linux: 2.6.24-29.93 -proposed tracker

Bug #823912 reported by Herton R. Krzesinski on 2011-08-10
12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Kernel SRU Workflow
Undecided
Unassigned
Certification-testing
Undecided
Canonical Hardware Certification
Prepare-package
Undecided
Herton R. Krzesinski
Prepare-package-lbm
Undecided
Canonical Kernel Team
Prepare-package-meta
Undecided
Canonical Kernel Team
Promote-to-proposed
Undecided
Ubuntu Stable Release Updates Team
Promote-to-security
Undecided
Ubuntu Stable Release Updates Team
Promote-to-updates
Undecided
Ubuntu Stable Release Updates Team
Regression-testing
Undecided
C de-Avillez
Security-signoff
Undecided
Kees Cook
Verification-testing
Undecided
Canonical Kernel Team
linux (Ubuntu)
Medium
Unassigned
Hardy
Undecided
Unassigned

Bug Description

This bug is for tracking the 2.6.24-29.93 upload package. This bug will contain status and testing results related to that upload.

For an explanation of the tasks and the associated workflow see: https://wiki.ubuntu.com/Kernel/kernel-sru-workflow
kernel-stable-Prepare-package-start: Tuesday, 08. August 2011 15:31 UTC
kernel-stable-qa-end:Thursday, 18. August 2011 13:18 UTC
kernel-stable-security-signoff-end:Thursday, 18. August 2011 13:18 UTC
kernel-stable-copy-to-proposed-end:Thursday, 18. August 2011 13:18 UTC
kernel-stable-certification-end:Thursday, 18. August 2011 13:18 UTC
kernel-stable-phase:Released
kernel-stable-phase-changed:Friday, 19. August 2011 06:15 UTC
kernel-stable-copy-to-updates-end:Friday, 19. August 2011 06:15 UTC
kernel-stable-Promote-to-proposed-end:Thursday, 18. August 2011 13:18 UTC
kernel-stable-Certification-testing-end:Thursday, 18. August 2011 13:18 UTC
kernel-stable-Promote-to-updates-end:Friday, 19. August 2011 06:15 UTC
kernel-stable-Regression-testing-end:Thursday, 18. August 2011 13:18 UTC
kernel-stable-Security-signoff-end:Thursday, 18. August 2011 13:18 UTC

tags: added: kernel-release-tracking-bug
description: updated
Changed in linux (Ubuntu):
status: New → In Progress
importance: Undecided → Medium
tags: added: hardy
Changed in kernel-sru-workflow:
status: New → In Progress
Herton R. Krzesinski (herton) wrote :

This kernel contains only CVE fixes and therefore has no bugs to be verified.

Because of this, verification is ready very early (verification week is next week, testing week is after that, from Aug 22th to Aug 26th).

Kees Cook (kees) wrote :

Looks good, thanks!

C de-Avillez (hggdh2) wrote :

No regressions observed. Please note we could not test on bare-metal (machines are being moved to new location).

Tagging qa-testing-passed.

tags: added: qa-testing-passed
description: updated
description: updated
description: updated
description: updated
description: updated
description: updated
description: updated
Herton R. Krzesinski (herton) wrote :

This update contains a fix for CVE-2011-1020 (bug 813026) which brought a regression on lucid and maverick. A similar fix was applied on hardy, so to avoid regressions lets put this update on hold, please don't publish it to -security/-updates yet. I'm marking the publishing tasks as invalid for now, and adding the tag verification-failed.

tags: added: verification-failed
summary: - linux: 2.6.24-29.93 -proposed tracker
+ [Regression] linux: 2.6.24-29.93 -proposed tracker

The promote-to-updates task was not set to one of the following states during the release test:
New, Confirmed, Fix Released,
promote-to-updates task was set to state Invalid
Further processing of this bug by Workflow Manager is halted.

Changed in kernel-sru-workflow:
status: In Progress → Incomplete

The hardy backport for CVE-2011-1020 shouldn't introduce a regression. It is significantly different from what was applied on lucid/maverick, the problem which was introduced on lucid/maverick (which has a fix and is applied now) isn't present on hardy backport.

So this update is not on hold anymore, and can be copied to -proposed/-updates. I'm fixing the tasks/tags here.

summary: - [Regression] linux: 2.6.24-29.93 -proposed tracker
+ linux: 2.6.24-29.93 -proposed tracker
tags: removed: verification-failed
description: updated
Changed in kernel-sru-workflow:
status: Incomplete → In Progress
description: updated
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 2.6.24-29.93

---------------
linux (2.6.24-29.93) hardy-proposed; urgency=low

  [Herton R. Krzesinski]

  * Release Tracking Bug
    - LP: #823912

  [Upstream Kernel Changes]

  * close races in /proc/*/{environ,auxv}, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * dccp: fix oops on Reset after close, CVE-2011-1093
    - LP: #814087
    - CVE-2011-1093
  * Bluetooth: sco: fix information leak to userspace, CVE-2011-1078
    - LP: #816542
    - CVE-2011-1078
  * Bluetooth: bnep: fix buffer overflow, CVE-2011-1079
    - LP: #816544
    - CVE-2011-1079
  * bridge: netfilter: fix information leak, CVE-2011-1080
    - LP: #816545
    - CVE-2011-1080
  * char/tpm: Fix unitialized usage of data buffer, CVE-2011-1160
    - LP: #816546
    - CVE-2011-1160
  * irda: validate peer name and attribute lengths, CVE-2011-1180
    - LP: #816547
    - CVE-2011-1180
  * rose_loopback_timer sets VC number <= ROSE_DEFAULT_MAXVC, CVE-2011-1493
    - LP: #816550
    - CVE-2011-1493
  * ROSE: prevent heap corruption with bad facilities, CVE-2011-1493
    - LP: #816550
    - CVE-2011-1493
  * rose: Add length checks to CALL_REQUEST parsing, CVE-2011-1493
    - LP: #816550
    - CVE-2011-1493
  * Bluetooth: l2cap and rfcomm: fix 1 byte infoleak to userspace.
    - LP: #819569
    - CVE-2011-2492
 -- Herton Ronaldo Krzesinski <email address hidden> Wed, 10 Aug 2011 10:07:45 -0300

Changed in linux (Ubuntu Hardy):
status: New → Fix Released
Martin Pitt (pitti) wrote :

Copied to updates/security

Changed in linux (Ubuntu):
status: In Progress → Fix Released

The package has been published and the bug is being set to Fix Released

Changed in kernel-sru-workflow:
status: In Progress → Fix Released
description: updated
Steve Conklin (sconklin) on 2011-08-30
description: updated
Brad Figg (brad-figg) on 2011-12-05
description: updated
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers