Willy, here are the security patches I've recently applied to Debian's 2.6.32 branch, aside from issues not yet fixed upstream. These have already been released without reported regressions. The mapping to CVE IDs is: * isdn_ppp: Add checks for allocation failure in isdn_ppp_open() (dependency of following fix) * ppp, slip: Validate VJ compression slot parameters completely (CVE-2015-7799) * RDS: fix race condition when sending a message on unbound socket (CVE-2015-7990) * unix: avoid use-after-free in ep_remove_wait_queue (CVE-2013-7446) * ext4: Fix null dereference in ext4_fill_super() (CVE-2015-8324) Ben. -- Ben Hutchings Power corrupts. Absolute power is kind of neat. - John Lehman, Secretary of the US Navy 1981-1987
Attachment:
security-2.6.32.mbox
Description: application/mbox
Attachment:
signature.asc
Description: This is a digitally signed message part