Hi Ben, On Fri, Feb 05, 2016 at 05:45:24PM +0000, Ben Hutchings wrote: > Willy, here are some more security patches I've recently applied to > Debian's 2.6.32 branch. These are being released today in the final > security update for Debian 6.0 "squeeze". > > The mapping to CVE IDs is: > > * usb: serial: visor: fix crash on detecting device without > write_urbs (CVE-2015-7566) > * [media] usbvision fix overflow of interfaces array (CVE-2015-7833) > * [media] usbvision: fix crash on detecting device with invalid > configuration (CVE-2015-7833) > * sctp: Prevent soft lockup when sctp_accept() is called during a > timeout event (CVE-2015-8767) > * tty: Fix unsafe ldisc reference via ioctl(TIOCGETD) (CVE-2016-0723) > * x86/mm: Add barriers and document switch_mm()-vs-flush > synchronization (CVE-2016-2069) > * x86/mm: Improve switch_mm() barrier comments (no CVE, just > documenting previous fix) > > Several recently reported CVEs were not fixed in squeeze, but you might > want to try backporting the fixes yourself: > > CVE-2013-4312 (upstream commits: 712f4aad406b, 759c01142a5d) > CVE-2015-5307 (upstream commits: 54a20552e1ea) > CVE-2015-6526 (upstream commits: 9a5cbce421a2) > CVE-2015-8104 (upstream commits: cbdb967af3d5) Great, thank you very much for all this. I'll take a look at the commit IDs to see if the backports are easy and if they're testable. I'd rather not break the last version and let it rot that way :-) Best regards, willy -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html