From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <stable-owner@vger.kernel.org>
Received: from wtarreau.pck.nerim.net ([62.212.114.60]:18162 "EHLO 1wt.eu"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1751695AbbL0UuJ (ORCPT <rfc822;stable@vger.kernel.org>);
	Sun, 27 Dec 2015 15:50:09 -0500
Date: Sun, 27 Dec 2015 21:50:04 +0100
From: Willy Tarreau <w@1wt.eu>
To: Ben Hutchings <ben@decadent.org.uk>
Cc: stable <stable@vger.kernel.org>
Subject: Re: Security fixes for 2.6.32-stable
Message-ID: <20151227205004.GA13078@1wt.eu>
References: <1451249142.25978.8.camel@decadent.org.uk>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <1451249142.25978.8.camel@decadent.org.uk>
Sender: stable-owner@vger.kernel.org
List-ID: <stable.vger.kernel.org>

Hi Ben,

On Sun, Dec 27, 2015 at 08:45:42PM +0000, Ben Hutchings wrote:
> Willy, here are the security patches I've recently applied to Debian's
> 2.6.32 branch, aside from issues not yet fixed upstream.
> 
> These have already been released without reported regressions. The
> mapping to CVE IDs is:
> 
> � * isdn_ppp: Add checks for allocation failure in isdn_ppp_open()
> � � (dependency of following fix)
> � * ppp, slip: Validate VJ compression slot parameters completely
> ����(CVE-2015-7799)
> � * RDS: fix race condition when sending a message on unbound socket
> ���
> �(CVE-2015-7990)
> � * unix: avoid use-after-free in ep_remove_wait_queue
> (CVE-2013-7446)
> � * ext4: Fix null dereference in ext4_fill_super()
> (CVE-2015-8324)

Just queued now, thank you!

Willy