ad72e888ee
net/packet: fix overflow in tpacket_rcv (CVE-2020-14386)
2020-09-05 07:39:12 +02:00
a91434eeb6
ACPI: configfs: Disallow loading ACPI tables when locked down (CVE-2020-15780)
...
This is not a problem for the Debian built binary packages as we do not
enable CONFIG_ACPI_CONFIGFS. Though this is in place in case at some
point this config option would be (unlikely) enabled or for custom
builds.
2020-08-29 14:39:14 +02:00
befbadbdd6
Update to 4.19.135
...
Drop 'Revert "cifs: Fix the target file was deleted when rename failed."'
Cleanup debian/changelog file
2020-08-27 21:35:06 +02:00
3ccac5b143
Update to 4.19.134
...
Add Debian bug closer for #966846
Add CVE id reference for CVE-2020-10781
Add CVE id reference for CVE-2020-14356
Drop 'Revert "mips: Add udelay lpj numbers adjustment"'
Cleanup debian/changelog file
2020-08-27 19:45:18 +02:00
d3e5a2910c
Update to 4.19.133
...
Drop 'Revert "ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb"'
Cleanup debian/changelog file
2020-08-27 17:27:07 +02:00
868ca68cdf
Revert "cifs: Fix the target file was deleted when rename failed."
...
Closes : #966917
2020-08-04 16:33:47 +02:00
4082f19511
e1000e: Add support for Comet Lake
...
Closes : #965365
2020-07-24 06:22:32 +02:00
832de9e7d1
efi: Restrict efivar_ssdt_load when the kernel is locked down (CVE-2019-20908)
2020-07-23 12:26:33 +02:00
8e18898678
Revert "ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb"
...
Closes : #964153
Closes : #964480
2020-07-18 14:35:05 +02:00
214a334057
Update to 4.19.132
...
Drop "nfsd: apply umask on fs without ACL support"
Drop "usb: usbtest: fix missing kfree(dev->buf) in usbtest_disconnect"
Cleanup debian/changelog file
2020-07-15 22:08:35 +02:00
7c760522ee
Revert "mips: Add udelay lpj numbers adjustment", since it causes the build to fail with CONFIG_CPU_FREQ=y.
2020-07-11 12:22:13 +02:00
cf50d019cc
usb: usbtest: fix missing kfree(dev->buf) in usbtest_disconnect (CVE-2020-15393)
2020-07-06 22:25:46 +02:00
b1721c503c
Bump ABI to 10
2020-07-06 02:13:11 +01:00
388ce30532
Drop "apparmor: don't try to replace stale label in ptraceme check"
2020-07-04 00:23:47 +02:00
acb5c7f740
Drop "x86/speculation: Add Ivy Bridge to affected list"
2020-07-04 00:01:02 +02:00
bac476321f
Drop "x86/speculation: Add SRBDS vulnerability and mitigation documentation"
2020-07-04 00:01:02 +02:00
68c22bc508
Drop "x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation"
2020-07-04 00:01:02 +02:00
8fe5ca8037
Drop "x86/cpu: Add 'table' argument to cpu_matches()"
2020-07-04 00:01:02 +02:00
1049f4bd25
Drop "x86/cpu: Add a steppings field to struct x86_cpu_id"
2020-07-04 00:01:02 +02:00
88c2a1700c
Drop "mm: Fix mremap not considering huge pmd devmap"
2020-07-04 00:01:02 +02:00
edd77f41b6
Drop "kernel/relay.c: handle alloc_percpu returning NULL in relay_open"
2020-07-04 00:01:02 +02:00
02e36515d0
Drop "fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info()"
2020-07-04 00:01:02 +02:00
ce4504d627
Drop "KVM: SVM: Fix potential memory leak in svm_cpu_init()"
2020-07-04 00:01:02 +02:00
c678e8796f
Drop "netlabel: cope with NULL catmap"
2020-07-04 00:01:02 +02:00
5ce8dbd0e7
Drop "USB: gadget: fix illegal array access in binding with UDC"
2020-07-04 00:01:02 +02:00
913f8220e0
Drop "scsi: sg: add sg_remove_request in sg_write"
2020-07-04 00:01:02 +02:00
790b310863
Drop "selinux: properly handle multiple messages in selinux_netlink_send()"
2020-07-04 00:01:01 +02:00
7cbcb7e493
Drop "ALSA: pcm: oss: Place the plugin buffer overflow checks correctly"
2020-07-04 00:01:01 +02:00
635674d4ea
Drop "propagate_one(): mnt_set_mountpoint() needs mount_lock"
2020-07-04 00:01:01 +02:00
148d556059
Drop "include/uapi/linux/swab.h: fix userspace breakage, use __BITS_PER_LONG for swap"
2020-07-04 00:01:01 +02:00
576d33f2b5
Drop pre-requisites and patches for CVE-2019-3016
2020-07-04 00:01:01 +02:00
f78b782f82
Drop "USB: core: Fix free-while-in-use bug in the USB S-Glibrary"
2020-07-04 00:01:01 +02:00
2c60bfb6ed
Drop "fs/namespace.c: fix mountpoint reference counter race"
2020-07-04 00:01:01 +02:00
46e6098888
Drop "s390/mm: fix page table upgrade vs 2ndary address mode accesses"
2020-07-04 00:01:01 +02:00
d8230a09d2
Drop "blktrace: fix dereference after null check"
2020-07-04 00:01:01 +02:00
f6a9de8ee5
Drop "blktrace: Protect q->blk_trace with RCU"
2020-07-04 00:01:01 +02:00
e7da2d7b4f
Drop "net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup"
2020-07-04 00:01:01 +02:00
a3892db44e
Drop "net: ipv6: add net argument to ip6_dst_lookup_flow"
2020-07-04 00:01:01 +02:00
b4e9757aa9
Drop "f2fs: fix to avoid memory leakage in f2fs_listxattr"
2020-07-04 00:01:01 +02:00
0c35cc337b
nfsd: apply umask on fs without ACL support
...
Closes : #962254
2020-06-26 22:55:39 +02:00
1e3e001c12
apparmor: don't try to replace stale label in ptraceme check
...
Closes : #963493
2020-06-26 22:04:24 +02:00
ec2ba4830d
Release linux (4.19.118-2+deb10u1).
...
-----BEGIN PGP SIGNATURE-----
iQKmBAABCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl7dP21fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89ENh0P/iBzOTwQQrbR2hhYjkf6/rOMmgt4/WRe
SX+YZO7YC2F63Cbz0eGJLa1Y7WMQkmPvrpwoKm8HtFq16SFXp2JMRMxI6NygEGcC
i3Z86z26ik+qLLqeSCIigfRTZfFRT6o3wIFaOUS5AKUMBIbneELk70FyyFJ5g6gs
BSjPsL0+9L3B8eqg7NK8E4ueiX791v9wyYqpMDfG+AkL5PTuL3XY2VmSs1Vzv63I
WUpV0Ekpdpx7+PgQkO0gJRb/wFTHZdjMn5GR247awwVD0uxecQCmMxevmw+yzmma
S9OSeBsIEhmvRqTUMChjJsLqfF5++1ywRdoAzxnczIi3VpfIkDoFxZ569AQPQA9R
RxGhM2QrlyzQYtAmnk6lnu5WzSNxSuesI9/Km5X+dBCAFegHMuhnwF+ti2D5WHhW
yzt6hz1Zk7tJe4UgURRQVSAHPwK1Xg9Jlp9jGB20AKAhgIFFvALMDoYXlAbYEfhf
s8m1u0UVdrNCW86JetfchlwSUNJOwFufTBrEnSrxLDr6qG9XWVCLO5xvIJUBjXx2
3AxCbsYtfZOFDMCBzYzVCWACJn9Nl/Q/59j8YzDiy3xTPTpUY4g5nyonWXyRuUrB
1tp4UCL9yQIRvhzHtp/NfecPdCCp8EkufAK3X2VOWmMUjwAT4VvxKck9fuxdixHo
FlU/U03e8vPT
=8WdB
-----END PGP SIGNATURE-----
Merge tag 'debian/4.19.118-2+deb10u1' into buster
Release linux (4.19.118-2+deb10u1).
2020-06-14 10:46:38 +02:00
0da00be7e6
ALSA: pcm: oss: Place the plugin buffer overflow checks correctly
...
Closes : #960493
2020-06-14 10:40:03 +02:00
6a8dd1c6b0
Merge branch 'buster-security' into buster-security-embargoed
2020-06-07 01:35:25 +01:00
da82e531d8
include/uapi/linux/swab.h: fix userspace breakage, use __BITS_PER_LONG for swap
...
Closes : #960271
(cherry picked from commit a4fb2a7b76
2020-06-07 01:32:53 +01:00
22423990cd
Drop "KVM: VMX: Zero out *all* general purpose registers after VM-Exit"
...
This is not needed to fix CVE-2019-3016, and is addressing an issue
that's so far theoretical. It also needs a further fix to avoid
causing a more serious regression (depending on the compiler
behaviour).
2020-06-07 01:17:04 +01:00
ff5ad5a3d1
propagate_one(): mnt_set_mountpoint() needs mount_lock
...
A similar issue to CVE-2020-12114.
2020-06-07 00:46:11 +01:00
6e26711704
Add fixes for CVE-2019-3016
...
Cherry-pick 11 commits from the 4.19.118 including prerequisited to
adress CVE-2019-3016.
2020-06-06 10:35:47 +02:00
789f116fbc
mm: Fix mremap not considering huge pmd devmap (CVE-2020-10757)
2020-06-05 12:34:34 +02:00
50bf5b3b3d
kernel/relay.c: handle alloc_percpu returning NULL in relay_open (CVE-2019-19462)
2020-06-05 12:30:40 +02:00
Salvatore Bonaccorso
Aurelien Jarno
Ben Hutchings