Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-1-6]: src/doc Note all SA's and the pullups that tracked them
details: https://anonhg.NetBSD.org/src/rev/27abe9fa647d
branches: netbsd-1-6
changeset: 531060:27abe9fa647d
user: jmc <jmc%NetBSD.org@localhost>
date: Sun Jan 04 06:25:31 2004 +0000
description:
Note all SA's and the pullups that tracked them
diffstat:
doc/CHANGES-1.6.1 | 35 ++++++++++++++++++++---------------
doc/CHANGES-1.6.2 | 12 +++++++-----
2 files changed, 27 insertions(+), 20 deletions(-)
diffs (230 lines):
diff -r 68dae79327d1 -r 27abe9fa647d doc/CHANGES-1.6.1
--- a/doc/CHANGES-1.6.1 Sat Jan 03 15:57:16 2004 +0000
+++ b/doc/CHANGES-1.6.1 Sun Jan 04 06:25:31 2004 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: CHANGES-1.6.1,v 1.1.2.134 2003/04/01 02:30:35 jmc Exp $
+# $NetBSD: CHANGES-1.6.1,v 1.1.2.135 2004/01/04 06:25:31 jmc Exp $
A complete list of changes from NetBSD 1.6 to NetBSD 1.6.1:
@@ -20,7 +20,7 @@
usr.bin/kf/Makefile 1.10
Don't build kf or kfd; there are security issues with
- Heimdal 0.4e, and we don't actually need them.
+ Heimdal 0.4e, and we don't actually need them. SA#2002-018
[joda, ticket #782]
sys/arch/vax/vsa/asc_vsbus.c 1.25
@@ -137,7 +137,7 @@
games/rogue/rogue.h 1.13
games/rogue/save.c 1.8
- Fix buffer overflows.
+ Fix buffer overflows. SA#2002-021
[mrg, ticket #892]
sys/arch/arm/arm32/fault.c 1.23
@@ -166,7 +166,7 @@
gnu/dist/groff/src/preproc/pic/pic.y 1.2
- Avoid a possible buffer overflow.
+ Avoid a possible buffer overflow. SA#2002-022
[wiz, ticket #869]
sys/dev/pcmcia/if_xi.c 1.23
@@ -179,7 +179,7 @@
libexec/talkd/process.c 1.8 (via patch)
libexec/talkd/talkd.c 1.14
- Fix response buffer & string handling.
+ Fix response buffer & string handling. SA#2002-019
[itojun, ticket #846]
usr.sbin/lpr/lpd/lpd.c 1.43 (via patch)
@@ -198,7 +198,7 @@
More strict checking on command invocation.
Refer to http://www.sendmail.org/smrsh.adv.txt.
- Resolves PR#18516.
+ Resolves PR#18516. SA#2002-023
[itojun, ticket #898]
gnu/dist/toolchain/gdb/i386nbsd-nat.c 1.7
@@ -329,7 +329,7 @@
games/trek/getpar.c 1.10
- Avoid buffer overrun.
+ Avoid buffer overrun. SA#2002-025
[itojun, ticket #927]
sys/arch/macppc/stand/ofwboot/version 1.7
@@ -486,7 +486,7 @@
sys/netinet/ip_state.h 1.23
sys/netinet/ipl.h 1.14
- Upgrade IPFilter to 3.4.29.
+ Upgrade IPFilter to 3.4.29. SA#2002-024
NOTE: this requires a new kernel, reinstalled headers,
and a rebuilt /sbin/ipf. The headers and ipf(8)
@@ -501,7 +501,7 @@
libexec/ftpd/cmds.c 1.19
Turns out that our implementation of STAT wasn't RFC 959 compliant.
- This version is now RFC 959 compliant.
+ This version is now RFC 959 compliant. SA#2002-027
[itojun, ticket #942]
sys/ufs/mfs/mfs_vfsops.c 1.42
@@ -1071,7 +1071,7 @@
lib/libc/net/getnetnamadr.c 1.25
- Fix remote buffer overrun.
+ Fix remote buffer overrun. SA#2002-028
[itojun, ticket #986]
dist/bind/bin/named/db_defs.h 1.5
@@ -1087,6 +1087,7 @@
to fix recent vulnerabilities:
o BIND: Remote Execution of Code (BIND 4 & 8)
o BIND: Multiple Denial of Service (BIND 8 only)
+ SA#2002-029
[itojun, ticket #989]
lib/libc/net/getnetnamadr.c 1.26
@@ -3730,6 +3731,7 @@
block cipher padding has been found. This is a countermeasure
against active attacks where the attacker has to distinguish
between bad padding and a MAC verification error. (CAN-2003-0078)
+ SA#2003-001
[wiz, ticket #1179]
share/mk/bsd.own.mk 1.304-1.305
@@ -3769,6 +3771,7 @@
gnu/dist/sendmail/sendmail/sendmail.h 1.11
Apply patch from sendmail.org to handle a new header overflow bug.
+ SA#2003-002
[atatat, ticket #1190]
[Moved RC2 tag for these files]
@@ -3785,6 +3788,7 @@
lib/libz/gzio.c 1.14
Fix for potential buffer overflow in snprintf() (from OpenBSD)
+ SA#2003-004
[groo, ticket #1194]
lib/libz/gzio.c 1.15
@@ -3798,7 +3802,7 @@
usr.bin/file/softmagic.c 1.30-1.31 (hand patch)
usr.bin/file/readelf.c 1.17 (hand patch)
- Fixes possible buffer overflows.
+ Fixes possible buffer overflows. SA#2003-003
[pooka, ticket #1199]
[Moved RC2 tag for these 2 files]
@@ -3806,20 +3810,20 @@
crypto/dist/openssl/crypto/rsa/rsa_eay.c 1.2
crypto/dist/openssl/crypto/rsa/rsa_lib.c 1.2
- Enable RSA blinding by default.
+ Enable RSA blinding by default. SA#2003-005
[itojun, ticket #1221]
crypto/dist/openssl/ssl/s3_srvr.c 1.4
OpenSSL Security Advisory [19 March 2003]
- Klima-Pokorny-Rosa attack on RSA in SSL/TLS
+ Klima-Pokorny-Rosa attack on RSA in SSL/TLS. SA#2003-007
[itojun, ticket #1222]
include/rpc/xdr.h 1.20
lib/libc/rpc/xdr_mem.c 1.16
CERT Advisory CA-2003-10:
- Fix buffer overflow in Sun RPC implementation.
+ Fix buffer overflow in Sun RPC implementation. SA#2003-008
[david, ticket #1224]
include/heimdal/version.h 1.13 (via patch)
@@ -3832,7 +3836,7 @@
Fix Kerberos 4 procotocol problem mentioned in
[MIT krb5 Security Advisory 2003-004]/[heimdal-0.5.2 release notes]
- by disable support for it.
+ by disable support for it. SA#2003-006
[lha, ticket #1225]
sys/arch/vax/boot/boot/Makefile 1.31
@@ -3869,6 +3873,7 @@
Problem found by Michal Zalewski.
Note: an MTA that is not patched might be vulnerable to data
that it receives from untrusted sources, which includes DNS.
+ SA#2003-009
[atatat, ticket #1237]
[Moved RC3 tag for these 3 files]
diff -r 68dae79327d1 -r 27abe9fa647d doc/CHANGES-1.6.2
--- a/doc/CHANGES-1.6.2 Sat Jan 03 15:57:16 2004 +0000
+++ b/doc/CHANGES-1.6.2 Sun Jan 04 06:25:31 2004 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: CHANGES-1.6.2,v 1.1.2.254 2004/01/03 15:57:16 he Exp $
+# $NetBSD: CHANGES-1.6.2,v 1.1.2.255 2004/01/04 06:25:31 jmc Exp $
A complete list of changes from NetBSD 1.6.1 to NetBSD 1.6.2:
@@ -54,6 +54,7 @@
Keep pkthdr when prepending new mbuf in front of a given chain.
This keeps us from panic()ing in the interface output routine.
+ SA#2003-010
[is, ticket #1295]
sys/kern/init_main.c 1.215
@@ -1145,7 +1146,7 @@
lib/libc/gen/getcwd.c 1.29
- fix off-by-one error in realpath()
+ Fix off-by-one error in realpath(). SA#2003-011
[itojun, ticket #1394]
sys/dev/ic/dpt.c 1.38
@@ -1745,6 +1746,7 @@
Fix prescan() bug (potentially remotely exploitable), CAN-2003-0694.
Bump version number after parse8.359.2.8 patch has been applied.
+ SA#2003-016
[tron, ticket #1473]
crypto/dist/ssh/ssh-agent.c 1.23
@@ -2108,12 +2110,12 @@
invalid tags (CAN-2003-0543 and CAN-2003-0544).
If verify callback ignores invalid public key errors don't try to check
certificate signature with the NULL public key.
+ SA#2003-017
[christos, ticket #1492]
sys/kern/kern_sysctl.c 1.147
- make debug_sysctl() sysctl MIB check more strict. from smak.
- Attack similar to NetBSD-SA2003-014 can be mounted due to this flaw.
+ Make debug_sysctl() sysctl MIB check more strict. SA#2003-014
[itojun, ticket #1493]
sbin/route/route.8 1.36
@@ -3040,7 +3042,7 @@
dist/bind/bin/named/ns_resp.c 1.12
dist/bind/bin/nslookup/commands.l 1.5
- Sync with BIND 8.3.7.
+ Sync with BIND 8.3.7. SA#2003-018
[itojun, ticket #1568]
lib/libc/sys/intro.2 1.36
Home |
Main Index |
Thread Index |
Old Index