fai-kernels (1.9.1sarge9) oldstable-security; urgency=high

   * Build against kernel-tree-2.4.27-10sarge7:
     * [ERRATA] 268_ext2_readdir-f_pos-fix-2.diff
       Fix regression caused by 258_ext2_readdir-f_pos-fix.diff which can
       cause lock ups on ext2 mounts.

 -- dann frazier <dannf@debian.org>  Tue,  4 Mar 2008 16:26:23 -0700

fai-kernels (1.9.1sarge8) oldstable-security; urgency=high

  * Build against kernel-tree-2.4.27-10sarge6:
    * 239_mincore-hang.diff
      [SECURITY] Fix a potential deadlock in mincore
      See CVE-2006-4814
    * [ERRATA] 240_smbfs-honor-mount-opts-2.diff
      Fix some regressions with respect to file types (e.g., symlinks)
      introduced by the fix for CVE-2006-5871 in 2.4.27-10sarge5
    * 241_bluetooth-capi-size-checks.diff
      [SECURITY] Add additional length checks to avoid potential remote
      DoS attacks in the handling of CAPI messages in the bluetooth driver
      See CVE-2006-6106
    * 242_ext3-fsfuzz.diff
      [SECURITY] Fix a DoS vulnerability that can be triggered by a local
      user with the ability to mount a corrupted ext3 filesystem
      See CVE-2006-6053
    * 243_ipv6_fl_socklist-no-share.diff
      [SECURITY] Fix local DoS vulnerability caused by inadvertently sharing
      ipv6_fl_socklist between the listening socket and the socket created
      for connection.
      See CVE-2007-1592
    * 244_bluetooth-l2cap-hci-info-leaks.diff
      245_bluetooth-l2cap-hci-info-leaks-2.diff
      [SECURITY] Fix information leaks in setsockopt() implementations
      See CVE-2007-1353
    * 246_dn_fib-out-of-bounds.diff
      266_ipv4-fib_props-out-of-bounds.diff
      267_ipv4-fib_props-out-of-bounds-2.diff
      [SECURITY] Fix out of bounds condition in dn_fib_props[]
      See CVE-2007-2172
    * 247_reset-pdeathsig-on-suid.diff
      [SECURITY] Fix potential privilege escalation caused by improper
      clearing of the child process' pdeath signal.
      Thanks to Marcel Holtmann for the patch.
      See CVE-2007-3848
    * 248_random-reseed-sizeof-fix.diff
      [SECURITY] Fix a bug in the random driver reseeding code that reduces
      entropy by reseeding a smaller buffer size than expected
      See CVE-2007-4311
    * 249_openpromfs-signedness-bug.diff
      250_openpromfs-checks-1.diff
      251_openpromfs-checks-2.diff
      252_openpromfs-checks-3.diff
      [SECURITY] Fix a number of data checks in openprom code
      See CVE-2004-2731
    * 253_coredump-only-to-same-uid.diff
      [SECURITY] Fix an issue where core dumping over a file that
      already exists retains the ownership of the original file
      See CVE-2007-6206
    * 254_cramfs-check-block-length.diff
      [SECURITY] Add a sanity check of the block length in cramfs_readpage to
      avoid a potential oops condition
      See CVE-2006-5823
    * 255_pppoe-socket-release-mem-leak.diff
      [SECURITY] fix unpriveleged memory leak when a PPPoE socket is released
      after connect but before PPPIOCGCHAN ioctl is called upon it
      See CVE-2007-2525
    * 256_i4l-isdn_ioctl-mem-overrun.diff
      [SECURITY] Fix potential isdn ioctl memory overrun
      See CVE-2007-6151
    * 257_isdn-net-overflow.diff
      [SECURITY] Fix potential overflows in the ISDN subsystem
      See CVE-2007-6063
    * 258_ext2_readdir-f_pos-fix.diff,
      259_ext2_readdir-infinite-loop.diff,
      260_ext2-skip-pages-past-num-blocks.diff
      [SECURITY] Add some sanity checking for a corrupted i_size in
      ext2_find_entry()
      See CVE-2006-6054
    * 261_listxattr-mem-corruption.diff
      [SECURITY] Fix userspace corruption vulnerability caused by
      incorrectly promoted return values in bad_inode_ops
      This patches changes the kernel ABI.
      See CVE-2006-5753
    * 262_aacraid-ioctl-perm-check.diff
      [SECURITY] Require admin capabilities to issue ioctls to aacraid devices
      See CVE-2007-4308
    * 263_usb-pwc-disconnect-block.diff
      [SECURITY] Fix issue with unplugging webcams that use the pwc driver.
      If userspace still has the device open it can result, the driver would
      wait for the device to close, blocking the USB subsystem.
      See CVE-2007-5093
    * 264_mmap-VM_DONTEXPAND.diff
      [SECURITY] Add VM_DONTEXPAND to vm_flags in drivers that register
      a fault handler but do not bounds check the offset argument
      See CVE-2008-0007
    * 265_powerpc-chrp-null-deref.diff
      [SECURITY][powerpc] Fix NULL pointer dereference if get_property
      fails on the subarchitecture
      See CVE-2007-6694
  * Build against kernel-tree-2.6.8-17sarge1:
    * compat_sys_mount-NULL-data_page.dpatch
      [SECURITY] Fix oops in compat_sys_mount triggered by NULL data_page
      See CVE-2006-7203
    * pppoe-socket-release-mem-leak.dpatch
      [SECURITY] fix unpriveleged memory leak when a PPPoE socket is released
      after connect but before PPPIOCGCHAN ioctl is called upon it
      See CVE-2007-2525
    * dn_fib-out-of-bounds.dpatch, ipv4-fib_props-out-of-bounds.dpatch
      [SECURITY] Fix out of bounds condition in dn_fib_props[]
      See CVE-2007-2172
    * aacraid-ioctl-perm-check.dpatch
      [SECURITY] Require admin capabilities to issue ioctls to aacraid devices
      See CVE-2007-4308
    * reset-pdeathsig-on-suid.dpatch
      [SECURITY] Fix potential privilege escalation caused by improper
      clearing of the child process' pdeath signal.
      See CVE-2007-3848
    * bluetooth-l2cap-hci-info-leaks.dpatch
      [SECURITY] Fix information leaks in setsockopt() implementations
      See CVE-2007-1353
    * coredump-only-to-same-uid.dpatch
      [SECURITY] Fix an issue where core dumping over a file that
      already exists retains the ownership of the original file
      See CVE-2007-6206
    * i4l-isdn_ioctl-mem-overrun.dpatch
      [SECURITY] Fix potential isdn ioctl memory overrun
      See CVE-2007-6151
    * cramfs-check-block-length.dpatch
      [SECURITY] Add a sanity check of the block length in cramfs_readpage to
      avoid a potential oops condition
      See CVE-2006-5823
    * ext2-skip-pages-past-num-blocks.dpatch
      [SECURITY] Add some sanity checking for a corrupted i_size in
      ext2_find_entry()
      See CVE-2006-6054
    * minixfs-printk-hang.dpatch
      [SECURITY] Rate-limit printks caused by accessing a corrupted minixfs
      filesystem that would otherwise cause a system to hang (printk storm)
      See CVE-2006-6058
    * isdn-net-overflow.dpatch
      [SECURITY] Fix potential overflows in the ISDN subsystem
      See CVE-2007-6063
    * prevent-stack-growth-into-hugetlb-region.dpatch
      [SECURITY] Prevent OOPS during stack expansion when the VMA crosses
      into address space reserved for hugetlb pages.
      See CVE-2007-3739
    * cifs-honor-umask.dpatch
      [SECURITY] Make CIFS honor a process' umask
      See CVE-2007-3740
    * hugetlb-prio_tree-unit-fix.dpatch
      [SECURITY] Fix misconversion of hugetlb_vmtruncate_list to prio_tree
      which could be used to trigger a BUG_ON() call in exit_mmap.
      See CVE-2007-4133
    * amd64-zero-extend-32bit-ptrace.dpatch
      [SECURITY] Zero extend all registers after ptrace in 32-bit entry path.
      See CVE-2007-4573
    * usb-pwc-disconnect-block.dpatch
      [SECURITY] Fix issue with unplugging webcams that use the pwc driver.
      If userspace still has the device open it can result, the driver would
      wait for the device to close, blocking the USB subsystem.
      See CVE-2007-5093
    * powerpc-chrp-null-deref.dpatch
      [SECURITY][powerpc] Fix NULL pointer dereference if get_property
      fails on the subarchitecture
      See CVE-2007-6694
    * random-bound-check-ordering.dpatch
      [SECURITY] Fix stack-based buffer overflow in the random number
      generator
      See CVE-2007-3105
    * mmap-VM_DONTEXPAND.dpatch
      [SECURITY] Add VM_DONTEXPAND to vm_flags in drivers that register
      a fault handler but do not bounds check the offset argument
      See CVE-2008-0007

 -- dann frazier <dannf@debian.org>  Wed, 20 Feb 2008 14:20:35 -0700

fai-kernels (1.9.1sarge7) oldstable; urgency=low

  * Build against kerenl-tree-2.6.8-17

 -- dann frazier <dannf@debian.org>  Sat, 16 Jun 2007 07:05:53 -0600

fai-kernels (1.9.1sarge6) oldstable-security; urgency=high

  * NMU by the Security Team
  * Build against kernel-tree-2.6.8-10sarge7:
    * [ERRATA] smbfs-honor-mount-opts-2.dpatch
      Fix some regressions with respect to file types (e.g., symlinks)
      introduced by the fix for CVE-2006-5871 in 2.6.8-16sarge6
    * mincore_hang.dpatch
      [SECURITY] Fix a potential deadlock in mincore, thanks to Marcel
      Holtmann for the patch.
      See CVE-2006-4814
    * mincore-fixes.dpatch
      This patch includes a few fixes, necessary for mincore_hang.dpatch to
      apply cleanly.
    * dev_queue_xmit-error-path.dpatch
      [SECURITY] Correct an error path in dev_queue_xmit() to rebalance
      local_bh_enable() calls. Patch from Vasily Averin.
      See CVE-2006-6535
    * dvb-core-handle-0-length-ule-sndu.dpatch
      [SECURITY] Avoid sending invalid ULE packets which may not properly
      handled by the receiving side triggering a crash. This is a backport
      of the patch that went into 2.6.17.y. It would be better to fix the
      receiving end, but no patch for the era kernel has been developed yet.
      See CVE-2006-4623
    * bluetooth-capi-size-checks.dpatch
      [SECURITY] Add additional length checks to avoid potential remote
      DoS attacks in the handling of CAPI messages in the bluetooth driver
      See CVE-2006-6106
    * __find_get_block_slow-race.dpatch
      [SECURITY] Fix infinite loop in __find_get_block_slow that can
      be triggered by mounting and accessing a malicious iso9660 or NTFS
      filesystem
      See CVE-2006-5757, CVE-2006-6060
    * listxattr-mem-corruption.dpatch
      [SECURITY] Fix userspace corruption vulnerability caused by
      incorrectly promoted return values in bad_inode_ops
      This patches changes the kernel ABI.
      See CVE-2006-5753
    * aio-fix-nr_pages-init.dpatch
      [SECURITY] Fix initialization of info->nr_pages in aio_setup_ring() to
      avoid a race that can lead to a system crash
      See CVE-2006-5754
    * unmap_hugepage_area-check-null-pte.dpatch
      [SECURITY] Fix a potential DoS (crash) in unmap_hugepage_area().
      No kernel-image builds appear to compile this code, so this fix is only
      for users that compile their own kernels with the Debian source and
      enable/use huge pages.
      See CVE-2005-4811
    * ext3-fsfuzz.dpatch
      [SECURITY] Fix a DoS vulnerability that can be triggered by a local
      user with the ability to mount a corrupted ext3 filesystem
      See CVE-2006-6053
    * hfs-no-root-inode.dpatch
      [SECURITY] Fix bug in HFS where hfs_fill_super returns success even
      if no root inode is found. On an SELinux-enabled system, this can
      be used to trigger a local DoS. Debian does not enable SELinux by
      default.
      See CVE-2006-6056
    * ipv6_fl_socklist-no-share.dpatch
      [SECURITY] Fix local DoS vulnerability caused by inadvertently sharing
      ipv6_fl_socklist between the listening socket and the socket created
      for connection.
      See CVE-2007-1592
    * core-dump-unreadable-PT_INTERP.dpatch
      [SECURITY] Fix a vulnerability that allows local users to read
      otherwise unreadable (but executable) files by triggering a core dump.
      See CVE-2007-0958
    * appletalk-length-mismatch.dpatch
      [SECURITY] Fix a remote DoS (crash) in appletalk
      Depends upon appletalk-endianness-annotations.dpatch
      See CVE-2007-1357

 -- dann frazier <dannf@debian.org>  Tue, 29 May 2007 18:09:51 -0600

fai-kernels (1.9.1sarge5) stable-security; urgency=low

  * NMU by the Security Team
  * Build against kernel-tree-2.4.27-10sarge5:
    * 233_ia64-sparc-cross-region-mappings.diff
      [SECURITY] Prevent cross-region mappings on ia64 and sparc which
      could be used in a local DoS attack (system crash)
      See CVE-2006-4538
    * 234_atm-clip-freed-skb-deref.diff
      [SECURITY] Avoid dereferencing an already freed skb, preventing a
      potential remote DoS (system crash) vector
      See CVE-2006-4997
    * 235_ppc-alignment-exception-table-check.diff
      [SECURITY][ppc] Avoid potential DoS which can be triggered by some
      futex ops
      See CVE-2006-5649
    * 236_s390-uaccess-memleak.diff
      [SECURITY][s390] Fix memory leak in copy_from_user by clearing the
      remaining bytes of the kernel buffer after a fault on the userspace
      address in copy_from_user()
      See CVE-2006-5174
    * 237_smbfs-honor-mount-opts.diff
      Honor uid, gid and mode mount options for smbfs even when unix extensions
      are enabled (closes: #310982)
      See CVE-2006-5871
    * 238_ppc-hid0-dos.diff
      [SECURITY] [ppc] Fix local DoS by clearing HID0 attention enable on
      PPC970 at boot time
      See CVE-2006-4093
  * Build against kernel-tree-2.6.8-16sarge6:
    * perfmon-fd-refcnt.dpatch
      [SECURITY][ia64] Fix file descriptor leak in perfmonctl
      system call which could be used as a local denial of service attack
      by depleting the system of file descriptors
      See CVE-2006-3741
    * ia64-sparc-cross-region-mappings.dpatch
      [SECURITY] Prevent cross-region mappings on ia64 and sparc which
      could be used in a local DoS attack (system crash)
      See CVE-2006-4538
    * __block_prepare_write-recovery.dpatch
      [SECURITY] Fix an information leak in __block_prepare_write()
      See CVE-2006-4813
    * atm-clip-freed-skb-deref.dpatch
      [SECURITY] Avoid dereferencing an already freed skb, preventing a
      potential remote DoS (system crash) vector
      See CVE-2006-4997
    * ip6_flowlabel-lockup.dpatch
      [SECURITY] Fix local DoS attack vector (lockups, oopses) in the
      sequence handling for /proc/net/ip6_flowlabel
      See CVE-2006-5619
    * ppc-alignment-exception-table-check.dpatch
      [SECURITY][ppc] Avoid potential DoS which can be triggered by some
      futex ops
      See CVE-2006-5649
    * s390-uaccess-memleak.dpatch
      [SECURITY][s390] Fix memory leak in copy_from_user by clearing the
      remaining bytes of the kernel buffer after a fault on the userspace
      address in copy_from_user()
      See CVE-2006-5174
    * smbfs-honor-mount-opts.dpatch
      Honor uid, gid and mode mount options for smbfs even when unix extensions
      are enabled
      See CVE-2006-5871
    * bridge-get_fdb_entries-overflow.dpatch
      Protect against possible overflow in get_fdb_entries
      See CVE-2006-5751

 -- dann frazier <dannf@debian.org>  Thu,  7 Dec 2006 10:11:45 -0700

fai-kernels (1.9.1sarge4) stable-security; urgency=high

  * NMU by the Security Team
  * Build against kernel-tree-2.6.8-16sarge5:
    * [ERRATA] madvise_remove-restrict.dpatch
      [SECURITY] The 2.6.8-16sarge3 changelog associated this patch with
      CVE-2006-1524. However, this patch fixes an mprotect issue that was
      split off from the original report into CVE-2006-2071. 2.6.8 is not
      vulnerable to CVE-2006-1524 the madvise_remove issue.
      See CVE-2006-2071
    * fs-ext3-bad-nfs-handle.dpatch
      [SECURITY] James McKenzie discovered a Denial of Service vulnerability
      in the NFS driver. When exporting an ext3 file system over NFS, a remote
      attacker could exploit this to trigger a file system panic by sending
      a specially crafted UDP packet.
      See CVE-2006-3468
    * direct-io-write-mem-leak.dpatch
      [SECURITY] Fix memory leak in O_DIRECT write.
      See CVE-2004-2660
    * nfs-handle-long-symlinks.dpatch
      [SECURITY] Fix buffer overflow in NFS readline handling that allows a
      remote server to cause a denial of service (crash) via a long symlink
      See CVE-2005-4798
    * cdrom-bad-cgc.buflen-assign.dpatch
      [SECURITY] Fix buffer overflow in dvd_read_bca which could potentially
      be used by a local user to trigger a buffer overflow via a specially
      crafted DVD, USB stick, or similar automatically mounted device.
      See CVE-2006-2935
    * usb-serial-ftdi_sio-dos.patch
      [SECURITY] fix userspace DoS in ftdi_sio driver
      See CVE-2006-2936
    * selinux-tracer-SID-fix.dpatch
      [SECURITY] Fix vulnerability in selinux_ptrace that prevents local
      users from changing the tracer SID to the SID of another process
      See CVE-2006-1052
    * netfilter-SO_ORIGINAL_DST-leak.dpatch
      [SECURITY] Fix information leak in SO_ORIGINAL_DST
      See CVE-2006-1343
    * sg-no-mmap-VM_IO.dpatch
      [SECURITY] Fix DoS vulnerability whereby a local user could attempt
      a dio/mmap and cause the sg driver to oops.
      See CVE-2006-1528
    * exit-bogus-bugon.dpatch
      [SECURITY] Remove bogus BUG() in exit.c which could be maliciously
      triggered by a local user
      See CVE-2006-1855
    * readv-writev-missing-lsm-check.dpatch,
      readv-writev-missing-lsm-check-compat.dpatch
      [SECURITY] Add missing file_permission callback in readv/writev syscalls
      See CVE-2006-1856
    * snmp-nat-mem-corruption-fix.dpatch
      [SECURITY] Fix memory corruption in snmp_trap_decode
      See CVE-2006-2444
    * kfree_skb-race.dpatch
      [SECURITY] Fix race between kfree_skb and __skb_unlink
      See CVE-2006-2446
    * hppa-mb-extraneous-semicolon.dpatch,
      sparc32-mb-extraneous-semicolons.dpatch,
      sparc64-mb-extraneous-semicolons.dpatch:
      Fix a syntax error caused by extranous semicolons in smp_mb() macros
      which resulted in a build failure with kfree_skb-race.dpatch
    * sctp-priv-elevation.dpatch
      [SECURITY] Fix SCTP privelege escalation
      See CVE-2006-3745
    * sctp-priv-elevation-2.dpatch
      [SECURITY] Fix local DoS resulting from sctp-priv-elevation.dpatch
      See CVE-2006-4535
    * ppc-hid0-dos.dpatch
      [SECURITY][ppc] Fix local DoS by clearing HID0 attention enable on
      PPC970 at boot time
      See CVE-2006-4093
    * udf-deadlock.dpatch
      [SECURITY] Fix possible UDF deadlock and memory corruption
      See CVE-2006-4145
  * Build against kernel-tree-2.4.27-10sarge4
    * [ERRATA] 213_madvise_remove-restrict.diff
      [SECURITY] The 2.4.27-10sarge3 changelog associated this patch with
      CVE-2006-1524. However, this patch fixes an mprotect issue that was
      split off from the original report into CVE-2006-2071. 2.4.27 is not
      vulnerable to CVE-2006-1524 the madvise_remove issue.
      See CVE-2006-2071
    * 223_nfs-handle-long-symlinks.diff
      [SECURITY] Fix buffer overflow in NFS readline handling that allows a
      remote server to cause a denial of service (crash) via a long symlink
      See CVE-2005-4798
    * 224_cdrom-bad-cgc.buflen-assign.diff
      [SECURITY] Fix buffer overflow in dvd_read_bca which could potentially
      be used by a local user to trigger a buffer overflow via a specially
      crafted DVD, USB stick, or similar automatically mounted device.
      See CVE-2006-2935
    * 225_sg-no-mmap-VM_IO.diff
      [SECURITY] Fix DoS vulnerability whereby a local user could attempt
      a dio/mmap and cause the sg driver to oops.
      See CVE-2006-1528
    * 226_snmp-nat-mem-corruption-fix.diff
      [SECURITY] Fix memory corruption in snmp_trap_decode
      See CVE-2006-2444
    * 227_kfree_skb.diff
      [SECURITY] Fix race between kfree_skb and __skb_unlink
      See CVE-2006-2446
    * 228_sparc-mb-extraneous-semicolons.diff
      Fix a syntax error caused by extranous semicolons in smp_mb() macros
      which resulted in a build failure with 227_kfree_skb.diff
    * 229_sctp-priv-elevation.diff, 230_sctp-priv-elevation-2.diff
      [SECURITY] Fix SCTP privelege escalation
      See CVE-2006-3745
    * 231_udf-deadlock.diff
      [SECURITY] Fix possible UDF deadlock and memory corruption
      See CVE-2006-4145
    * 232_sparc-membar-extraneous-semicolons.diff
      Fix an additional syntax error caused by extraneous semicolons
      in membar macros on sparc

 -- dann frazier <dannf@debian.org>  Thu, 14 Sep 2006 23:49:06 -0600

fai-kernels (1.9.1sarge3) stable-security; urgency=high

  * NMU by the Security Team
  * Build against kernel-tree-2.6.8-16sarge4
    * proc-environ-race-1.dpatch, proc-environ-race-2.dpatch
      [SECURITY] Fix local root vulnerability caused by a race in proc
      See CVE-2006-3626

 -- dann frazier <dannf@debian.org>  Mon, 17 Jul 2006 18:48:10 -0600

fai-kernels (1.9.1sarge2) stable-security; urgency=high

  * NMU by the Security Team
  * Build against kernel-tree-2.4.27-10sarge3:
    * 207_smbfs-chroot-escape.diff
      [SECURITY] Fix directory traversal vulnerability in smbfs that permits
      local users to escape chroot restrictions
      See CVE-2006-1864
    * 208_ia64-die_if_kernel-returns.diff
      [SECURITY][ia64] Fix a potential local DoS on ia64 systems caused by
      an incorrect 'noreturn' attribute on die_if_kernel()
      See CVE-2006-0742
    * 209_sctp-discard-unexpected-in-closed.diff
      [SECURITY] Fix remote DoS in SCTP code by discarding unexpected chunks
      received in CLOSED state instead of calling BUG()
      See CVE-2006-2271
    * 210_ipv4-id-no-increment.diff
      [SECURITY] Fix vulnerability that allows remote attackers to conduct an
      Idle Scan attack, bypassing intended protections against such attacks
      See CVE-2006-1242
    * 211_usb-gadget-rndis-bufoverflow.diff
      [SECURITY] Fix buffer overflow in the USB Gadget RNDIS implementation
      that allows for a remote DoS attack (kmalloc'd memory corruption)
      See CVE-2006-1368
    * 212_ipv4-sin_zero_clear.diff
      [SECURITY] Fix local information leak in af_inet code
      See CVE-2006-1343
    * 213_madvise_remove-restrict.diff
      [SECURITY] Fix vulnerability that allows local users to bypass IPC
      permissions and replace portions of read-only tmpfs files with zeroes.
      See CVE-2006-1524
    * 214_mcast-ip-route-null-deref.diff
      [SECURITY] Fix local DoS vulnerability that allows local users to panic
      a system by requesting a route for a multicast IP
      See CVE-2006-1525
    * 215_sctp-fragment-recurse.diff
      [SECURITY] Fix remote DoS vulnerability that can lead to infinite
      recursion when a packet containing two or more DATA fragments is received
      See CVE-2006-2274
    * 216_sctp-fragmented-receive-fix.diff
      [SECURITY] Fix remote DoS vulnerability that allows IP fragmented
      COOKIE_ECHO and HEARTBEAT SCTP control chunks to cause a kernel panic
      See CVE-2006-2272
    * 217_amd64-fp-reg-leak.diff
      [SECURITY][amd64] Fix an information leak that allows a process to see
      a portion of the floating point state of other processes, possibly
      exposing sensitive information.
      See CVE-2006-1056
    * 218_do_add_counters-race.diff
      [SECURITY] Fix race condition in the do_add_counters() function in
      netfilter that allows local users with CAP_NET_ADMIN capabilities to
      read kernel memory
      See CVE-2006-0039
    * 219_sctp-hb-ack-overflow.diff
      [SECURITY] Fix a remote buffer overflow that can result from a badly
      formatted HB-ACK chunk
      See CVE-2006-1857
    * 220_sctp-param-bound-checks.diff
      [SECURITY] Fix a bound checking error (remote DoS) in the SCTP parameter
      checking code
      See CVE-2006-1858
    * 221_netfilter-do_replace-overflow.diff
      [SECURITY] Fix buffer overflow in netfilter do_replace which can could
      be triggered by users with CAP_NET_ADMIN rights.
      See CVE-2006-0038
    * 222_binfmt-bad-elf-entry-address.diff
      [SECURITY][amd64] Fix potential local DoS vulnerability in the binfmt_elf
      code on em64t processors
      See CVE-2006-0741
  * Build against kernel-tree-2.6.8-16sarge3:
    * net-protocol-mod-refcounts-pre.dpatch, net-protocol-mod-refcounts.dpatch
      [SECURITY] Fix potential DoS (panic) cause by inconsistent reference
      counting in network protocol modules.
      See CVE-2005-3359
    * netfilter-do_replace-overflow.dpatch
      [SECURITY] Fix buffer overflow in netfilter do_replace which can could
      be triggered by users with CAP_NET_ADMIN rights.
      See CVE-2006-0038
    * sys_mbind-sanity-checking.dpatch
      [SECURITY] Make sure maxnodes is safe size before calculating nlongs in
      get_nodes() to prevent a local DoS vulnerability.
      See CVE-2006-0557
    * smbfs-chroot-escape.dpatch
      [SECURITY] Fix directory traversal vulnerability in smbfs that permits
      local users to escape chroot restrictions
      See CVE-2006-1864
    * perfmon-exit-race.dpatch
      [SECURITY][ia64] Fix local denial of service vulnerability (oops) in
      the ia64 perfmon subsystem
      See CVE-2006-0558
    * ia64-die_if_kernel-returns.dpatch
      [SECURITY][ia64] Fix a potential local DoS on ia64 systems caused by
      an incorrect 'noreturn' attribute on die_if_kernel()
      See CVE-2006-0742
    * smbfs-chroot-escape.dpatch
      [SECURITY] Fix directory traversal vulnerability in smbfs that permits
      local users to escape chroot restrictions
      See CVE-2006-1863
    * binfmt-bad-elf-entry-address.dpatch
      [SECURITY][amd64] Fix potential local DoS vulnerability in the binfmt_elf
      code on em64t processors
      See CVE-2006-0741
    * em64t-uncanonical-return-addr.dpatch
      [SECURITY][amd64] Fix local DoS vulnerability on em64t systems that
      arises when returning program control using SYSRET
      See CVE-2006-0744
    * sctp-discard-unexpected-in-closed.dpatch
      [SECURITY] Fix remote DoS in SCTP code by discarding unexpected chunks
      received in CLOSED state instead of calling BUG()
      See CVE-2006-2271
    * ipv4-id-no-increment.dpatch
      [SECURITY] Fix vulnerability that allows remote attackers to conduct an
      Idle Scan attack, bypassing intended protections against such attacks
      See CVE-2006-1242
    * usb-gadget-rndis-bufoverflow.dpatch
      [SECURITY] Fix buffer overflow in the USB Gadget RNDIS implementation that
      allows for a remote DoS attack (kmalloc'd memory corruption)
      See CVE-2006-1368
    * group_complete_signal-BUG_ON.dpatch
      [SECURITY] Fix improper use of BUG_ON in __group_complete_signal()
      See CVE-2006-1523
    * madvise_remove-restrict.dpatch
      [SECURITY] Fix vulnerability that allows local users to bypass IPC
      permissions and replace portions of read-only tmpfs files with zeroes.
      See CVE-2006-1524
    * mcast-ip-route-null-deref.dpatch
      [SECURITY] Fix local DoS vulnerability that allows local users to panic
      a system by requesting a route for a multicast IP
      See CVE-2006-1525
    * sctp-fragment-recurse.dpatch
      [SECURITY] Fix remote DoS vulnerability that can lead to infinite
      recursion when a packet containing two or more DATA fragments is received
      See CVE-2006-2274
    * sctp-fragmented-receive-fix.dpatch
      [SECURITY] Fix remote DoS vulnerability that allows IP fragmented
      COOKIE_ECHO and HEARTBEAT SCTP control chunks to cause a kernel panic
      See CVE-2006-2272
    * amd64-fp-reg-leak-dep[1-3].dpatch, amd64-fp-reg-leak.dpatch
      [SECURITY][amd64] Fix an information leak that allows a process to see
      a portion of the floating point state of other processes, possibly
      exposing sensitive information.
      See CVE-2006-1056
    * do_add_counters-race.dpatch
      [SECURITY] Fix race condition in the do_add_counters() function in
      netfilter that allows local users with CAP_NET_ADMIN capabilities to
      read kernel memory
      See CVE-2006-0039
    * s390-strnlen_user-return.dpatch
      [SECURITY][s390] Fix local DoS on s390 that may result from strnlen_user
      returning a value that is too large
      See CVE-2006-0456
    * xfs-ftruncate-leak.dpatch
      [SECURITY] Fix leak in the ftruncate call in the XFS filesystem that may
      permit local users to view sensitive information
      See CVE-2006-0554
    * nfs-another-O_DIRECT-fix.dpatch
      [SECURITY] Fix a potential local DoS vulnerability in the NFS O_DIRECT
      code
      See CVE-2006-0555
    * sctp-hb-ack-overflow.dpatch
      [SECURITY] Fix a remote buffer overflow that can result from a badly
      formatted HB-ACK chunk
      See CVE-2006-1857
    * sctp-param-bound-checks.dpatch
      [SECURITY] Fix a bound checking error (remote DoS) in the SCTP parameter
      checking code
      See CVE-2006-1858

 -- dann frazier <dannf@debian.org>  Sat, 10 Jun 2006 12:12:24 -0600

fai-kernels (1.9.1sarge1) stable-security; urgency=high

  * NMU by the Security Team
  * Rebuild against kernel-tree-2.6.8-16sarge2 and kernel-tree-2.4.27-10sarge2
  * Don't export PATCH_THE_KERNEL=Yes - the kernel-source is already patched
  * Add build-dep on module-init-tools

 -- dann frazier <dannf@debian.org>  Mon, 27 Feb 2006 20:32:09 -0700

fai-kernels (1.9.1) unstable; urgency=high

  * recompile with new kernel sources
  * use kernel-tree-2.6.8-16 and kernel-tree-2.4.27-10

 -- Thomas Lange <lange@debian.org>  Tue, 31 May 2005 14:33:16 +0200

fai-kernels (1.9) unstable; urgency=high

  * provide kernel patchlevel in Build-depends to easier track security
    issues (closes: #297811)
  * build-depends on kernel-tree packges with abi version number
  * added README.security-updates, README.non-i386
  * prepare the rules files to support powerpc
  * added powerpc-kernel-configs
  * rules: set PATCH_THE_KERNEL=YES, so kernel-sources will be patched

 -- Thomas Lange <lange@debian.org>  Fri,  8 Apr 2005 16:05:45 +0200

fai-kernels (1.8.2) unstable; urgency=low

  * add SATA support for 2.4 kernel (closes: 286854)
  * add IA32_EMULATION (only usefull on x86-64)
  * disable math emulation to make kernel fit on a floppy (for 2.6 kernel)
  * ps2 mouse and serial mouse as module, disable autofs support (2.6 kernel)
  * rules: include file versions which sets the variables kversion and
    kversion24
  * disable HAMACHI and ARCNET in both kernel configs
  * enable options which are needed for fai bootcd kernel
  * use gcc 3.3.5 for compilation
  
 -- Thomas Lange <lange@debian.org>  Fri,  7 Jan 2005 11:58:37 +0100

fai-kernels (1.8.1) unstable; urgency=low

  * add POSIX ACL support for 2.4 kernel (closes: #279871)
  * add ReiserFS ACL support for 2.6 kernel

 -- Thomas Lange <lange@debian.org>  Tue,  9 Nov 2004 11:23:32 +0100

fai-kernels (1.8) unstable; urgency=medium

  * use kernel 2.4.27 and 2.6.8 (closes: #271244)
  * disable coda fs
  * added xfs for 2.4 kernel
  * added some network drivers
  * copy kernel config for 2.6 kernel to doc directory

 -- Thomas Lange <lange@debian.org>  Mon, 13 Sep 2004 11:20:35 +0200

fai-kernels (1.7.1) unstable; urgency=low

  * add Promise IDE drivers
  * add SATA drivers to 2.6 kernel

 -- Thomas Lange <lange@debian.org>  Tue,  3 Aug 2004 21:14:22 +0200

fai-kernels (1.7) unstable; urgency=low

  * use 2.4.26 kernel
  * add config for 2.6.7 kernel
  * add aic79xx scsi driver (closes: #241278)
  * control: reformat extended description

 -- Thomas Lange <lange@debian.org>  Thu, 22 Jul 2004 13:49:50 +0200

fai-kernels (1.6) unstable; urgency=low

  * use 2.4.24 kernel
  * rules: add --append-to-version, copy kernel config to doc directory,
    move value of DH_COMPAT in rules to new compat file
  * fai-kernel-config-2.4: add 3Com typhoon drivers, remove some PCMCIA
    drivers, enable highmem support
  * file kernel-version removed, set version in debian/rules
  
 -- Thomas Lange <lange@debian.org>  Tue,  3 Feb 2004 15:47:46 +0100

fai-kernels (1.5.3) unstable; urgency=low

  * add dependency on modutils (closes: #190895)

 -- Thomas Lange <lange@debian.org>  Tue, 29 Apr 2003 15:59:15 +0200

fai-kernels (1.5.2) unstable; urgency=high

  * kernel configuration now build with make oldconfig instead of
    make menuconfig (closes: #188633)
  * dependency on libncurses5-dev is not needed any more
  * add NEWS file
  
 -- Thomas Lange <lange@debian.org>  Wed, 23 Apr 2003 14:46:58 +0200

fai-kernels (1.5.1) unstable; urgency=low

  * add more network drivers for gigabit cards
  * README: list some network card drivers and their size, if someone need
    more space on the boot floppy

 -- Thomas Lange <lange@debian.org>  Mon,  7 Apr 2003 11:08:09 +0200

fai-kernels (1.5) unstable; urgency=low

  * use 2.4.20 kernel
  * debian/rules: build target only builds kernel version 2.4.x
  * debian/control: remove dependency on kernel-source-2.2.20
  * remove frame buffer support (and the penguin logo)
  * SCSI and IDE drivers are only availavle as modules
  * build target does not need root privileges (closes: #167102)
  * add build dependencies in control file
  * use new Intel NIC drivers, add tulip NIC driver
  * remove NFS server and quota support
  * ext2, loop, floppy now as modules
  * use even more kernel modules to reduce the size of the kernel image
  * disable FDDI drivers
  
 -- Thomas Lange <lange@debian.org>  Thu,  6 Feb 2003 15:53:45 +0100

fai-kernels (1.4) unstable; urgency=medium

  * remove setting of DEB_HOST_ARCH in rules file (closes: #146107)
  * add build-depends on bin86
  * merge the two 2.2.20 kernels to one that support both BOOTP and DHCP
  * override obsolete 1.3 version of this package, but add 2.4 kernel support

 -- Thomas Lange <lange@debian.org>  Thu, 16 May 2002 14:30:34 +0200

fai-kernels (1.3) unstable; urgency=low

  * add README to the Debian package
  * add info how to compile a 2.4.X kernel
  * new kernel-config-2.4 file
  * kernel 2.4.18 included in package
  
 -- Thomas Lange <lange@debian.org>  Wed,  8 May 2002 12:58:16 +0200

fai-kernels (1.2) unstable; urgency=low

  * update for kernel 2.2.20

 -- Thomas Lange <lange@debian.org>  Thu, 11 Apr 2002 11:45:47 +0200

fai-kernels (1.1.5) unstable; urgency=low

  * package depends on kernel-source-2.2.19 (closes: #133584)
  * use RTL8139TOO ethernet driver instead of RTL8139
  * added via-rhine ethernet driver
  
 -- Thomas Lange <lange@debian.org>  Mon, 18 Feb 2002 14:59:55 +0100

fai-kernels (1.1.4) unstable; urgency=low

  * add build-depends (closes: #123716)
  * don't use option I with tar, instead use a pipe and bzcat
  * Standards update to 3.5.6

 -- Thomas Lange <lange@debian.org>  Wed,  2 Jan 2002 15:08:13 +0100

fai-kernels (1.1.3) unstable; urgency=low

  * added driver for Promise IDE controlle (needs kernel boot parameter)

 -- Thomas Lange <lange@debian.org>  Fri, 16 Nov 2001 13:48:46 +0100

fai-kernels (1.1.2) unstable; urgency=low

  * kernel configuration slightly changed
  * added serial console support

 -- Thomas Lange <lange@debian.org>  Thu,  4 Oct 2001 13:01:46 +0200

fai-kernels (1.1.1) unstable; urgency=low

  * Build-Depends to kernel-source without version number (closes:
    #102040, #98117)

 -- Thomas Lange <lange@debian.org>  Mon, 23 Jul 2001 11:19:59 +0200

fai-kernels (1.1) unstable; urgency=low

  * first upload to Debian archive
  * Support for kernel 2.2.19
  * enhanced documentation
  
 -- Thomas Lange <lange@debian.org>  Tue,  8 May 2001 16:22:46 +0200

fai-kernels (1.0) unstable; urgency=low

  * Initial Release.

 -- Thomas Lange <lange@debian.org>  Wed, 29 Nov 2000 17:25:29 +0100


