Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-6-1]: src/doc 1478-1489
details: https://anonhg.NetBSD.org/src/rev/3e43fac8a235
branches: netbsd-6-1
changeset: 776251:3e43fac8a235
user: snj <snj%NetBSD.org@localhost>
date: Sat Aug 19 05:06:42 2017 +0000
description:
1478-1489
diffstat:
doc/CHANGES-6.1.6 | 99 ++++++++++++++++++++++++++++++++++++++++++++++++++++++-
1 files changed, 98 insertions(+), 1 deletions(-)
diffs (110 lines):
diff -r 6cba14190441 -r 3e43fac8a235 doc/CHANGES-6.1.6
--- a/doc/CHANGES-6.1.6 Sat Aug 19 05:03:58 2017 +0000
+++ b/doc/CHANGES-6.1.6 Sat Aug 19 05:06:42 2017 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: CHANGES-6.1.6,v 1.1.2.105 2017/08/18 15:10:01 snj Exp $
+# $NetBSD: CHANGES-6.1.6,v 1.1.2.106 2017/08/19 05:06:42 snj Exp $
A complete list of changes from the NetBSD 6.1.5 release to the NetBSD 6.1.6
release:
@@ -12436,3 +12436,100 @@
dme_alloc_receive_buffer()
[mrg, ticket #1477]
+sys/dev/ic/bwi.c 1.32
+
+ wrong error checking in bwi_newbuf() can cause an mbuf to
+ declare an mbuf length that is too big
+ [mrg, ticket #1478]
+
+sys/compat/svr4/svr4_lwp.c 1.20
+sys/compat/svr4/svr4_signal.c 1.67
+sys/compat/svr4/svr4_stream.c 1.89-1.91 via patch
+sys/compat/svr4_32/svr4_32_signal.c 1.29-1.30
+
+ Fix some of the multitudinous holes in svr4 streams.
+ Zero stack data before copyout.
+ Fix indexing of svr4 signals.
+ Attempt to get reference counting less bad.
+ Check bounds in svr4_sys_putmsg. Check more svr4_strmcmd bounds.
+ [mrg, ticket #1479]
+
+sys/dev/vnd.c 1.260, 1.262
+
+ int overflows / truncation issues in vndioctl can cause
+ memory corruption
+ [mrg, ticket #1480]
+
+sys/compat/ibcs2/ibcs2_exec_coff.c 1.27-1.29
+sys/compat/ibcs2/ibcs2_ioctl.c 1.46
+sys/compat/ibcs2/ibcs2_stat.c 1.49-1.50
+
+ Out of bound read and endless loop in exec_ibcs2_coff_prep_zmagic().
+ Infoleak in ibcs2_sys_ioctl.
+ Potenial use of expired pointers in ibcs2_sys_statfs()/
+ ibcs2_sys_statvfs()
+ [mrg, ticket #1481]
+
+sys/kern/vfs_getcwd.c 1.52
+
+ out of bound read in getcwd_scandir()
+ [mrg, ticket #1482]
+
+sys/compat/common/vfs_syscalls_12.c 1.34
+sys/compat/common/vfs_syscalls_43.c 1.60
+sys/compat/ibcs2/ibcs2_misc.c 1.114
+sys/compat/linux/common/linux_file64.c 1.59
+sys/compat/linux/common/linux_misc.c 1.239
+sys/compat/linux32/common/linux32_dirent.c 1.18
+sys/compat/osf1/osf1_file.c 1.44
+sys/compat/sunos/sunos_misc.c 1.171
+sys/compat/sunos32/sunos32_misc.c 1.78
+sys/compat/svr4/svr4_misc.c 1.158
+sys/compat/svr4_32/svr4_32_misc.c 1.78
+
+ puffs userland can trigger panic in compat getdents
+ [mrg, ticket #1483]
+
+sys/kern/kern_ktrace.c 1.171 via patch
+
+ infoleak in ktruser() if copyin fails.
+ [mrg, ticket #1484]
+
+sys/dev/ic/isp_netbsd.c 1.89
+
+ unvalidated channel index in ISP_FC_GETDLIST case of
+ ispioctl() can cause out of bound read
+ [mrg, ticket #1485]
+
+sys/dev/ic/ciss.c 1.37
+
+ out of bound read in ciss_ioctl_vol()
+ signedness bug in ciss_ioctl()
+ [mrg, ticket #1486]
+
+sys/netsmb/smb_dev.c 1.50
+sys/netsmb/smb_subr.c 1.38
+sys/netsmb/smb_subr.h 1.22
+sys/netsmb/smb_usr.c 1.17-1.19
+
+ - no length validation in smb_usr_vc2spec() can cause out
+ of bound read.
+ - signedness bug in smb_usr_t2request() can cause out of
+ bound read
+ [mrg, ticket #1487]
+
+sys/altq/altq_cbq.c 1.31
+sys/altq/altq_hfsc.c 1.27
+sys/altq/altq_jobs.c 1.11
+sys/altq/altq_priq.c 1.24
+sys/altq/altq_wfq.c 1.22
+
+ infoleak in get_class_stats()
+ signedness bug in wfq_getstats()
+ [mrg, ticket #1488]
+
+sys/compat/linux/common/linux_time.c 1.38-1.39 via patch
+
+ missing cred check in linux_sys_settimeofday()
+ [mrg, ticket #1489]
+
Home |
Main Index |
Thread Index |
Old Index