kernel-image-2.4.18-1-i386 (2.4.18-13.2) oldstable-security; urgency=high

  * Non-maintainer upload by the Security Team
  * Rebuilt against kernel-source 2.4.18-14.4.
    * Applied patch from John Byrne <john.l.byrne@hp.com> for Linux 2.4.26
      to fix local denial of service in do_fork()
      <http://marc.theaimsgroup.com/?l=linux-kernel&m=108139073506983&w=2>
      [kernel/fork.c, CAN-2004-0427]
    * Applied patch by Marcelo Tosatti <marcelo.tosatti@cyclades.com> to fix
      potential memory access to free memory in /proc handling
      [fs/proc/base.c, CAN-2005-0489]
    * Applied patch by Marcelo Tosatti <marcelo.tosatti@cyclades.com> to fix
      a possible buffer overflow in panic() [kernel/panic.c, CAN-2004-0394]
    * Applied patch by David Mosberger <davidm@napali.hpl.hp.com> to fix
      local denial of service in combination with gdb 6.x and NPTL on IA-64
      <http://marc.theaimsgroup.com/?l=linux-ia64&m=108026377907667&w=2>
      [arch/ia64/kernel/unwind.c, CAN-2004-0447]
    * Applied patch by Alexander Nyberg and Andi/Sergey to fix local denial
      of service.  <http://linuxreviews.org/news/2004-06-11_kernel_crash/>
      [include/asm-i386/i387.h, CAN-2004-0554]
    * Applied patch by Arun Sharma <arun.sharma@intel.com> to fix register
      information leak on the IA64 architecture
      <http://lia64.bkbits.net:8080/to-linus-2.5/cset@1.1726.29.7>
      [include/asm-ia64/system.h, CAN-2004-0565]
    * Backported patch by Mark Cox to fix information leak by initialising
      allocated data structures [drivers/usb/serial/io_edgeport.c,
      drivers/sound/audio.c, drivers/usb/vicam.c, CAN-2004-0685]
      <http://linux.bkbits.net:8080/linux-2.4/cset@410582380U3H9KOx8J2YZmMT0bhXQw>
    * Applied patch from Marcelo Tosatti to fix i386 SMP page fault handler
      privilege escalation [include/linux/mm.h, CAN-2005-0001]
    * Applied patch by Stefan Esser to fix missing boundary checks
      [fs/smbfs/proc.c, fs/smbfs/sock.c, CAN-2004-0883]
    * Applied patch by Stefan Esser to fix information leak
      [fs/smbfs/sock.c, CAN-2004-0949]
    * Applied patch by Herbert Xu to fix a denial of service in scm_send()
      <http://linux.bkbits.net:8080/linux-2.4/cset@41b76e94BsJKm8jhVtyDat9ZM1dXXg>,
      added patch by Marcus Meissner to fix more 64/32 bit compatibility
      code, added additional patch by Olaf Kirch and Marcus Meissner for
      type correction [arch/ia64/ia32/sys_ia32.c,
      arch/s390x/kernel/linux32.c, include/linux/socket.h, net/core/scm.c,
      net/ipv4/ip_sockglue.c, net/ipv6/datagram.c, CAN-2004-1016]
    * Applied patch by Thiemo Seufer to fix local ptrace root in the MIPS
      ptrace implementation [arch/mips/kernel/scall_o32.S,
      arch/mips/tools/offset.c, arch/mips64/kernel/scall_64.S,
      arch/mips64/kernel/scall_o32.S, CAN-2004-0997]
    * Applied patch by Marcelo Tosatti to fix integer overflow in the
      vc_resize() function [drivers/char/console.c, CAN-2004-1333]
    * Applied patch by Dave Miller to fix memory leak in ip_options_get()
      [net/ipv4/ip_options.c, CAN-2004-1335]
    * Applied patch by Greg Kroah-Hartman to fix buffer overflow and crash
      [drivers/usb/serial/io_edgeport.c, CAN-2004-1017]
    * Applied patch by Jan Harkes to fix to add bounds checking for tainted
      scalars [include/linux/coda.h, fs/coda/upcall.c, CAN-2005-0124]
    * Applied patch by Andrea Arcangeli from 2.4.24 to fix privilege
      escalation in the mremap() syscall [mm/mremap.c, CAN-2004-nnnn]
    * Applied patch by Tom Rini to fix information leak
      [drivers/char/efirtc.c, drivers/char/rtc.c, drivers/macintosh/rtc.c,
      drivers/sbus/char/rtc.c, CAN-2003-0984]
    * Applied patch by Chris Wright to fix wrong return value check while
      filling kernel buffers [fs/binfmt_elf.c, CAN-2004-1070]
    * Applied patch by Chris Wright to fix incorrect error behaviour when
      mmap() fails [fs/binfmt_elf.c, CAN-2004-1071]
    * Applied patch by Chris Wright to fix NULL termination vulnerability
      when reading an interpreter [fs/binfmt_elf.c, CAN-2004-1072]
    * Applied patch by Chris Wright to fix reading of non-readable ELF
      binaries [fs/binfmt_elf.c, CAN-2004-1073]
    * Applied patch by Chris Wright to not insert overlapping regions in
      setup_arg_pages() [fs/exec.c, associated to CAN-2004-1074]
    * Applied patch by Chris Wright to fix error handling in do_brk() when
      setting up bss in a.out [fs/binfmt_aout.c, CAN-2004-1074]
    * Applied patch by Chris Wright to denial of service in the ELF loader
      when the interpreter architecture doesn't match the current one
      <http://linux.bkbits.net:8080/linux-2.4/cset@4021346f79nBb-4X_usRikR3Iyb4Vg>
      [fs/binfmt_elf.c, CAN-2004-0138]
    * Applied patch by Dave Miller to serialize dgram read using semaphore
      [net/unix/af_unix.c, CAN-2004-1068]
    * Applied patch by Chris Wright to fix denial of service in the ELF loader
      <http://linux.bkbits.net:8080/linux-2.4/cset@4076466d_SqUm4azg4_v3FIG2-X6XQ>
      [fs/binfmt_elf.c, CAN-2004-1234]
    * Backported patch by Nanhai Zou from 2.6 to fix denial of service via
      broken executables [arch/ia64/ia32/binfmt_elf32.c,
      arch/ia64/mm/init.c, fs/exec.c, include/linux/mm.h, mm/mmap.c,
      CAN-2005-0003]
    * Backported patch by Chris Wright and Simon Heywood to fix a race
      conditions in the uselib calls for ELF and a.out formats
      [arch/mips/kernel/irixelf.c, arch/sparc64/kernel/binfmt_aout32.c,
      fs/binfmt_aout.c, fs/binfmt_elf.c, CAN-2004-1235]
    * Applied patch by Brad Spengler to fix integer overflow in the moxa
      serial driver [drivers/char/moxa.c, CAN-2005-0504]
    * Applied patch by Ben Martel and Stephen Blackheath to fix a remote
      denial of service [drivers/net/ppp_async.c, CAN-2005-0384]
    * Backported patch by Keith Owens to fix a locally induced crash on
      IA-64 machines [arch/ia64/kernel/unwind.c, CAN-2005-0135]
    * Export __cpu_logical_map on alpha to fix a FTBFS bug.

 -- dann frazier <dannf@debian.org>  Sun, 11 Dec 2005 21:29:11 -0700

kernel-image-2.4.18-1-i386 (2.4.18-13.1) stable-security; urgency=high

  * Non-maintainer upload by the Security Team
  * Rebuilt in order to get back modules which got lost in 2.4.18-13

 -- Martin Schulze <joey@infodrom.org>  Wed, 14 Apr 2004 19:09:56 +0200

kernel-image-2.4.18-1-i386 (2.4.18-13) stable-security; urgency=high

  * Rebuilt against kernel-source 2.4.18-14.3.
    . Applied patch by Petr Vandrovec <vandrove@vc.cvut.cz> to fix a
      possible roothole in ncpfs discovered by Arjan van de Ven
      <arjanv@devserv.devel.redhat.com> [fs/ncpfs/dir.c, CAN-2004-0010]
    . Applied patch by Sebastian Krahmer <krahmer@suse.de> and Ernie
      Petrides <petrides@redhat.com> to fix a local root exploit in iso9660
      [fs/isofs/rock.c, CAN-2004-0109]
    . Applied patch by Alan Cox and Thomas Biege to fix local root exploit
      in the R128 DRI code [drivers/char/drm/r128_state.c, CAN-2004-0003,
      drivers/char/drm-4.0/r128_state.c]
    . Applied additional patch by Ernie Petrides <petrides@redhat.com> to
      fix another intance of the same
    . Applied patch by Theodore Ts'o <tytso@mit.edu> to fix an information
      leak in ext3 journal creation [fs/jbd/journal.c, CAN-2004-0177]
    . Applied patch by Andreas Kies <andikies@t-online.de> to fix local
      denial of service in the Sound Blaster driver
      [drivers/sound/sb_audio.c, CAN-2004-0178]

 -- Herbert Xu <herbert@debian.org>  Sat, 10 Apr 2004 10:21:21 +1000

kernel-image-2.4.18-1-i386 (2.4.18-12.2) stable-security; urgency=high

  * Non-maintainer upload by the Security Team
  * Built against kernel-source-2.4.18-2.4.18-14.2 which includes a patch
    extracted from Solar Designer's Owl patched kernel to fix local
    privilege escalation discovered by Paul Starzetz (CAN-2004-0077)

  -- Martin Schulze <joey@infodrom.org>  Sat, 31 Jan 2004 17:41:20 +0100

kernel-image-2.4.18-1-i386 (2.4.18-12.1) stable-security; urgency=high

  * Non-maintainer upload by the Security Team
  * Built against kernel kernel-source-2.4.18-2.4.18-14.1
    - Applied patch by Andrea Arcangeli to fix local privilege escalation
      discovered by Paul Starzetz (CAN-2003-0985)

 -- Martin Schulze <joey@infodrom.org>  Mon,  5 Jan 2004 16:37:09 +0100

kernel-image-2.4.18-1-i386 (2.4.18-12) stable-security; urgency=high

  * Rebuilt against kernel-source 2.4.18-14.
    . Added TASK_SIZE check to do_brk in mm/mmap.c.

 -- Herbert Xu <herbert@debian.org>  Sat, 29 Nov 2003 10:11:02 +1100

kernel-image-2.4.18-1-i386 (2.4.18-11) stable-security; urgency=high

  * Rebuilt against kernel-source 2.4.18-13.
    . Fixed steal_locks race introduced in 2.4.18-10.

 -- Herbert Xu <herbert@debian.org>  Sun, 10 Aug 2003 09:06:37 +1000

kernel-image-2.4.18-1-i386 (2.4.18-10) stable-security; urgency=high

  * Rebuilt against kernel-source 2.4.18-12 (closes: #203802).
    . Fixed is_dumpable crash in include/linux/sched.h.

 -- Herbert Xu <herbert@debian.org>  Sat,  2 Aug 2003 09:18:34 +1000

kernel-image-2.4.18-1-i386 (2.4.18-9) stable-security; urgency=high

  * Rebuilt against kernel-source 2.4.18-10.
    . Made /proc/tty/driver root-only (CAN-2003-0461).
    . Fixed exec file handling semantics (CAN-2003-0462, CAN-2003-0476).
    . Fixed sunrpc UDP reuse bug in net/sunrpc/svcsock.c (CAN-2003-0464).
    . Fixed unchecked copy_to_user in fs/proc/proc_misc.c.
    . Fixed ptrace/proc bug in fs/proc/base.c (CAN-2003-0501).
    . Fixed bridging security issues (CAN-2003-055[012]).
    . Fixed boundary check in net/core/filter.c.

 -- Herbert Xu <herbert@debian.org>  Sat, 26 Jul 2003 14:39:21 +1000

kernel-image-2.4.18-1-i386 (2.4.18-8) stable; urgency=low

  * Rebuilt against kernel-source 2.4.18-9.
    . Fixed mxcsr security hole in arch/i386/kernel/i387.c.
    . Fixed TIOCCONS and writing to /dev/console.
    . Fixed hashing exploits in fragment processing.

 -- Herbert Xu <herbert@debian.org>  Fri,  6 Jun 2003 20:27:19 +1000

kernel-image-2.4.18-1-i386 (2.4.18-7) stable; urgency=low

  * Rebuilt against kernel-source 2.4.18-8.
   . Fixed TSS I/O bitmap initialisation in arch/i386/kernel/ioport.c.
   . Fixed hashing exploits in network stack (David S. Miller).
  * Changed modules ABI.
  * Removed udebs.

 -- Herbert Xu <herbert@debian.org>  Sat, 17 May 2003 15:19:43 +1000

kernel-image-2.4.18-i386 (2.4.18-6) stable; urgency=high

  * Fixed i386 lcall DoS (Petr Vandrovec).

 -- Herbert Xu <herbert@debian.org>  Mon, 18 Nov 2002 22:53:42 +1100

kernel-image-2.4.18-i386 (2.4.18-5) unstable; urgency=low

  * Built against kernel-source 2.4.18-5.
  * Added replaces header for kernel-pcmcia-modules (closes: #140719).
  * Enabled MTD devices (closes: #139316).

 -- Herbert Xu <herbert@debian.org>  Sun, 14 Apr 2002 10:06:38 +1000

kernel-image-2.4.18-i386 (2.4.18-4) unstable; urgency=high

  * Built against kernel-source 2.4.18-4.

 -- Herbert Xu <herbert@debian.org>  Wed, 20 Mar 2002 20:10:26 +1100

kernel-image-2.4.18-i386 (2.4.18-3) unstable; urgency=high

  * Build 4.1 DRM modules instead of 4.0 ones (closes: #138382).

 -- Herbert Xu <herbert@debian.org>  Fri, 15 Mar 2002 19:45:22 +1100

kernel-image-2.4.18-i386 (2.4.18-2) unstable; urgency=high

  * Built against kernel-source 2.4.18-3.
  * Added dependency on modutils-* to kernel-image-udeb (closes: #136743).
  * Per request from PCMCIA maintainer:
   . Moved PCMCIA modules back again.
   . Split PCMCIA modules into their own packages.

 -- Herbert Xu <herbert@debian.org>  Wed, 13 Mar 2002 21:34:25 +1100

kernel-image-2.4.18-i386 (2.4.18-1) unstable; urgency=low

  * New upstream release.
  * Built with kernel-package 7.80 (closes: #128665).
  * Added note about Pentium IV in -686* packages (closes: #134213).
  * Disabled ACORN_PARTITION_POWERTEC as it's too aggresive (closes: #129373).
  * Moved PCMCIA modules to kernel-pcmcia-$(version) (closes: #128662).

 -- Herbert Xu <herbert@debian.org>  Thu, 28 Feb 2002 21:52:37 +1100

kernel-image-2.4.17-i386 (2.4.17-1) unstable; urgency=low

  * New upstream release.
  * Removed 586 flavour due to lack of interest.
  * Fixed typos in control file (Alexey Mahotkin, Matt Zimmerman,
    closes: #124828).
  * Built with kernel-package 7.75 (closes: 121960).
  * Enabled ATM support (closes: #126130).

 -- Herbert Xu <herbert@debian.org>  Sat, 22 Dec 2001 16:03:32 +1100

kernel-image-2.4.16-i386 (2.4.16-1) unstable; urgency=low

  * New upstream release.

 -- Herbert Xu <herbert@debian.org>  Wed, 28 Nov 2001 07:44:56 +1100

kernel-image-2.4.15-i386 (2.4.15-1) unstable; urgency=low

  * New upstream release.

 -- Herbert Xu <herbert@debian.org>  Sat, 24 Nov 2001 18:51:38 +1100

kernel-image-2.4.14-i386 (2.4.14-1) unstable; urgency=low

  * New upstream release.
  * Reinstated k7 flavour.

 -- Herbert Xu <herbert@debian.org>  Fri,  9 Nov 2001 20:45:25 +1100

kernel-image-2.4.13-i386 (2.4.13-1) unstable; urgency=low

  * New upstream release.
  * Put nic-modules on a diet.
  * Added nic-modules-shared and nic-modules-extra.
  * Added plip-modules (closes: #116016).
  * Added support for capifs.
  * Increased versioned dependency on initrd-tools for new mkcramfs to work
    around tmpfs bug in 2.4.12.

 -- Herbert Xu <herbert@debian.org>  Sat, 27 Oct 2001 17:56:21 +1000

kernel-image-2.4.12-i386 (2.4.12-1) unstable; urgency=low

  * New upstream release.

 -- Herbert Xu <herbert@debian.org>  Sat, 13 Oct 2001 12:42:42 +1000

kernel-image-2.4.10-i386 (2.4.10-1) unstable; urgency=low

  * New upstream release.
  * Disabled ACORN_PARTITION_ADFS as it's too aggressive.
  * Disable ECN by default.  It's still compiled in though.
  * Added drivers to nic-modules per reqeust from Raphael Hertzog.

 -- Herbert Xu <herbert@debian.org>  Sat, 29 Sep 2001 17:46:10 +1000

kernel-image-2.4.9-i386 (2.4.9-1) unstable; urgency=low

  * New upstream release.

 -- Herbert Xu <herbert@debian.org>  Sat, 18 Aug 2001 22:16:41 +1000

kernel-image-2.4.8-i386 (2.4.8-1) unstable; urgency=low

  * New upstream release.
  * Added ide/cdrom/scsi udeb packages.

 -- Herbert Xu <herbert@debian.org>  Sun, 12 Aug 2001 09:36:26 +1000

kernel-image-2.4.7-i386 (2.4.7-1) unstable; urgency=low

  * New upstream release.
  * Recommend the k6 flavour for Duron/Athlon systems (closes: #103656).

 -- Herbert Xu <herbert@debian.org>  Sat, 21 Jul 2001 22:26:43 +1000

kernel-image-2.4.6-i386 (2.4.6-1) unstable; urgency=low

  * New upstream release.
  * Enabled USB_STORAGE_FREECOM (closes: #100674).

 -- Herbert Xu <herbert@debian.org>  Thu,  5 Jul 2001 20:04:24 +1000

kernel-image-2.4.5-i386 (2.4.5-1) unstable; urgency=low

  * New upstream release.
  * Built against new kernel-packages (closes: #93957, #98083).
  * Removed k7 flavour until it works consistently.
  * Integrated the di image (closes: #96220).

 -- Herbert Xu <herbert@debian.org>  Sun, 27 May 2001 14:24:39 +1000

kernel-image-2.4.4-i386 (2.4.4-1) unstable; urgency=low

  * New upstream release.
  * Removed pentium4 for cost/benefit reasons.  Either compile your own or
    use 686.

 -- Herbert Xu <herbert@debian.org>  Sun, 29 Apr 2001 10:53:41 +1000

kernel-image-2.4.3-i386 (2.4.3-2) unstable; urgency=low

  * Removed unnecessary pentiumiii/pentiumiii-smp flavours.
  * Built against kernel-source 2.4.3-4.
  * Built against modified kernel-package which generates correct lilo.conf for
    initrd.

 -- Herbert Xu <herbert@debian.org>  Sun, 22 Apr 2001 11:43:45 +1000

kernel-image-2.4.3-i386 (2.4.3-1) unstable; urgency=low

  * New upstream release.
  * Added versioned dependency on modutils for kernel-image packages
    (closes: #90906).
  * Built with modified kernel-package (closes: #91320, #91326).
  * Disabled CONFIG_VIDEO_ZORAN since it doesn't build with 2.4.3.
  * Exported proc_get_inode (ac patches, closes: #91325).

 -- Herbert Xu <herbert@debian.org>  Mon, 16 Apr 2001 08:39:36 +1000

kernel-image-2.4.2-i386 (2.4.2-1) unstable; urgency=low

  * New upstream release (closes: #83689).
  * Started using initrd (closes: #54292, #65559, #81474).
  * Added build-time dependency on modutils.

 -- Herbert Xu <herbert@debian.org>  Sun, 11 Mar 2001 15:12:53 +1100

kernel-image-2.4.0-test11-i386 (2.4.0-test11-1) unstable; urgency=low

  * New upstream release.
  * Only kernel-headers for now.

 -- Herbert Xu <herbert@debian.org>  Sun, 10 Dec 2000 08:22:07 +1100

kernel-image-2.2.18pre21-i386 (2.2.18pre21-1) stable unstable; urgency=low

  * New upstream release.
  * Build QLOGIC_FC as a module since we're over 1M again.

 -- Herbert Xu <herbert@debian.org>  Sat, 18 Nov 2000 14:50:54 +1100

kernel-image-2.2.17-i386 (1:2.2.17-1) stable unstable; urgency=low

  * New upstream release.

 -- Herbert Xu <herbert@debian.org>  Sat,  9 Sep 2000 12:25:28 +1100

kernel-image-2.2.17-i386 (2.2.17pre6-1) frozen unstable; urgency=low

  * New upstream release.

 -- Herbert Xu <herbert@debian.org>  Sun, 25 Jun 2000 09:17:30 +1000

kernel-image-2.2.16-i386 (2.2.16-1) frozen unstable; urgency=low

  * New upstream release (2.2.16).
  * DAC960 is now built as a module since 2.2.16 puts us over 1M again.

 -- Herbert Xu <herbert@debian.org>  Sun, 18 Jun 2000 15:50:07 +1000

kernel-image-2.2.15-i386 (1:2.2.15-2) frozen unstable; urgency=low

  * Rebuilt with kernel-source 2.2.15-3.

 -- Herbert Xu <herbert@debian.org>  Thu,  1 Jun 2000 10:13:30 +1000

kernel-image-2.2.15-i386 (1:2.2.15-1) frozen unstable; urgency=low

  * New upstream release (2.2.15-2).

 -- Herbert Xu <herbert@debian.org>  Sat, 13 May 2000 10:00:51 +1000

kernel-image-2.2.15-i386 (2.2.15pre20-1) frozen unstable; urgency=low

  * New upstream release.
  * The kernel version now includes the flavour.

 -- Herbert Xu <herbert@debian.org>  Tue, 25 Apr 2000 15:27:44 +1000

kernel-image-2.2.15-i386 (2.2.15pre19-1) frozen unstable; urgency=low

  * New upstream release.
  * Swapped AM53C974 and DC390T since the former seems to work better
    (closes: #56634).

 -- Herbert Xu <herbert@debian.org>  Fri, 21 Apr 2000 13:36:02 +1000

kernel-image-2.2.14-i386 (2.2.14-4) frozen unstable; urgency=low

  * Enabled CONFIG_NCPFS_NFS_NS and CONFIG_NCPFS_OS2_NS (closes: #61704).
  * Enabled IDESCSI.
  * kernel-image-*-ide is now built as a flavour.

 -- Herbert Xu <herbert@debian.org>  Sun, 16 Apr 2000 13:05:53 +1000

kernel-image-2.2.14-i386 (2.2.14-3) frozen unstable; urgency=low

  * Enabled IP masquerading (closes: #61201).
  * kernel-image-*-ide now has a distinct Description field (closes: #56891).

 -- Herbert Xu <herbert@debian.org>  Mon,  3 Apr 2000 08:34:45 +1000

kernel-image-2.2.14-i386 (2.2.14-2) frozen unstable; urgency=low

  * Enabled ServerRAID (closes: #52597).
  * Enabled DAC960 (closes: #49863).
  * Enabled CONFIG_FILTER (closes: #50996).
  * Enabled quota support (closes: #60206).

 -- Herbert Xu <herbert@debian.org>  Wed, 22 Mar 2000 15:12:21 +1100

kernel-image-2.2.14-i386 (2.2.14-1) unstable; urgency=low

  * New upstream release.

 -- Herbert Xu <herbert@debian.org>  Sat, 15 Jan 2000 13:13:29 +1100

kernel-image-2.2.13-i386 (2.2.13-3) unstable; urgency=low

  * Added an ide subarch (closes: #50908).

 -- Herbert Xu <herbert@debian.org>  Thu,  2 Dec 1999 00:30:15 +1100

kernel-image-2.2.13-i386 (2.2.13-2) unstable; urgency=low

  * Initial release.
  * Disabled CONFIG_APM_RTC_IS_GMT (closes: #48503).
  * Enabled Unix98 ptys (closes: #49723).
  * Turned initrd back on as it was accidentally disabled (closes: #50109).
  * Downgraded CONFIG_SCSI_AM53C974 to a module (closes: #49559).
  * Enabled Stallion drivers as modules.

 -- Herbert Xu <herbert@debian.org>  Fri, 19 Nov 1999 21:56:37 +1100

