
  * pata_cmd64x: fix PIO setup
    - LP: #802383
  * pata_cmd64x: cmd648_bmdma_stop() fix
    - LP: #802383
  * pata_cmd64x: remove unused definitions
    - LP: #802383
  * pata_cm64x: fix boot crash on parisc
    - LP: #802383
  * ACPI: use _HID when supplied by root-level devices
    - LP: #802383
  * xfs: properly account for reclaimed inodes
    - LP: #802383
  * exec: delay address limit change until point of no return
    - LP: #802383
  * netfilter: IPv6: initialize TOS field in REJECT target module
    - LP: #802383
  * netfilter: IPv6: fix DSCP mangle code
    - LP: #802383
  * genirq: Add IRQF_FORCE_RESUME
    - LP: #802383
  * xen: Use IRQF_FORCE_RESUME
    - LP: #802383
  * time: Compensate for rounding on odd-frequency clocksources
    - LP: #802383
  * Linux 2.6.32.42
    - LP: #802383
  * taskstats: don't allow duplicate entries in listener mode,
    CVE-2011-2484
    - LP: #806390
    - CVE-2011-2484
  * drm_mm: extract check_free_mm_node
    - LP: #599017, #807508
  * drm: implement helper functions for scanning lru list
    - LP: #599017, #807508
  * drm/i915: prepare for fair lru eviction
    - LP: #599017, #807508
  * drm/i915: Move the eviction logic to its own file.
    - LP: #599017, #807508
  * drm/i915: Implement fair lru eviction across both rings. (v2)
    - LP: #599017, #807508
  * drm/i915: Maintain LRU order of inactive objects upon access by CPU
    (v2)
    - LP: #599017, #807508
  * drm/i915/evict: Ensure we completely cleanup on failure
    - LP: #599017, #807508
  * drm/i915: Periodically flush the active lists and requests
    - LP: #599017, #807508
  * Linux 2.6.32.42+drm33.19
    - LP: #807508
  * net: add limit for socket backlog CVE-2010-4251
    - LP: #807462
  * tcp: use limited socket backlog CVE-2010-4251
    - LP: #807462
  * ipv6: udp: Optimise multicast reception
    - LP: #807462
  * ipv4: udp: Optimise multicast reception
    - LP: #807462
  * udp: multicast RX should increment SNMP/sk_drops counter in allocation
    failures CVE-2010-4251
    - LP: #807462
  * udp: use limited socket backlog CVE-2010-4251
    - LP: #807462
  * llc: use limited socket backlog CVE-2010-4251
    - LP: #807462
  * sctp: use limited socket backlog CVE-2010-4251
    - LP: #807462
  * tipc: use limited socket backlog CVE-2010-4251
    - LP: #807462
  * x25: use limited socket backlog CVE-2010-4251
    - LP: #807462
  * net: backlog functions rename CVE-2010-4251
    - LP: #807462
  * net: sk_add_backlog() take rmem_alloc into account CVE-2010-4805
    - LP: #809318
  * ksm: fix NULL pointer dereference in scan_get_next_rmap_item()
    - LP: #810425
  * migrate: don't account swapcache as shmem
    - LP: #810425
  * clocksource: Make watchdog robust vs. interruption
    - LP: #810425
  * TTY: ldisc, do not close until there are readers
    - LP: #810425
  * xhci: Reject double add of active endpoints.
    - LP: #810425
  * PM: Free memory bitmaps if opening /dev/snapshot fails
    - LP: #810425
  * ath5k: fix memory leak when fewer than N_PD_CURVES are in use
    - LP: #810425
  * mm: fix negative commitlimit when gigantic hugepages are allocated
    - LP: #810425
  * uvcvideo: Remove buffers from the queues when freeing
    - LP: #810425
  * watchdog: mtx1-wdt: request gpio before using it
    - LP: #810425
  * debugobjects: Fix boot crash when kmemleak and debugobjects enabled
    - LP: #810425
  * cfq-iosched: fix locking around ioc->ioc_data assignment
    - LP: #810425
  * cfq-iosched: fix a rcu warning
    - LP: #810425
  * i2c-taos-evm: Fix log messages
    - LP: #810425
  * md: avoid endless recovery loop when waiting for fail device to
    complete.
    - LP: #810425
  * SUNRPC: Ensure the RPC client only quits on fatal signals
    - LP: #810425
  * 6pack,mkiss: fix lock inconsistency
    - LP: #810425
  * USB: don't let errors prevent system sleep
    - LP: #810425
  * USB: don't let the hub driver prevent system sleep
    - LP: #810425
  * uml: fix CONFIG_STATIC_LINK=y build failure with newer glibc
    - LP: #810425
  * um: os-linux/mem.c needs sys/stat.h
    - LP: #810425
  * inet_diag: fix inet_diag_bc_audit()
    - LP: #810425
  * PM / Hibernate: Avoid hitting OOM during preallocation of memory
    - LP: #810425
  * PM / Hibernate: Fix free_unnecessary_pages()
    - LP: #810425
  * bug.h: Add WARN_RATELIMIT
    - LP: #810425
  * net: filter: Use WARN_RATELIMIT
    - LP: #810425
  * af_packet: prevent information leak
    - LP: #810425
  * net/ipv4: Check for mistakenly passed in non-IPv4 address
    - LP: #810425
  * ipv6/udp: Use the correct variable to determine non-blocking condition
    - LP: #810425
  * udp/recvmsg: Clear MSG_TRUNC flag when starting over for a new packet
    - LP: #810425
  * mm: prevent concurrent unmap_mapping_range() on the same inode
    - LP: #810425
  * xen: set max_pfn_mapped to the last pfn mapped
    - LP: #810425
  * xen: partially revert "xen: set max_pfn_mapped to the last pfn mapped"
    - LP: #810425
  * Linux 2.6.32.43
    - LP: #810425
  * eCryptfs: Handle failed metadata read in lookup
    - LP: #509180
  * pagemap: close races with suid execve, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * report errors in /proc/*/*map* sanely, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * close race in /proc/*/environ, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * auxv: require the target to be tracable (or yourself), CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * deal with races in /proc/*/{syscall, stack, personality}, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * rose_loopback_timer sets VC number <= ROSE_DEFAULT_MAXVC, CVE-2011-1493
    - LP: #816550
    - CVE-2011-1493
  * rose: Add length checks to CALL_REQUEST parsing, CVE-2011-1493
    - LP: #816550
    - CVE-2011-1493
  * Bluetooth: l2cap and rfcomm: fix 1 byte infoleak to userspace.
    - LP: #819569
    - CVE-2011-2492
  * drm/nv50-nvc0: work around an evo channel hang that some people see
    - LP: #583760
  * ASoC: Fix Blackfin I2S _pointer() implementation return in bounds
    values
    - LP: #823296
  * v4l2-ioctl.c: prefill tuner type for g_frequency and g/s_tuner
    - LP: #823296
  * pvrusb2: fix g/s_tuner support
    - LP: #823296
  * bttv: fix s_tuner for radio
    - LP: #823296
  * gro: Only reset frag0 when skb can be pulled
    - LP: #823296
  * NFSv4.1: update nfs4_fattr_bitmap_maxsz
    - LP: #823296
  * SUNRPC: Fix a race between work-queue and rpc_killall_tasks
    - LP: #823296
  * SUNRPC: Fix use of static variable in rpcb_getport_async
    - LP: #823296
  * si4713-i2c: avoid potential buffer overflow on si4713
    - LP: #823296
  * hwmon: (max1111) Fix race condition causing NULL pointer exception
    - LP: #823296
  * bridge: send proper message_age in config BPDU
    - LP: #823296
  * davinci: DM365 EVM: fix video input mux bits
    - LP: #823296
  * libata: fix unexpectedly frozen port after ata_eh_reset()
    - LP: #823296
  * x86: Make Dell Latitude E5420 use reboot=pci
    - LP: #823296
  * USB: pl2303: add AdLink ND-6530 USB IDs
    - LP: #823296
  * USB: pl2303.h: checkpatch cleanups
    - LP: #823296
  * USB: serial: add IDs for WinChipHead USB->RS232 adapter
    - LP: #823296
  * staging: comedi: fix infoleak to userspace
    - LP: #823296
  * USB: OHCI: fix another regression for NVIDIA controllers
    - LP: #823296
  * usb: musb: restore INDEX register in resume path
    - LP: #823296
  * USB: dummy-hcd needs the has_tt flag
    - LP: #823296
  * ARM: pxa/cm-x300: fix V3020 RTC functionality
    - LP: #823296
  * jme: Fix unmap error (Causing system freeze)
    - LP: #823296
  * libsas: remove expander from dev list on error
    - LP: #823296
  * mac80211: Restart STA timers only on associated state
    - LP: #823296
  * Blacklist Traxdata CDR4120 and IOMEGA Zip drive to avoid lock ups.
    - LP: #823296
  * ses: requesting a fault indication
    - LP: #823296
  * pmcraid: reject negative request size
    - LP: #823296
  * kexec, x86: Fix incorrect jump back address if not preserving context
    - LP: #823296
  * powerpc/kdump: Fix timeout in crash_kexec_wait_realmode
    - LP: #823296
  * PCI: ARI is a PCIe v2 feature
    - LP: #823296
  * cciss: do not attempt to read from a write-only register
    - LP: #823296
  * xtensa: prevent arbitrary read in ptrace
    - LP: #823296
  * ext3: Fix oops in ext3_try_to_allocate_with_rsv()
    - LP: #823296
  * svcrpc: fix list-corrupting race on nfsd shutdown
    - LP: #823296
  * EHCI: only power off port if over-current is active
    - LP: #823296
  * EHCI: fix direction handling for interrupt data toggles
    - LP: #823296
  * powerpc/pseries/hvconsole: Fix dropped console output
    - LP: #823296
  * x86: Hpet: Avoid the comparator readback penalty
    - LP: #823296
  * x86: HPET: Chose a paranoid safe value for the ETIME check
    - LP: #823296
  * cifs: clean up cifs_find_smb_ses (try #2)
    - LP: #823296
  * cifs: fix NULL pointer dereference in cifs_find_smb_ses
    - LP: #823296
  * cifs: check for NULL session password
    - LP: #823296
  * gre: fix netns vs proto registration ordering
    - LP: #823296
  * netns xfrm: fixup xfrm6_tunnel error propagation
    - LP: #823296
  * tunnels: fix netns vs proto registration ordering
    - LP: #823296
  * alpha: fix several security issues
    - LP: #823296
  * proc: restrict access to /proc/PID/io
    - LP: #823296
  * ALSA: sound/core/pcm_compat.c: adjust array index
    - LP: #823296
  * dm mpath: fix potential NULL pointer in feature arg processing
    - LP: #823296
  * dm: fix idr leak on module removal
    - LP: #823296
  * perf: overflow/perf_count_sw_cpu_clock crashes recent kernels
    - LP: #823296
  * atm: [br2684] allow routed mode operation again
    - LP: #823296
  * Linux 2.6.32.44
    - LP: #823296

[ Ubuntu: 2.6.32-33.72 ]

* Revert "fix oops in scsi_run_queue()"
    - LP: #811745
  * Revert "put stricter guards on queue dead checks"
    - LP: #811745

[ Ubuntu: 2.6.32-33.71 ]

* splice: direct_splice_actor() should not use pos in sd
    - LP: #588861
 -- Stefan Bader <stefan.bader@canonical.com>   Thu, 01 Sep 2011 16:20:32 +0200

Changed in linux-ec2 (Ubuntu Lucid):
status:	Fix Committed → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2011-09-29:

#11

Download full text (16.5 KiB)

This bug was fixed in the package linux-lts-backport-natty - 2.6.38-11.50~lucid1

---------------
linux-lts-backport-natty (2.6.38-11.50~lucid1) lucid-proposed; urgency=low

[Herton R. Krzesinski]

* Release Tracking Bug
- LP: #848588

[ Upstream Kernel Changes ]

  * Revert "eCryptfs: Handle failed metadata read in lookup"
  * Revert "KVM: fix kvmclock regression due to missing clock update"
  * Revert "ath9k: use split rx buffers to get rid of order-1 skb
    allocations"

linux (2.6.38-11.49) natty-proposed; urgency=low

[Herton R. Krzesinski]

* Release Tracking Bug
- LP: #836903

[ Adam Jackson ]

* SAUCE: drm/i915/pch: Fix integer math bugs in panel fitting
- LP: #753994

[ Keng-Yu Lin ]

* SAUCE: Input: ALPS - Enable Intellimouse mode for Lenovo Zhaoyang E47
- LP: #632884, #803005

[ Stefan Bader ]

* [Config] Force perf to use libiberty for demangling
- LP: #783660

[ Tim Gardner ]

* [Config] Add enic/fnic to udebs
- LP: #801610

[ Upstream Kernel Changes ]

  * eeepc-wmi: add keys found on EeePC 1215T
    - LP: #812644
  * eCryptfs: Handle failed metadata read in lookup
    - LP: #509180
  * pagemap: close races with suid execve, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * report errors in /proc/*/*map* sanely, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * close race in /proc/*/environ, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * auxv: require the target to be tracable (or yourself), CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * deal with races in /proc/*/{syscall, stack, personality}, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * vmscan: fix a livelock in kswapd
    - LP: #813797
  * mmc: Add PCI fixup quirks for Ricoh 1180:e823 reader
    - LP: #773524
  * mmc: Added quirks for Ricoh 1180:e823 lower base clock frequency
    - LP: #773524
  * rose: Add length checks to CALL_REQUEST parsing, CVE-2011-1493
    - LP: #816550
    - CVE-2011-1493
  * pata_marvell: Add support for 88SE91A0, 88SE91A4
    - LP: #777325
  * GFS2: make sure fallocate bytes is a multiple of blksize, CVE-2011-2689
    - LP: #819572
    - CVE-2011-2689
  * Bluetooth: l2cap and rfcomm: fix 1 byte infoleak to userspace.
    - LP: #819569
    - CVE-2011-2492
  * drm/nv50-nvc0: work around an evo channel hang that some people see
    - LP: #583760
  * KVM: fix kvmclock regression due to missing clock update
    - LP: #795717
  * Add mount option to check uid of device being mounted = expect uid,
    CVE-2011-1833
    - LP: #732628
    - CVE-2011-1833
  * proc: fix oops on invalid /proc/<pid>/maps access, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * ipv6: make fragment identifications less predictable, CVE-2011-2699
    - LP: #827685
    - CVE-2011-2699
  * ath9k: use split rx buffers to get rid of order-1 skb allocations
    - LP: #728835
  * perf: Fix software event overflow, CVE-2011-2918
    - LP: #834121
    - CVE-2011-2918

linux (2.6.38-11.48) natty-proposed; urgency=low

[Herton R. Krzesinski]

* Release Tracking Bug
- LP: #818175

[ Upstream Kernel Changes ]

* Revert "HID: magicmouse: ignore 'ivalid report id' while switching
...

This bug was fixed in the package linux-lts-backport-natty - 2.6.38-11.50~lucid1

---------------
linux-lts-backport-natty (2.6.38-11.50~lucid1) lucid-proposed; urgency=low

[Herton R. Krzesinski]

* Release Tracking Bug
    - LP: #848588

[ Upstream Kernel Changes ]

* Revert "eCryptfs: Handle failed metadata read in lookup"
  * Revert "KVM: fix kvmclock regression due to missing clock update"
  * Revert "ath9k: use split rx buffers to get rid of order-1 skb
    allocations"

linux (2.6.38-11.49) natty-proposed; urgency=low

[Herton R. Krzesinski]

* Release Tracking Bug
    - LP: #836903

[ Adam Jackson ]

* SAUCE: drm/i915/pch: Fix integer math bugs in panel fitting
    - LP: #753994

[ Keng-Yu Lin ]

* SAUCE: Input: ALPS - Enable Intellimouse mode for Lenovo Zhaoyang E47
    - LP: #632884, #803005

[ Stefan Bader ]

* [Config] Force perf to use libiberty for demangling
    - LP: #783660

[ Tim Gardner ]

* [Config] Add enic/fnic to udebs
    - LP: #801610

[ Upstream Kernel Changes ]

* eeepc-wmi: add keys found on EeePC 1215T
    - LP: #812644
  * eCryptfs: Handle failed metadata read in lookup
    - LP: #509180
  * pagemap: close races with suid execve, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * report errors in /proc/*/*map* sanely, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * close race in /proc/*/environ, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * auxv: require the target to be tracable (or yourself), CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * deal with races in /proc/*/{syscall, stack, personality}, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * vmscan: fix a livelock in kswapd
    - LP: #813797
  * mmc: Add PCI fixup quirks for Ricoh 1180:e823 reader
    - LP: #773524
  * mmc: Added quirks for Ricoh 1180:e823 lower base clock frequency
    - LP: #773524
  * rose: Add length checks to CALL_REQUEST parsing, CVE-2011-1493
    - LP: #816550
    - CVE-2011-1493
  * pata_marvell: Add support for 88SE91A0, 88SE91A4
    - LP: #777325
  * GFS2: make sure fallocate bytes is a multiple of blksize, CVE-2011-2689
    - LP: #819572
    - CVE-2011-2689
  * Bluetooth: l2cap and rfcomm: fix 1 byte infoleak to userspace.
    - LP: #819569
    - CVE-2011-2492
  * drm/nv50-nvc0: work around an evo channel hang that some people see
    - LP: #583760
  * KVM: fix kvmclock regression due to missing clock update
    - LP: #795717
  * Add mount option to check uid of device being mounted = expect uid,
    CVE-2011-1833
    - LP: #732628
    - CVE-2011-1833
  * proc: fix oops on invalid /proc/<pid>/maps access, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * ipv6: make fragment identifications less predictable, CVE-2011-2699
    - LP: #827685
    - CVE-2011-2699
  * ath9k: use split rx buffers to get rid of order-1 skb allocations
    - LP: #728835
  * perf: Fix software event overflow, CVE-2011-2918
    - LP: #834121
    - CVE-2011-2918

linux (2.6.38-11.48) natty-proposed; urgency=low

[Herton R. Krzesinski]

* Release Tracking Bug
    - LP: #818175

[ Upstream Kernel Changes ]

* Revert "HID: magicmouse: ignore 'ivalid report id' while switching
    modes"
    - LP: #814250

linux (2.6.38-11.47) natty-proposed; urgency=low

[Steve Conklin]

* Release Tracking Bug
    - LP: #811180

[ Keng-Yu Lin ]

* SAUCE: Revert: "dell-laptop: Toggle the unsupported hardware
    killswitch"
    - LP: #775281

[ Ming Lei ]

* SAUCE: fix yama_ptracer_del lockdep warning
    - LP: #791019

[ Stefan Bader ]

* SAUCE: Re-enable RODATA for i386 virtual
    - LP: #809838

[ Tim Gardner ]

* [Config] Add grub-efi as a recommended bootloader for server and
    generic
    - LP: #800910
  * SAUCE: rtl8192se: Force a build for a 2.6/3.0 kernel
    - LP: #805494

[ Upstream Kernel Changes ]

* Revert "bridge: Forward reserved group addresses if !STP"
    - LP: #793702
  * Fix up ABI directory
  * bonding: Incorrect TX queue offset, CVE-2011-1581
    - LP: #792312
    - CVE-2011-1581
  * fs/partitions/efi.c: corrupted GUID partition tables can cause kernel
    oops
    - LP: #795418
    - CVE-2011-1577
  * usbnet/cdc_ncm: add missing .reset_resume hook
    - LP: #793892
  * ath5k: Disable fast channel switching by default
    - LP: #767192
  * mm: vmscan: correctly check if reclaimer should schedule during
    shrink_slab
    - LP: #755066
  * mm: vmscan: correct use of pgdat_balanced in sleeping_prematurely
    - LP: #755066
  * ALSA: hda - Use LPIB for ATI/AMD chipsets as default
    - LP: #741825
  * ALSA: hda - Enable snoop bit for AMD controllers
    - LP: #741825
  * ALSA: hda - Enable sync_write workaround for AMD generically
    - LP: #741825
  * cpuidle: menu: fixed wrapping timers at 4.294 seconds
    - LP: #774947
  * drm/i915: Fix gen6 (SNB) missed BLT ring interrupts.
    - LP: #761065
  * USB: ehci: remove structure packing from ehci_def
    - LP: #791552
  * drm/i915: disable PCH ports if needed when disabling a CRTC
    - LP: #791752
  * kmemleak: Do not return a pointer to an object that kmemleak did not
    get
    - LP: #793702
  * kmemleak: Initialise kmemleak after debug_objects_mem_init()
    - LP: #793702
  * Fix _OSC UUID in pcc-cpufreq
    - LP: #793702
  * CPU hotplug, re-create sysfs directory and symlinks
    - LP: #793702
  * Fix memory leak in cpufreq_stat
    - LP: #793702
  * net: recvmmsg: Strip MSG_WAITFORONE when calling recvmsg
    - LP: #793702
  * ftrace: Only update the function code on write to filter files
    - LP: #793702
  * qla2xxx: Fix hang during driver unload when vport is active.
    - LP: #793702
  * qla2xxx: Fix virtual port failing to login after chip reset.
    - LP: #793702
  * qla2xxx: Fix vport delete hang when logins are outstanding.
    - LP: #793702
  * powerpc/kdump64: Don't reference freed memory as pacas
    - LP: #793702
  * powerpc/kexec: Fix memory corruption from unallocated slaves
    - LP: #793702
  * x86, cpufeature: Fix cpuid leaf 7 feature detection
    - LP: #793702
  * ath9k_hw: do noise floor calibration only on required chains
    - LP: #793702
  * ath9k_hw: fix power for the HT40 duplicate frames
    - LP: #793702
  * ath9k_hw: fix dual band assumption for XB113
    - LP: #793702
  * ath9k_hw: Fix STA connection issues with AR9380 (XB113).
    - LP: #793702
  * powerpc: Set nr_cpu_ids early and use it to free PACAs
    - LP: #793702
  * powerpc/oprofile: Handle events that raise an exception without
    overflowing
    - LP: #793702
  * iwlagn: fix iwl_is_any_associated
    - LP: #793702
  * block: rescan partitions on invalidated devices on -ENOMEDIA too
    - LP: #793702
  * block: move bd_set_size() above rescan_partitions() in __blkdev_get()
    - LP: #793702
  * paride: Convert to bdops->check_events()
    - LP: #793702
  * gdrom,viocd: Convert to bdops->check_events()
    - LP: #793702
  * ide: Convert to bdops->check_events()
    - LP: #793702
  * block: don't block events on excl write for non-optical devices
    - LP: #793702
  * block: Fix discard topology stacking and reporting
    - LP: #793702
  * block: add proper state guards to __elv_next_request
    - LP: #793702
  * block: always allocate genhd->ev if check_events is implemented
    - LP: #793702
  * mtd: mtdconcat: fix NAND OOB write
    - LP: #793702
  * mtd: return badblockbits back
    - LP: #793702
  * x86, 64-bit: Fix copy_[to/from]_user() checks for the userspace address
    limit
    - LP: #793702
  * ext4: fix possible use-after-free in ext4_remove_li_request()
    - LP: #793702
  * iwlwifi: fix bugs in change_interface
    - LP: #793702
  * nl80211: Fix set_key regression with some drivers
    - LP: #793702
  * mac80211: fix a few RCU issues
    - LP: #793702
  * wire up fanotify syscalls
    - LP: #793702
  * wire up clock_adjtime syscall
    - LP: #793702
  * drm: Send pending vblank events before disabling vblank.
    - LP: #793702
  * pata_cm64x: fix boot crash on parisc
    - LP: #793702
  * ext3: Fix fs corruption when make_indexed_dir() fails
    - LP: #793702
  * jbd: Fix forever sleeping process in do_get_write_access()
    - LP: #793702
  * jbd: fix fsync() tid wraparound bug
    - LP: #793702
  * ext4: release page cache in ext4_mb_load_buddy error path
    - LP: #793702
  * bonding: 802.3ad - fix agg_device_up
    - LP: #793702
  * bridge: fix forwarding of IPv6
    - LP: #793702
  * ieee802154: Remove hacked CFLAGS in net/ieee802154/Makefile
    - LP: #793702
  * irda: fix locking unbalance in irda_sendmsg
    - LP: #793702
  * inetpeer: reduce stack usage
    - LP: #793702
  * ipv6: Remove hoplimit initialization to -1
    - LP: #793702
  * ipv6: udp: fix the wrong headroom check
    - LP: #793702
  * macvlan: fix panic if lowerdev in a bond
    - LP: #793702
  * net: Do not wrap sysctl igmp_max_memberships in IP_MULTICAST
    - LP: #793702
  * net: use hlist_del_rcu() in dev_change_name()
    - LP: #793702
  * SCTP: fix race between sctp_bind_addr_free() and
    sctp_bind_addr_conflict()
    - LP: #793702
  * tcp: len check is unnecessarily devastating, change to WARN_ON
    - LP: #793702
  * vlan: fix GVRP at dismantle time MIME-Version: 1.0
    - LP: #793702
  * igmp: call ip_mc_clear_src() only when we have no users of ip_mc_list
    - LP: #793702
  * net: add skb_dst_force() in sock_queue_err_skb()
    - LP: #793702
  * sch_sfq: avoid giving spurious NET_XMIT_CN signals
    - LP: #793702
  * sctp: fix memory leak of the ASCONF queue when free asoc
    - LP: #793702
  * sch_sfq: fix peek() implementation
    - LP: #793702
  * bonding: prevent deadlock on slave store with alb mode (v3)
    - LP: #793702
  * mpt2sas: move even handling of MPT2SAS_TURN_ON_FAULT_LED into process
    context
    - LP: #793702
  * bnx2i: Fixed packet error created when the sq_size is set to 16
    - LP: #793702
  * bnx2i: Updated the connection shutdown/cleanup timeout
    - LP: #793702
  * Fix Ultrastor asm snippet
    - LP: #793702
  * target: Fix multi task->task_sg[] chaining logic bug
    - LP: #793702
  * target: Fix interrupt context bug with stats_lock and
    core_tmr_alloc_req
    - LP: #793702
  * target: Fix bug with task_sg chained transport_free_dev_tasks release
    - LP: #793702
  * target: Fix task->task_execute_queue=1 clear bug + LUN_RESET OOPs
    - LP: #793702
  * x86, ioapic: Fix potential resume deadlock
    - LP: #793702
  * x86, amd: Do not enable ARAT feature on AMD processors below family
    0x12
    - LP: #793702
  * x86, amd: Use _safe() msr access for GartTlbWlk disable code
    - LP: #793702
  * x86, cpufeature: Update CPU feature RDRND to RDRAND
    - LP: #793702
  * oprofile, x86: Enable preemption during pci device setup in IBS init
    - LP: #793702
  * rcu: Fix unpaired rcu_irq_enter() from locking selftests
    - LP: #793702
  * When mandatory encryption on share, fail mount
    - LP: #793702
  * staging: usbip: fix wrong endian conversion
    - LP: #793702
  * staging: r8712u: Fix driver to support ad-hoc mode
    - LP: #793702
  * Fix for buffer overflow in ldm_frag_add not sufficient
    - LP: #793702
  * seqlock: Don't smp_rmb in seqlock reader spin loop
    - LP: #793702
  * md: Fix race when creating a new md device.
    - LP: #793702
  * md/bitmap: fix saving of events_cleared and other state.
    - LP: #793702
  * ALSA: HDA: Use one dmic only for Dell Studio 1558
    - LP: #731706, #793702
  * ALSA: HDA: Add quirk for Lenovo U350
    - LP: #751681, #793702
  * ALSA: hda - Fix input-src parse in patch_analog.c
    - LP: #793702
  * ASoC: Ensure output PGA is enabled for line outputs in wm_hubs
    - LP: #793702
  * ASoC: Add some missing volume update bit sets for wm_hubs devices
    - LP: #793702
  * HID: magicmouse: ignore 'ivalid report id' while switching modes
    - LP: #793702
  * mm/page_alloc.c: prevent unending loop in __alloc_pages_slowpath()
    - LP: #793702
  * loop: limit 'max_part' module param to DISK_MAX_PARTS
    - LP: #793702
  * loop: handle on-demand devices correctly
    - LP: #793702
  * i2c/writing-clients: Fix foo_driver.id_table
    - LP: #793702
  * USB: CP210x Add 4 Device IDs for AC-Services Devices
    - LP: #793702
  * USB: moto_modem: Add USB identifier for the Motorola VE240.
    - LP: #793702
  * USB: serial: ftdi_sio: adding support for TavIR STK500
    - LP: #793702
  * USB: gadget: g_multi: fixed vendor and product ID in inf files
    - LP: #793702
  * USB: gamin_gps: Fix for data transfer problems in native mode
    - LP: #793702
  * Bind only modem AT command endpoint to option module.
    - LP: #793702
  * USB: cdc_acm: Fix oops when Droids MuIn LCD is connected
    - LP: #793702
  * xhci: Fix bug in control transfer cancellation.
    - LP: #793702
  * usb/gadget: at91sam9g20 fix end point max packet size
    - LP: #793702
  * usb: gadget: rndis: don't test against req->length
    - LP: #793702
  * xhci: Fix memory leak in ring cache deallocation.
    - LP: #793702
  * xhci: Fix memory leak bug when dropping endpoints
    - LP: #793702
  * USB: option: add support for Huawei E353 device
    - LP: #793702
  * OHCI: fix regression caused by nVidia shutdown workaround
    - LP: #793702
  * USB: remove remaining usages of hcd->state from usbcore and fix
    regression
    - LP: #793702
  * cx88: protect per-device driver list with device lock
    - LP: #793702
  * cx88: fix locking of sub-driver operations
    - LP: #793702
  * cx88: hold device lock during sub-driver initialization
    - LP: #793702
  * sh: clkfwk: fixup clk_rate_table_build parameter in div6 clock
    - LP: #793702
  * sh: fixup fpu.o compile order
    - LP: #793702
  * p54usb: add zoom 4410 usbid
    - LP: #793702
  * eCryptfs: Allow 2 scatterlist entries for encrypted filenames
    - LP: #793702
  * UBIFS: fix a rare memory leak in ro to rw remounting path
    - LP: #793702
  * kbuild: Fix GNU make v3.80 compatibility
    - LP: #793702
  * i8k: Avoid lahf in 64-bit code
    - LP: #793702
  * idle governor: Avoid lock acquisition to read pm_qos before entering
    idle
    - LP: #793702
  * dm table: reject devices without request fns
    - LP: #793702
  * ARM: 6941/1: cache: ensure MVA is cacheline aligned in
    flush_kern_dcache_area
    - LP: #793702
  * tmpfs: fix race between truncate and writepage
    - LP: #793702
  * atm: expose ATM device index in sysfs
    - LP: #793702
  * brd: limit 'max_part' module param to DISK_MAX_PARTS
    - LP: #793702
  * brd: handle on-demand devices correctly
    - LP: #793702
  * drm/i915: fix user irq miss in BSD ring on g4x
    - LP: #793702
  * drm/radeon/evergreen/btc/fusion: setup hdp to invalidate and flush when
    asked
    - LP: #793702
  * drm/radeon/kms: add wait idle ioctl for eg->cayman
    - LP: #793702
  * SUNRPC: Deal with the lack of a SYN_SENT sk->sk_state_change
    callback...
    - LP: #793702
  * NFSv4: Handle expired stateids when the lease is still valid
    - LP: #793702
  * NFSv4.1: Fix the handling of NFS4ERR_SEQ_MISORDERED errors
    - LP: #793702
  * PCI: Add quirk for setting valid class for TI816X Endpoint
    - LP: #793702
  * xen mmu: fix a race window causing leave_mm BUG()
    - LP: #793702
  * ext4: Use schedule_timeout_interruptible() for waiting in lazyinit
    thread
    - LP: #793702
  * AppArmor: fix oops in apparmor_setprocattr
    - LP: #793702
  * Linux 2.6.38.8
    - LP: #793702
  * xhci: Add defines for hardcoded slot states
    - LP: #802541
  * xhci: Do not issue device reset when device is not setup
    - LP: #802541
  * taskstats: don't allow duplicate entries in listener mode,
    CVE-2011-2484
    - LP: #806390
    - CVE-2011-2484
  * ext4: init timer earlier to avoid a kernel panic in __save_error_info,
    CVE-2011-2493
    - LP: #806929
    - CVE-2011-2493
  * acer-wmi: does not poll device status when WMI event is available
    - LP: #771758
  * acer-wmi: Only update rfkill status for associated hotkey events
    - LP: #771758
  * (drop after 2.6.38) acer-wmi: Add support for Aspire 1830 wlan hotkey
    - LP: #771758
  * mm: vmscan: correct check for kswapd sleeping in sleeping_prematurely
    - LP: #808509
  * mm: vmscan: kswapd should not free an excessive number of pages when
    balancing small zones
    - LP: #808509
  * mm: vmscan: do not apply pressure to slab if we are not applying
    pressure to zone
    - LP: #808509
  * mm: vmscan: evaluate the watermarks against the correct classzone
    - LP: #808509
  * mm: vmscan: only read new_classzone_idx from pgdat when reclaiming
    successfully
    - LP: #808509

linux (2.6.38-10.46) natty-proposed; urgency=low

[ Steve Conklin ]

* Release Tracking Bug
    - LP: #802464

[ Upstream Kernel Changes ]

* Revert "put stricter guards on queue dead checks"
  * Revert "fix oops in scsi_run_queue()"
 -- Herton Ronaldo Krzesinski <herton.krzesinski@canonical.com>   Tue, 13 Sep 2011 17:49:18 -0300

Changed in linux-lts-backport-natty (Ubuntu Lucid):
status:	Fix Committed → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2011-09-29:

#12

Download full text (16.9 KiB)

This bug was fixed in the package linux - 2.6.32-34.77

---------------
linux (2.6.32-34.77) lucid-proposed; urgency=low

[Steve Conklin]

* Release Tracking Bug
- LP: #849228

[ Upstream Kernel Changes ]

  * Revert "drm/i915: Remove BUG_ON from i915_gem_evict_something"
  * Revert "drm/i915: Periodically flush the active lists and requests"
  * Revert "drm/i915/evict: Ensure we completely cleanup on failure"
  * Revert "drm/i915: Maintain LRU order of inactive objects upon access by
    CPU (v2)"
  * Revert "drm/i915: Implement fair lru eviction across both rings. (v2)"
  * Revert "drm/i915: Move the eviction logic to its own file."
  * Revert "drm/i915: prepare for fair lru eviction"

linux (2.6.32-34.76) lucid-proposed; urgency=low

[Steve Conklin]

* Release Tracking Bug
- LP: #836914

[ Upstream Kernel Changes ]

  * Revert "drm/nv50-nvc0: work around an evo channel hang that some people
    see"
  * Revert "eCryptfs: Handle failed metadata read in lookup"
  * Revert "tunnels: fix netns vs proto registration ordering"

linux (2.6.32-34.75) lucid-proposed; urgency=low

[Herton R. Krzesinski]

* Release Tracking Bug
- LP: #832332

[ Upstream Kernel Changes ]

* drm/i915: Remove BUG_ON from i915_gem_evict_something
- LP: #828550

linux (2.6.32-34.74) lucid-proposed; urgency=low

[Herton R. Krzesinski]

* Release Tracking Bug
- LP: #828375

[ Upstream Kernel Changes ]

  * proc: fix oops on invalid /proc/<pid>/maps access, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020

linux (2.6.32-34.73) lucid-proposed; urgency=low

[Herton R. Krzesinski]

* Release Tracking Bug
- LP: #824148

[ Tim Gardner ]

  * SAUCE: rtl8192se: Force a build for a 2.6/3.0 kernel
    - LP: #805494
  * [Config] Add enic/fnic to udebs
    - LP: #801610

[ Upstream Kernel Changes ]

  * tty: icount changeover for other main devices, CVE-2010-4076,
    CVE-2010-4077
    - LP: #720189
    - CVE-2010-4077
  * fs/partitions/efi.c: corrupted GUID partition tables can cause kernel
    oops
    - LP: #795418
    - CVE-2011-1577
  * ftrace: Only update the function code on write to filter files
    - LP: #802383
  * kmemleak: Do not return a pointer to an object that kmemleak did not
    get
    - LP: #802383
  * CPU hotplug, re-create sysfs directory and symlinks
    - LP: #802383
  * Fix memory leak in cpufreq_stat
    - LP: #802383
  * powerpc/kexec: Fix memory corruption from unallocated slaves
    - LP: #802383
  * powerpc/oprofile: Handle events that raise an exception without
    overflowing
    - LP: #802383
  * mtd: mtdconcat: fix NAND OOB write
    - LP: #802383
  * x86, 64-bit: Fix copy_[to/from]_user() checks for the userspace address
    limit
    - LP: #802383
  * ext3: Fix fs corruption when make_indexed_dir() fails
    - LP: #802383
  * jbd: Fix forever sleeping process in do_get_write_access()
    - LP: #802383
  * jbd: fix fsync() tid wraparound bug
    - LP: #802383
  * ext4: release page cache in ext4_mb_load_buddy error path
    - LP: #802383
  * Fix Ultrastor asm snippet
    - LP: #802383
  * x86, amd: Do not enable ARAT feature on AMD processors below family
    0x12
    - LP: #802383
  * x86, ...

This bug was fixed in the package linux - 2.6.32-34.77

---------------
linux (2.6.32-34.77) lucid-proposed; urgency=low

[Steve Conklin]

* Release Tracking Bug
    - LP: #849228

[ Upstream Kernel Changes ]

* Revert "drm/i915: Remove BUG_ON from i915_gem_evict_something"
  * Revert "drm/i915: Periodically flush the active lists and requests"
  * Revert "drm/i915/evict: Ensure we completely cleanup on failure"
  * Revert "drm/i915: Maintain LRU order of inactive objects upon access by
    CPU (v2)"
  * Revert "drm/i915: Implement fair lru eviction across both rings. (v2)"
  * Revert "drm/i915: Move the eviction logic to its own file."
  * Revert "drm/i915: prepare for fair lru eviction"

linux (2.6.32-34.76) lucid-proposed; urgency=low

[Steve Conklin]

* Release Tracking Bug
    - LP: #836914

[ Upstream Kernel Changes ]

* Revert "drm/nv50-nvc0: work around an evo channel hang that some people
    see"
  * Revert "eCryptfs: Handle failed metadata read in lookup"
  * Revert "tunnels: fix netns vs proto registration ordering"

linux (2.6.32-34.75) lucid-proposed; urgency=low

[Herton R. Krzesinski]

* Release Tracking Bug
    - LP: #832332

[ Upstream Kernel Changes ]

* drm/i915: Remove BUG_ON from i915_gem_evict_something
    - LP: #828550

linux (2.6.32-34.74) lucid-proposed; urgency=low

[Herton R. Krzesinski]

* Release Tracking Bug
    - LP: #828375

[ Upstream Kernel Changes ]

* proc: fix oops on invalid /proc/<pid>/maps access, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020

linux (2.6.32-34.73) lucid-proposed; urgency=low

[Herton R. Krzesinski]

* Release Tracking Bug
    - LP: #824148

[ Tim Gardner ]

* SAUCE: rtl8192se: Force a build for a 2.6/3.0 kernel
    - LP: #805494
  * [Config] Add enic/fnic to udebs
    - LP: #801610

[ Upstream Kernel Changes ]

* tty: icount changeover for other main devices, CVE-2010-4076,
    CVE-2010-4077
    - LP: #720189
    - CVE-2010-4077
  * fs/partitions/efi.c: corrupted GUID partition tables can cause kernel
    oops
    - LP: #795418
    - CVE-2011-1577
  * ftrace: Only update the function code on write to filter files
    - LP: #802383
  * kmemleak: Do not return a pointer to an object that kmemleak did not
    get
    - LP: #802383
  * CPU hotplug, re-create sysfs directory and symlinks
    - LP: #802383
  * Fix memory leak in cpufreq_stat
    - LP: #802383
  * powerpc/kexec: Fix memory corruption from unallocated slaves
    - LP: #802383
  * powerpc/oprofile: Handle events that raise an exception without
    overflowing
    - LP: #802383
  * mtd: mtdconcat: fix NAND OOB write
    - LP: #802383
  * x86, 64-bit: Fix copy_[to/from]_user() checks for the userspace address
    limit
    - LP: #802383
  * ext3: Fix fs corruption when make_indexed_dir() fails
    - LP: #802383
  * jbd: Fix forever sleeping process in do_get_write_access()
    - LP: #802383
  * jbd: fix fsync() tid wraparound bug
    - LP: #802383
  * ext4: release page cache in ext4_mb_load_buddy error path
    - LP: #802383
  * Fix Ultrastor asm snippet
    - LP: #802383
  * x86, amd: Do not enable ARAT feature on AMD processors below family
    0x12
    - LP: #802383
  * x86, amd: Use _safe() msr access for GartTlbWlk disable code
    - LP: #802383
  * rcu: Fix unpaired rcu_irq_enter() from locking selftests
    - LP: #802383
  * staging: usbip: fix wrong endian conversion
    - LP: #802383
  * Fix for buffer overflow in ldm_frag_add not sufficient
    - LP: #802383
  * seqlock: Don't smp_rmb in seqlock reader spin loop
    - LP: #802383
  * ALSA: HDA: Use one dmic only for Dell Studio 1558
    - LP: #731706, #802383
  * ASoC: Ensure output PGA is enabled for line outputs in wm_hubs
    - LP: #802383
  * ASoC: Add some missing volume update bit sets for wm_hubs devices
    - LP: #802383
  * mm/page_alloc.c: prevent unending loop in __alloc_pages_slowpath()
    - LP: #802383
  * loop: limit 'max_part' module param to DISK_MAX_PARTS
    - LP: #802383
  * loop: handle on-demand devices correctly
    - LP: #802383
  * USB: CP210x Add 4 Device IDs for AC-Services Devices
    - LP: #802383
  * USB: moto_modem: Add USB identifier for the Motorola VE240.
    - LP: #802383
  * USB: serial: ftdi_sio: adding support for TavIR STK500
    - LP: #802383
  * USB: gamin_gps: Fix for data transfer problems in native mode
    - LP: #802383
  * usb/gadget: at91sam9g20 fix end point max packet size
    - LP: #802383
  * usb: gadget: rndis: don't test against req->length
    - LP: #802383
  * OHCI: fix regression caused by nVidia shutdown workaround
    - LP: #802383
  * p54usb: add zoom 4410 usbid
    - LP: #802383
  * eCryptfs: Allow 2 scatterlist entries for encrypted filenames
    - LP: #802383
  * UBIFS: fix a rare memory leak in ro to rw remounting path
    - LP: #802383
  * i8k: Avoid lahf in 64-bit code
    - LP: #802383
  * cpuidle: menu: fixed wrapping timers at 4.294 seconds
    - LP: #802383
  * dm table: reject devices without request fns
    - LP: #802383
  * atm: expose ATM device index in sysfs
    - LP: #802383
  * brd: limit 'max_part' module param to DISK_MAX_PARTS
    - LP: #802383
  * brd: handle on-demand devices correctly
    - LP: #802383
  * SUNRPC: Deal with the lack of a SYN_SENT sk->sk_state_change
    callback...
    - LP: #802383
  * PCI: Add quirk for setting valid class for TI816X Endpoint
    - LP: #802383
  * xen mmu: fix a race window causing leave_mm BUG()
    - LP: #802383
  * netfilter: nf_conntrack_reasm: properly handle packets fragmented into
    a single fragment
    - LP: #802383
  * fix memory leak in scsi_report_lun_scan
    - LP: #802383
  * fix refcounting bug in scsi_get_host_dev
    - LP: #802383
  * fix duplicate removal on error path in scsi_sysfs_add_sdev
    - LP: #802383
  * UBIFS: fix shrinker object count reports
    - LP: #802383
  * UBIFS: fix memory leak on error path
    - LP: #802383
  * nbd: limit module parameters to a sane value
    - LP: #802383
  * mm: fix ENOSPC returned by handle_mm_fault()
    - LP: #802383
  * PCI: Set PCIE maxpayload for card during hotplug insertion
    - LP: #802383
  * nl80211: fix check for valid SSID size in scan operations
    - LP: #802383
  * lockdep: Fix lock_is_held() on recursion
    - LP: #802383
  * drm/i915: Add a no lvds quirk for the Asus EeeBox PC EB1007
    - LP: #802383
  * drm/radeon/kms: fix for radeon on systems >4GB without hardware iommu
    - LP: #802383
  * fat: Fix corrupt inode flags when remove ATTR_SYS flag
    - LP: #802383
  * xen: off by one errors in multicalls.c
    - LP: #802383
  * x86/amd-iommu: Fix 3 possible endless loops
    - LP: #802383
  * USB: cdc-acm: Adding second ACM channel support for Nokia E7 and C7
    - LP: #802383
  * USB: core: Tolerate protocol stall during hub and port status read
    - LP: #802383
  * USB: serial: add another 4N-GALAXY.DE PID to ftdi_sio driver
    - LP: #802383
  * ALSA: hda: Fix quirk for Dell Inspiron 910
    - LP: #792712, #802383
  * oprofile, dcookies: Fix possible circular locking dependency
    - LP: #802383
  * CPUFREQ: Remove cpufreq_stats sysfs entries on module unload.
    - LP: #802383
  * md: check ->hot_remove_disk when removing disk
    - LP: #802383
  * md/raid5: fix raid5_set_bi_hw_segments
    - LP: #802383
  * md/raid5: fix FUA request handling in ops_run_io()
    - LP: #802383
  * ata: use pci_dev->revision
    - LP: #802383
  * pata_cmd64x: fix PIO setup
    - LP: #802383
  * pata_cmd64x: cmd648_bmdma_stop() fix
    - LP: #802383
  * pata_cmd64x: remove unused definitions
    - LP: #802383
  * pata_cm64x: fix boot crash on parisc
    - LP: #802383
  * ACPI: use _HID when supplied by root-level devices
    - LP: #802383
  * xfs: properly account for reclaimed inodes
    - LP: #802383
  * exec: delay address limit change until point of no return
    - LP: #802383
  * netfilter: IPv6: initialize TOS field in REJECT target module
    - LP: #802383
  * netfilter: IPv6: fix DSCP mangle code
    - LP: #802383
  * genirq: Add IRQF_FORCE_RESUME
    - LP: #802383
  * xen: Use IRQF_FORCE_RESUME
    - LP: #802383
  * time: Compensate for rounding on odd-frequency clocksources
    - LP: #802383
  * Linux 2.6.32.42
    - LP: #802383
  * taskstats: don't allow duplicate entries in listener mode,
    CVE-2011-2484
    - LP: #806390
    - CVE-2011-2484
  * drm_mm: extract check_free_mm_node
    - LP: #599017, #807508
  * drm: implement helper functions for scanning lru list
    - LP: #599017, #807508
  * drm/i915: prepare for fair lru eviction
    - LP: #599017, #807508
  * drm/i915: Move the eviction logic to its own file.
    - LP: #599017, #807508
  * drm/i915: Implement fair lru eviction across both rings. (v2)
    - LP: #599017, #807508
  * drm/i915: Maintain LRU order of inactive objects upon access by CPU
    (v2)
    - LP: #599017, #807508
  * drm/i915/evict: Ensure we completely cleanup on failure
    - LP: #599017, #807508
  * drm/i915: Periodically flush the active lists and requests
    - LP: #599017, #807508
  * Linux 2.6.32.42+drm33.19
    - LP: #807508
  * net: add limit for socket backlog CVE-2010-4251
    - LP: #807462
  * tcp: use limited socket backlog CVE-2010-4251
    - LP: #807462
  * ipv6: udp: Optimise multicast reception
    - LP: #807462
  * ipv4: udp: Optimise multicast reception
    - LP: #807462
  * udp: multicast RX should increment SNMP/sk_drops counter in allocation
    failures CVE-2010-4251
    - LP: #807462
  * udp: use limited socket backlog CVE-2010-4251
    - LP: #807462
  * llc: use limited socket backlog CVE-2010-4251
    - LP: #807462
  * sctp: use limited socket backlog CVE-2010-4251
    - LP: #807462
  * tipc: use limited socket backlog CVE-2010-4251
    - LP: #807462
  * x25: use limited socket backlog CVE-2010-4251
    - LP: #807462
  * net: backlog functions rename CVE-2010-4251
    - LP: #807462
  * net: sk_add_backlog() take rmem_alloc into account CVE-2010-4805
    - LP: #809318
  * ksm: fix NULL pointer dereference in scan_get_next_rmap_item()
    - LP: #810425
  * migrate: don't account swapcache as shmem
    - LP: #810425
  * clocksource: Make watchdog robust vs. interruption
    - LP: #810425
  * TTY: ldisc, do not close until there are readers
    - LP: #810425
  * xhci: Reject double add of active endpoints.
    - LP: #810425
  * PM: Free memory bitmaps if opening /dev/snapshot fails
    - LP: #810425
  * ath5k: fix memory leak when fewer than N_PD_CURVES are in use
    - LP: #810425
  * mm: fix negative commitlimit when gigantic hugepages are allocated
    - LP: #810425
  * uvcvideo: Remove buffers from the queues when freeing
    - LP: #810425
  * watchdog: mtx1-wdt: request gpio before using it
    - LP: #810425
  * debugobjects: Fix boot crash when kmemleak and debugobjects enabled
    - LP: #810425
  * cfq-iosched: fix locking around ioc->ioc_data assignment
    - LP: #810425
  * cfq-iosched: fix a rcu warning
    - LP: #810425
  * i2c-taos-evm: Fix log messages
    - LP: #810425
  * md: avoid endless recovery loop when waiting for fail device to
    complete.
    - LP: #810425
  * SUNRPC: Ensure the RPC client only quits on fatal signals
    - LP: #810425
  * 6pack,mkiss: fix lock inconsistency
    - LP: #810425
  * USB: don't let errors prevent system sleep
    - LP: #810425
  * USB: don't let the hub driver prevent system sleep
    - LP: #810425
  * uml: fix CONFIG_STATIC_LINK=y build failure with newer glibc
    - LP: #810425
  * um: os-linux/mem.c needs sys/stat.h
    - LP: #810425
  * inet_diag: fix inet_diag_bc_audit()
    - LP: #810425
  * PM / Hibernate: Avoid hitting OOM during preallocation of memory
    - LP: #810425
  * PM / Hibernate: Fix free_unnecessary_pages()
    - LP: #810425
  * bug.h: Add WARN_RATELIMIT
    - LP: #810425
  * net: filter: Use WARN_RATELIMIT
    - LP: #810425
  * af_packet: prevent information leak
    - LP: #810425
  * net/ipv4: Check for mistakenly passed in non-IPv4 address
    - LP: #810425
  * ipv6/udp: Use the correct variable to determine non-blocking condition
    - LP: #810425
  * udp/recvmsg: Clear MSG_TRUNC flag when starting over for a new packet
    - LP: #810425
  * mm: prevent concurrent unmap_mapping_range() on the same inode
    - LP: #810425
  * xen: set max_pfn_mapped to the last pfn mapped
    - LP: #810425
  * xen: partially revert "xen: set max_pfn_mapped to the last pfn mapped"
    - LP: #810425
  * Linux 2.6.32.43
    - LP: #810425
  * eCryptfs: Handle failed metadata read in lookup
    - LP: #509180
  * pagemap: close races with suid execve, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * report errors in /proc/*/*map* sanely, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * close race in /proc/*/environ, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * auxv: require the target to be tracable (or yourself), CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * deal with races in /proc/*/{syscall, stack, personality}, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * rose_loopback_timer sets VC number <= ROSE_DEFAULT_MAXVC, CVE-2011-1493
    - LP: #816550
    - CVE-2011-1493
  * rose: Add length checks to CALL_REQUEST parsing, CVE-2011-1493
    - LP: #816550
    - CVE-2011-1493
  * Bluetooth: l2cap and rfcomm: fix 1 byte infoleak to userspace.
    - LP: #819569
    - CVE-2011-2492
  * drm/nv50-nvc0: work around an evo channel hang that some people see
    - LP: #583760
  * ASoC: Fix Blackfin I2S _pointer() implementation return in bounds
    values
    - LP: #823296
  * v4l2-ioctl.c: prefill tuner type for g_frequency and g/s_tuner
    - LP: #823296
  * pvrusb2: fix g/s_tuner support
    - LP: #823296
  * bttv: fix s_tuner for radio
    - LP: #823296
  * gro: Only reset frag0 when skb can be pulled
    - LP: #823296
  * NFSv4.1: update nfs4_fattr_bitmap_maxsz
    - LP: #823296
  * SUNRPC: Fix a race between work-queue and rpc_killall_tasks
    - LP: #823296
  * SUNRPC: Fix use of static variable in rpcb_getport_async
    - LP: #823296
  * si4713-i2c: avoid potential buffer overflow on si4713
    - LP: #823296
  * hwmon: (max1111) Fix race condition causing NULL pointer exception
    - LP: #823296
  * bridge: send proper message_age in config BPDU
    - LP: #823296
  * davinci: DM365 EVM: fix video input mux bits
    - LP: #823296
  * libata: fix unexpectedly frozen port after ata_eh_reset()
    - LP: #823296
  * x86: Make Dell Latitude E5420 use reboot=pci
    - LP: #823296
  * USB: pl2303: add AdLink ND-6530 USB IDs
    - LP: #823296
  * USB: pl2303.h: checkpatch cleanups
    - LP: #823296
  * USB: serial: add IDs for WinChipHead USB->RS232 adapter
    - LP: #823296
  * staging: comedi: fix infoleak to userspace
    - LP: #823296
  * USB: OHCI: fix another regression for NVIDIA controllers
    - LP: #823296
  * usb: musb: restore INDEX register in resume path
    - LP: #823296
  * USB: dummy-hcd needs the has_tt flag
    - LP: #823296
  * ARM: pxa/cm-x300: fix V3020 RTC functionality
    - LP: #823296
  * jme: Fix unmap error (Causing system freeze)
    - LP: #823296
  * libsas: remove expander from dev list on error
    - LP: #823296
  * mac80211: Restart STA timers only on associated state
    - LP: #823296
  * Blacklist Traxdata CDR4120 and IOMEGA Zip drive to avoid lock ups.
    - LP: #823296
  * ses: requesting a fault indication
    - LP: #823296
  * pmcraid: reject negative request size
    - LP: #823296
  * kexec, x86: Fix incorrect jump back address if not preserving context
    - LP: #823296
  * powerpc/kdump: Fix timeout in crash_kexec_wait_realmode
    - LP: #823296
  * PCI: ARI is a PCIe v2 feature
    - LP: #823296
  * cciss: do not attempt to read from a write-only register
    - LP: #823296
  * xtensa: prevent arbitrary read in ptrace
    - LP: #823296
  * ext3: Fix oops in ext3_try_to_allocate_with_rsv()
    - LP: #823296
  * svcrpc: fix list-corrupting race on nfsd shutdown
    - LP: #823296
  * EHCI: only power off port if over-current is active
    - LP: #823296
  * EHCI: fix direction handling for interrupt data toggles
    - LP: #823296
  * powerpc/pseries/hvconsole: Fix dropped console output
    - LP: #823296
  * x86: Hpet: Avoid the comparator readback penalty
    - LP: #823296
  * x86: HPET: Chose a paranoid safe value for the ETIME check
    - LP: #823296
  * cifs: clean up cifs_find_smb_ses (try #2)
    - LP: #823296
  * cifs: fix NULL pointer dereference in cifs_find_smb_ses
    - LP: #823296
  * cifs: check for NULL session password
    - LP: #823296
  * gre: fix netns vs proto registration ordering
    - LP: #823296
  * netns xfrm: fixup xfrm6_tunnel error propagation
    - LP: #823296
  * tunnels: fix netns vs proto registration ordering
    - LP: #823296
  * alpha: fix several security issues
    - LP: #823296
  * proc: restrict access to /proc/PID/io
    - LP: #823296
  * ALSA: sound/core/pcm_compat.c: adjust array index
    - LP: #823296
  * dm mpath: fix potential NULL pointer in feature arg processing
    - LP: #823296
  * dm: fix idr leak on module removal
    - LP: #823296
  * perf: overflow/perf_count_sw_cpu_clock crashes recent kernels
    - LP: #823296
  * atm: [br2684] allow routed mode operation again
    - LP: #823296
  * Linux 2.6.32.44
    - LP: #823296
 -- Steve Conklin <sconklin@canonical.com>   Tue, 13 Sep 2011 13:04:10 -0500

Changed in linux (Ubuntu Lucid):
status:	Fix Committed → Fix Released

Marc Deslauriers (mdeslaur) on 2011-10-25

Changed in linux-lts-backport-oneiric (Ubuntu Oneiric):
status:	New → Invalid
importance:	Undecided → Low
Changed in linux-lts-backport-oneiric (Ubuntu Lucid):
status:	New → Invalid
importance:	Undecided → Low
Changed in linux-lts-backport-oneiric (Ubuntu Precise):
status:	New → Invalid
importance:	Undecided → Low
Changed in linux-lts-backport-oneiric (Ubuntu Hardy):
status:	New → Invalid
importance:	Undecided → Low
Changed in linux-lts-backport-oneiric (Ubuntu Maverick):
status:	New → Invalid
importance:	Undecided → Low
Changed in linux-lts-backport-oneiric (Ubuntu Natty):
status:	New → Invalid
importance:	Undecided → Low

Paolo Pisati (p-pisati) on 2012-01-30

Changed in linux-ti-omap4 (Ubuntu Oneiric):
status:	Fix Committed → Invalid
Changed in linux-ti-omap4 (Ubuntu Precise):
status:	Fix Committed → Invalid

Ubuntu
linux package

CVE-2011-1493

Bug Description

Related branches

CVE References

Other bug subscribers

	Status	Importance	Assigned to
linux (Ubuntu)	Invalid	Low	Unassigned
Hardy	Fix Released	Low	Andy Whitcroft
Lucid	Fix Released	Low	Andy Whitcroft
Maverick	Fix Released	Low	Andy Whitcroft
Natty	Fix Released	Low	Andy Whitcroft
Oneiric	Invalid	Low	Unassigned
Precise	Invalid	Low	Unassigned
linux-ec2 (Ubuntu)	Invalid	Low	Unassigned
Hardy	Invalid	Low	Unassigned
Lucid	Fix Released	Low	Unassigned
Maverick	Invalid	Low	Unassigned
Natty	Invalid	Low	Unassigned
Oneiric	Invalid	Low	Unassigned
Precise	Invalid	Low	Unassigned
linux-fsl-imx51 (Ubuntu)	Invalid	Low	Unassigned
Hardy	Invalid	Low	Unassigned
Lucid	Fix Released	Low	Andy Whitcroft
Maverick	Invalid	Low	Unassigned
Natty	Invalid	Low	Unassigned
Oneiric	Invalid	Low	Unassigned
Precise	Invalid	Low	Unassigned
linux-lts-backport-maverick (Ubuntu)	Invalid	Low	Unassigned
Hardy	Invalid	Low	Unassigned
Lucid	Fix Released	Low	Unassigned
Maverick	Invalid	Low	Unassigned
Natty	Invalid	Low	Unassigned
Oneiric	Invalid	Low	Unassigned
Precise	Invalid	Low	Unassigned
linux-lts-backport-natty (Ubuntu)	Invalid	Low	Unassigned
Hardy	Invalid	Low	Unassigned
Lucid	Fix Released	Low	Unassigned
Maverick	Invalid	Low	Unassigned
Natty	Invalid	Low	Unassigned
Oneiric	Invalid	Low	Unassigned
Precise	Invalid	Low	Unassigned
linux-lts-backport-oneiric (Ubuntu)	Invalid	Low	Unassigned
Hardy	Invalid	Low	Unassigned
Lucid	Invalid	Low	Unassigned
Maverick	Invalid	Low	Unassigned
Natty	Invalid	Low	Unassigned
Oneiric	Invalid	Low	Unassigned
Precise	Invalid	Low	Unassigned
linux-mvl-dove (Ubuntu)	Invalid	Low	Unassigned
Hardy	Invalid	Low	Unassigned
Lucid	Fix Released	Low	Unassigned
Maverick	Fix Released	Low	Unassigned
Natty	Invalid	Low	Unassigned
Oneiric	Invalid	Low	Unassigned
Precise	Invalid	Low	Unassigned
linux-ti-omap4 (Ubuntu)	Invalid	Low	Unassigned
Hardy	Invalid	Low	Unassigned
Lucid	Invalid	Low	Unassigned
Maverick	Fix Released	Low	Andy Whitcroft
Natty	Fix Released	Low	Andy Whitcroft
Oneiric	Invalid	Low	Unassigned
Precise	Invalid	Low	Unassigned

Ubuntulinux package

CVE-2011-1493

Bug Description

Related branches

CVE References

Other bug subscribers

Ubuntu
linux package