kernel-image-speakup-i386 (2.4.27-1.1sarge4) stable-security; urgency=high

  * Build against kernel-tree-2.4.27-10sarge5:
    * 233_ia64-sparc-cross-region-mappings.diff
      [SECURITY] Prevent cross-region mappings on ia64 and sparc which
      could be used in a local DoS attack (system crash)
      See CVE-2006-4538
    * 234_atm-clip-freed-skb-deref.diff
      [SECURITY] Avoid dereferencing an already freed skb, preventing a
      potential remote DoS (system crash) vector
      See CVE-2006-4997
    * 235_ppc-alignment-exception-table-check.diff
      [SECURITY][ppc] Avoid potential DoS which can be triggered by some
      futex ops
      See CVE-2006-5649
    * 236_s390-uaccess-memleak.diff
      [SECURITY][s390] Fix memory leak in copy_from_user by clearing the
      remaining bytes of the kernel buffer after a fault on the userspace
      address in copy_from_user()
      See CVE-2006-5174
    * 237_smbfs-honor-mount-opts.diff
      Honor uid, gid and mode mount options for smbfs even when unix extensions
      are enabled (closes: #310982)
      See CVE-2006-5871
    * 238_ppc-hid0-dos.diff
      [SECURITY] [ppc] Fix local DoS by clearing HID0 attention enable on
      PPC970 at boot time
      See CVE-2006-4093

 -- dann frazier <dannf@debian.org>  Tue,  5 Dec 2006 09:42:09 -0700

kernel-image-speakup-i386 (2.4.27-1.1sarge3) stable-security; urgency=high

  * Build against kernel-tree-2.4.27-10sarge4:
    * [ERRATA] 213_madvise_remove-restrict.diff
      [SECURITY] The 2.4.27-10sarge3 changelog associated this patch with
      CVE-2006-1524. However, this patch fixes an mprotect issue that was
      split off from the original report into CVE-2006-2071. 2.4.27 is not
      vulnerable to CVE-2006-1524 the madvise_remove issue.
      See CVE-2006-2071
    * 223_nfs-handle-long-symlinks.diff
      [SECURITY] Fix buffer overflow in NFS readline handling that allows a
      remote server to cause a denial of service (crash) via a long symlink
      See CVE-2005-4798
    * 224_cdrom-bad-cgc.buflen-assign.diff
      [SECURITY] Fix buffer overflow in dvd_read_bca which could potentially
      be used by a local user to trigger a buffer overflow via a specially
      crafted DVD, USB stick, or similar automatically mounted device.
      See CVE-2006-2935
    * 225_sg-no-mmap-VM_IO.diff
      [SECURITY] Fix DoS vulnerability whereby a local user could attempt
      a dio/mmap and cause the sg driver to oops.
      See CVE-2006-1528
    * 226_snmp-nat-mem-corruption-fix.diff
      [SECURITY] Fix memory corruption in snmp_trap_decode
      See CVE-2006-2444
    * 227_kfree_skb.diff
      [SECURITY] Fix race between kfree_skb and __skb_unlink
      See CVE-2006-2446
    * 228_sparc-mb-extraneous-semicolons.diff
      Fix a syntax error caused by extranous semicolons in smp_mb() macros
      which resulted in a build failure with 227_kfree_skb.diff
    * 229_sctp-priv-elevation.diff, 230_sctp-priv-elevation-2.diff
      [SECURITY] Fix SCTP privelege escalation
      See CVE-2006-3745
    * 231_udf-deadlock.diff
      [SECURITY] Fix possible UDF deadlock and memory corruption
      See CVE-2006-4145
    * 232_sparc-membar-extraneous-semicolons.diff
      Fix an additional syntax error caused by extraneous semicolons
      in membar macros on sparc

 -- dann frazier <dannf@debian.org>  Wed, 13 Sep 2006 20:42:50 -0600

kernel-image-speakup-i386 (2.4.27-1.1sarge2) stable-security; urgency=high

  * NMU by the Security Team
  * Build against kernel-tree-2.4.27-10sarge3:
    * 207_smbfs-chroot-escape.diff
      [SECURITY] Fix directory traversal vulnerability in smbfs that permits
      local users to escape chroot restrictions
      See CVE-2006-1864
    * 208_ia64-die_if_kernel-returns.diff
      [SECURITY][ia64] Fix a potential local DoS on ia64 systems caused by
      an incorrect 'noreturn' attribute on die_if_kernel()
      See CVE-2006-0742
    * 209_sctp-discard-unexpected-in-closed.diff
      [SECURITY] Fix remote DoS in SCTP code by discarding unexpected chunks
      received in CLOSED state instead of calling BUG()
      See CVE-2006-2271
    * 210_ipv4-id-no-increment.diff
      [SECURITY] Fix vulnerability that allows remote attackers to conduct an
      Idle Scan attack, bypassing intended protections against such attacks
      See CVE-2006-1242
    * 211_usb-gadget-rndis-bufoverflow.diff
      [SECURITY] Fix buffer overflow in the USB Gadget RNDIS implementation
      that allows for a remote DoS attack (kmalloc'd memory corruption)
      See CVE-2006-1368
    * 212_ipv4-sin_zero_clear.diff
      [SECURITY] Fix local information leak in af_inet code
      See CVE-2006-1343
    * 213_madvise_remove-restrict.diff
      [SECURITY] Fix vulnerability that allows local users to bypass IPC
      permissions and replace portions of read-only tmpfs files with zeroes.
      See CVE-2006-1524
    * 214_mcast-ip-route-null-deref.diff
      [SECURITY] Fix local DoS vulnerability that allows local users to panic
      a system by requesting a route for a multicast IP
      See CVE-2006-1525
    * 215_sctp-fragment-recurse.diff
      [SECURITY] Fix remote DoS vulnerability that can lead to infinite
      recursion when a packet containing two or more DATA fragments is received
      See CVE-2006-2274
    * 216_sctp-fragmented-receive-fix.diff
      [SECURITY] Fix remote DoS vulnerability that allows IP fragmented
      COOKIE_ECHO and HEARTBEAT SCTP control chunks to cause a kernel panic
      See CVE-2006-2272
    * 217_amd64-fp-reg-leak.diff
      [SECURITY][amd64] Fix an information leak that allows a process to see
      a portion of the floating point state of other processes, possibly
      exposing sensitive information.
      See CVE-2006-1056
    * 218_do_add_counters-race.diff
      [SECURITY] Fix race condition in the do_add_counters() function in
      netfilter that allows local users with CAP_NET_ADMIN capabilities to
      read kernel memory
      See CVE-2006-0039
    * 219_sctp-hb-ack-overflow.diff
      [SECURITY] Fix a remote buffer overflow that can result from a badly
      formatted HB-ACK chunk
      See CVE-2006-1857
    * 220_sctp-param-bound-checks.diff
      [SECURITY] Fix a bound checking error (remote DoS) in the SCTP parameter
      checking code
      See CVE-2006-1858
    * 221_netfilter-do_replace-overflow.diff
      [SECURITY] Fix buffer overflow in netfilter do_replace which can could
      be triggered by users with CAP_NET_ADMIN rights.
      See CVE-2006-0038
    * 222_binfmt-bad-elf-entry-address.diff
      [SECURITY][amd64] Fix potential local DoS vulnerability in the binfmt_elf
      code on em64t processors
      See CVE-2006-0741

 -- dann frazier <dannf@debian.org>  Sat, 10 Jun 2006 12:17:49 -0600

kernel-image-speakup-i386 (2.4.27-1.1sarge1) stable-security; urgency=high

  * NMU by the Security Team
  * Rebuild against kernel-tree-2.4.27-10sarge2

 -- dann frazier <dannf@debian.org>  Mon, 27 Feb 2006 23:02:51 -0700

kernel-image-speakup-i386 (2.4.27-1.1) unstable; urgency=HIGH

  * NMU
  * Rebuilt with version -8 of the kernel source package to fix numerous
    security holes, including CAN-2005-0001 and CAN-2004-1235.
    Closes: #295624
  * Warning! The security fixes introduced an ABI change in the kernel module
    interface. Kernel modules built for previous versions of this package will
    not work with the new one, nor the new kernel's modules work with older
    versions of the -speakup kernel. Please take appropriate care when
    upgrading.

 -- Joey Hess <joeyh@debian.org>  Fri, 25 Feb 2005 15:27:22 -0500

kernel-image-speakup-i386 (2.4.27-1) unstable; urgency=low

  * New kernel minor version (closes: #266900)
  * Update config/speakup according to config/386 from
    kernel-image-2.4.27-i386.

 -- Mario Lang <mlang@debian.org>  Thu, 19 Aug 2004 21:41:11 +0200

kernel-image-speakup-i386 (2.4.26-1) unstable; urgency=low

  * New kernel minor version.
  * Adjust Build-Depends since we need a new speakup-cvs.

 -- Mario Lang <mlang@debian.org>  Thu,  6 May 2004 21:26:59 +0200

kernel-image-speakup-i386 (2.4.24-1) unstable; urgency=low

  * New kernel minor version.

 -- Mario Lang <mlang@debian.org>  Thu,  8 Jan 2004 12:08:02 +0100

kernel-image-speakup-i386 (2.4.22-3) unstable; urgency=low

  * Build-depend on kernel-tree-2.4.22-5 to fix do_brk.

 -- Mario Lang <mlang@debian.org>  Sat,  6 Dec 2003 23:48:00 +0100

kernel-image-speakup-i386 (2.4.22-2) unstable; urgency=low

  * Reassume maintainership.
  * debian/control: Build-Depend on kernel-patch-speakup >= 20031115-1.
  * config/speakup:
    - CONFIG_DEVFS_FS=y for d-i.
    - Rename CONFIG_SPEAKUP_APOLO to CONFIG_SPEAKUP_APOLLO.
    - Set CONFIG_SPEAKUP_KEYPC=n for now, it doesn't compile.

 -- Mario Lang <mlang@debian.org>  Sat, 15 Nov 2003 18:39:57 +0100

kernel-image-speakup-i386 (2.4.22-1) unstable; urgency=medium

  * Build against kernel-tree-2.4.22-3.
  * Build using the newest speakup-cvs (20031012).

 -- Deedra Waters <dmwaters@linuxpowered.com>  Sat, 11 Oct 2003 19:25:51 +0200

kernel-image-speakup-i386 (2.4.20-3) unstable; urgency=low

  * New maintainer
  * added -initrd to the make-kpkg call (Closes: #189177)
  * removed support for the doubletalk driver in the kernel
  * added util-linux to the build depends
    (Closes: #191378)
  * built the package against kernel-source-2.4.20-7 and updated the build
    depends

 -- Deedra Waters <dmwaters@linuxpowered.com>  Fri, 30 May 2003 15:40:42 -0400

kernel-image-speakup-i386 (2.4.20-2) unstable; urgency=low

  * Recompiled against kernel-source-2.4.20 2.4.20-6 to fix ptrace hole
    and also set build-depends on that version

 -- Mario Lang <mlang@debian.org>  Wed, 26 Mar 2003 12:00:08 +0100

kernel-image-speakup-i386 (2.4.20-1) unstable; urgency=low

  * Initial release (Closes: Bug#173984).

 -- Mario Lang <mlang@debian.org>  Sun,  5 Jan 2003 20:15:50 +0100
