kernel-image-2.4.27-s390 (2.4.27-2sarge5) stable-security; urgency=high

  * Build against kernel-tree-2.4.27-10sarge5:
    * 233_ia64-sparc-cross-region-mappings.diff
      [SECURITY] Prevent cross-region mappings on ia64 and sparc which
      could be used in a local DoS attack (system crash)
      See CVE-2006-4538
    * 234_atm-clip-freed-skb-deref.diff
      [SECURITY] Avoid dereferencing an already freed skb, preventing a
      potential remote DoS (system crash) vector
      See CVE-2006-4997
    * 235_ppc-alignment-exception-table-check.diff
      [SECURITY][ppc] Avoid potential DoS which can be triggered by some
      futex ops
      See CVE-2006-5649
    * 236_s390-uaccess-memleak.diff
      [SECURITY][s390] Fix memory leak in copy_from_user by clearing the
      remaining bytes of the kernel buffer after a fault on the userspace
      address in copy_from_user()
      See CVE-2006-5174
    * 237_smbfs-honor-mount-opts.diff
      Honor uid, gid and mode mount options for smbfs even when unix extensions
      are enabled (closes: #310982)
      See CVE-2006-5871
    * 238_ppc-hid0-dos.diff
      [SECURITY] [ppc] Fix local DoS by clearing HID0 attention enable on
      PPC970 at boot time
      See CVE-2006-4093

 -- dann frazier <dannf@debian.org>  Tue,  5 Dec 2006 02:23:35 -0700

kernel-image-2.4.27-s390 (2.4.27-2sarge4) stable-security; urgency=high

  * Build against kernel-tree-2.4.27-10sarge4:
    * [ERRATA] 213_madvise_remove-restrict.diff
      [SECURITY] The 2.4.27-10sarge3 changelog associated this patch with
      CVE-2006-1524. However, this patch fixes an mprotect issue that was
      split off from the original report into CVE-2006-2071. 2.4.27 is not
      vulnerable to CVE-2006-1524 the madvise_remove issue.
      See CVE-2006-2071
    * 223_nfs-handle-long-symlinks.diff
      [SECURITY] Fix buffer overflow in NFS readline handling that allows a
      remote server to cause a denial of service (crash) via a long symlink
      See CVE-2005-4798
    * 224_cdrom-bad-cgc.buflen-assign.diff
      [SECURITY] Fix buffer overflow in dvd_read_bca which could potentially
      be used by a local user to trigger a buffer overflow via a specially
      crafted DVD, USB stick, or similar automatically mounted device.
      See CVE-2006-2935
    * 225_sg-no-mmap-VM_IO.diff
      [SECURITY] Fix DoS vulnerability whereby a local user could attempt
      a dio/mmap and cause the sg driver to oops.
      See CVE-2006-1528
    * 226_snmp-nat-mem-corruption-fix.diff
      [SECURITY] Fix memory corruption in snmp_trap_decode
      See CVE-2006-2444
    * 227_kfree_skb.diff
      [SECURITY] Fix race between kfree_skb and __skb_unlink
      See CVE-2006-2446
    * 228_sparc-mb-extraneous-semicolons.diff
      Fix a syntax error caused by extranous semicolons in smp_mb() macros
      which resulted in a build failure with 227_kfree_skb.diff
    * 229_sctp-priv-elevation.diff, 230_sctp-priv-elevation-2.diff
      [SECURITY] Fix SCTP privelege escalation
      See CVE-2006-3745
    * 231_udf-deadlock.diff
      [SECURITY] Fix possible UDF deadlock and memory corruption
      See CVE-2006-4145
    * 232_sparc-membar-extraneous-semicolons.diff
      Fix an additional syntax error caused by extraneous semicolons
      in membar macros on sparc

 -- dann frazier <dannf@debian.org>  Tue,  5 Sep 2006 00:24:23 -0600

kernel-image-2.4.27-s390 (2.4.27-2sarge3) stable-security; urgency=high

  * Build against kernel-tree-2.4.27-10sarge3:
    * 207_smbfs-chroot-escape.diff
      [SECURITY] Fix directory traversal vulnerability in smbfs that permits
      local users to escape chroot restrictions
      See CVE-2006-1864
    * 208_ia64-die_if_kernel-returns.diff
      [SECURITY][ia64] Fix a potential local DoS on ia64 systems caused by
      an incorrect 'noreturn' attribute on die_if_kernel()
      See CVE-2006-0742
    * 209_sctp-discard-unexpected-in-closed.diff
      [SECURITY] Fix remote DoS in SCTP code by discarding unexpected chunks
      received in CLOSED state instead of calling BUG()
      See CVE-2006-2271
    * 210_ipv4-id-no-increment.diff
      [SECURITY] Fix vulnerability that allows remote attackers to conduct an
      Idle Scan attack, bypassing intended protections against such attacks
      See CVE-2006-1242
    * 211_usb-gadget-rndis-bufoverflow.diff
      [SECURITY] Fix buffer overflow in the USB Gadget RNDIS implementation
      that allows for a remote DoS attack (kmalloc'd memory corruption)
      See CVE-2006-1368
    * 212_ipv4-sin_zero_clear.diff
      [SECURITY] Fix local information leak in af_inet code
      See CVE-2006-1343
    * 213_madvise_remove-restrict.diff
      [SECURITY] Fix vulnerability that allows local users to bypass IPC
      permissions and replace portions of read-only tmpfs files with zeroes.
      See CVE-2006-1524
    * 214_mcast-ip-route-null-deref.diff
      [SECURITY] Fix local DoS vulnerability that allows local users to panic
      a system by requesting a route for a multicast IP
      See CVE-2006-1525
    * 215_sctp-fragment-recurse.diff
      [SECURITY] Fix remote DoS vulnerability that can lead to infinite
      recursion when a packet containing two or more DATA fragments is received
      See CVE-2006-2274
    * 216_sctp-fragmented-receive-fix.diff
      [SECURITY] Fix remote DoS vulnerability that allows IP fragmented
      COOKIE_ECHO and HEARTBEAT SCTP control chunks to cause a kernel panic
      See CVE-2006-2272
    * 217_amd64-fp-reg-leak.diff
      [SECURITY][amd64] Fix an information leak that allows a process to see
      a portion of the floating point state of other processes, possibly
      exposing sensitive information.
      See CVE-2006-1056
    * 218_do_add_counters-race.diff
      [SECURITY] Fix race condition in the do_add_counters() function in
      netfilter that allows local users with CAP_NET_ADMIN capabilities to
      read kernel memory
      See CVE-2006-0039
    * 219_sctp-hb-ack-overflow.diff
      [SECURITY] Fix a remote buffer overflow that can result from a badly
      formatted HB-ACK chunk
      See CVE-2006-1857
    * 220_sctp-param-bound-checks.diff
      [SECURITY] Fix a bound checking error (remote DoS) in the SCTP parameter
      checking code
      See CVE-2006-1858
    * 221_netfilter-do_replace-overflow.diff
      [SECURITY] Fix buffer overflow in netfilter do_replace which can could
      be triggered by users with CAP_NET_ADMIN rights.
      See CVE-2006-0038
    * 222_binfmt-bad-elf-entry-address.diff
      [SECURITY][amd64] Fix potential local DoS vulnerability in the binfmt_elf
      code on em64t processors
      See CVE-2006-0741

 -- dann frazier <dannf@debian.org>  Mon, 29 May 2006 17:30:20 -0600

kernel-image-2.4.27-s390 (2.4.27-2sarge2) stable-security; urgency=high

  * Non-maintainer upload by the Security Team
  * Use kernel-tree-2.4.27-10sarge2
  * Use kernel-patch-2.4.27-s390 (>= 2.4.27-2sarge1)
  * Increment ABI to -3

 -- dann frazier <dannf@debian.org>  Wed,  1 Feb 2006 00:44:32 -0700

kernel-image-2.4.27-s390 (2.4.27-2sarge1) stable-security; urgency=high

  * Use kernel-tree-2.4.27-10sarge1.

 -- Bastian Blank <waldi@debian.org>  Fri, 26 Aug 2005 17:04:45 +0000

kernel-image-2.4.27-s390 (2.4.27-2) unstable; urgency=low

  * Use new kernel-patch-2.4.27-s390.
  * Use kernel-tree-2.4.27-8.
  * debian/control
    - Bump soname.

 -- Bastian Blank <waldi@debian.org>  Wed, 26 Jan 2005 13:36:28 +0100

kernel-image-2.4.27-s390 (2.4.27-1) unstable; urgency=high

  * New upstream relese.
    - Use kernel-tree-2.4.27-2 and kernel-patch-2.4.27-s390.
      - CAN-2004-0497 (users could modify group ID of arbitrary files on
        the system)
      - CAN-2004-0415 (file offset pointer handling race)

 -- Bastian Blank <waldi@debian.org>  Tue, 17 Aug 2004 11:46:07 +0200

kernel-image-2.4.26-s390 (2.4.26-1) unstable; urgency=low

  * New upstream release.
    - Use kernel-tree-2.4.26-1 and kernel-patch-2.4.26-s390.

 -- Bastian Blank <waldi@debian.org>  Sun, 25 Apr 2004 12:50:08 +0200

kernel-image-2.4.25-s390 (2.4.25-2) unstable; urgency=low

  * Use kernel-tree-2.4.25-3
    - CAN-2004-0003
    - CAN-2004-0010
    - CAN-2004-0109
    - CAN-2004-0177

 -- Bastian Blank <waldi@debian.org>  Wed, 14 Apr 2004 17:35:49 +0200

kernel-image-2.4.25-s390 (2.4.25-1) unstable; urgency=low

  * New upstream release.
    - Use kernel-tree-2.4.25-1 and kernel-patch-2.4.25-s390.
  * debian/control:
    - Update.
  * debian/rules:
    - Enable s390x kernels.

 -- Bastian Blank <waldi@debian.org>  Sun, 04 Apr 2004 14:04:51 +0200

kernel-image-2.4.21-s390 (2.4.21-2) unstable; urgency=low

  * Rebuild against new kernel-patch.

 -- Bastian Blank <waldi@debian.org>  Sat, 06 Mar 2004 21:55:59 +0100

kernel-image-2.4.21-s390 (2.4.21-1) unstable; urgency=low

  * New upstream release.
    - Use kernel-tree-2.4.21-7 and kernel-patch-2.4.21-s390.
  * debian/control:
    - Change Maintainer to debian-s390@lists.debian.org.
    - Add Bastian Blank and Jochen Röhrig to Uploaders.
    - Update.

 -- Bastian Blank <waldi@debian.org>  Sat, 14 Feb 2004 21:36:58 +0100

kernel-image-2.4.19-s390 (2.4.19-2) unstable; urgency=low

  * Some restructuring by Bastian Blank <waldi@debian.org>:
    - new udebs for debian installer
    - support for 64 bit kernel on 31 bit (not yet enabled)

 -- Jochen Röhrig <jr@debian.org>  Thu, 28 Nov 2002 21:57:59 +0100

kernel-image-2.4.19-s390 (2.4.19-1) unstable; urgency=high

  * New upstream release.
  * Replaced 2.4.17-patches by the initial 2.4.19-patch from the
    IBM Developerworks website (released on 2002.09.13).
    This patch includes the source code for the qdio I/O-driver which
    was only available as object code only module so far, and support for
    the new zSeries FCP attachment for SCSI.
  * Integrated a new kernel-patch from the IBM Developerworks
    website which fixes a lot of problems (released on 2002.10.24).
  * Integrated a new kernel-patch from the IBM Developerworks
    website which fixes further problems (released on 2002.11.25).
  * Integrated the kerntypes patch from the IBM Developerworks
    website (released on 2002.09.13).
  * Integrated the on-demand timer patch from the IBM Developerworks
    website (released on 2002.10.24).
  * Ported the ramdisk-patch to apply on 2.4.19-kernel-source
    (port by Bastian Blank <waldi@debian.org>).
  * Ported the cmsfs-patch to apply on 2.4.19-kernel-source
    (port by Bastian Blank <waldi@debian.org>).
  * Removed ksyms-fix-patch (not needed any longer).

 -- Jochen R<F6>hrig <jr@debian.org>  Wed, 27 Nov 2002 22:36:43 +0100

kernel-image-2.4.17-s390 (2.4.17-3) unstable; urgency=high

  * Integrated a new kernel-patch from the IBM Developerworks
    website (released on 2002.06.12).
    This patch fixes the DASD deadlock problem and some other severe
    problems.
  * Removed NMU DASD deadlock fix.
  * Integrated a new kernel-patch from the IBM Developerworks
    website (released on 2002.08.16).
    This patch fixes a problem related to the IUCV driver.

 -- Jochen Röhrig <jr@debian.org>  Tue, 10 Sep 2002 21:33:13 +0200

kernel-image-2.4.17-s390 (2.4.17-2.1) unstable; urgency=high

  * NMU
  * Rebuilt with kernel-patch-2.4.17-s390 0.0.20020415-1.1 which
    fixes a possible DASD deadlock

 -- Stefan Gybas <sgybas@debian.org>  Mon, 29 Apr 2002 21:15:18 +0200

kernel-image-2.4.17-s390 (2.4.17-2) unstable; urgency=high

  * Integrated a new kernel-patch from the IBM Developerworks
    website (released on 2002.04.15).
  * Added cpint-patch by Neale Ferguson which allows to invoke CP commands
    from Linux.
  * Added cmsfs-patch by Rick Troth <rtroth@bmc.com> which enables read
    only access to CMS disks.

 -- Jochen Röhrig <jr@debian.org>  Tue, 16 Apr 2002 20:14:50 +0200

kernel-image-2.4.17-s390 (2.4.17-1) unstable; urgency=low

  * New upstream release.
  * Use kernel-patch-2.4.17-s390.
  * First kernel-image package including the freshly open sourced lcs
    network driver module which was only available from the IBM
    Developerworks website as object code only module so far. 

 -- Jochen Röhrig <jr@debian.org>  Wed,  6 Mar 2002 21:25:25 +0100

kernel-image-2.4.16-s390 (2.4.16-2) unstable; urgency=low

  * Integrated a patch by Gerhard Tonn <gt@debian.org> which fixes
    compile problems for some packages that use the kernel-headers.
  * Use new kernel-package which generates /etc/zipl.conf correctly
    in the kernel-image-postinstall-script. 

 -- Jochen Röhrig <jr@debian.org>  Wed, 13 Feb 2002 22:25:16 +0100 

kernel-image-2.4.16-s390 (2.4.16-1) unstable; urgency=low

  * New upstream release.
  * Use kernel-patch-2.4.16-s390.
  * Enable CONFIG_EXT3_FS.

 -- Jochen Röhrig <jr@debian.org>  Fri, 21 Dec 2001 01:04:09 +0100

kernel-image-2.4.7-s390 (2.4.7-5) unstable; urgency=low

  * Integrated a new kernel-patch from the IBM Developerworks
    website (released on 2001.11.23).
  * Updated the patch by Gerhard Ton <gt@debian.org> which adds
    support for a second initrd (needed by the s390 boot-floppies).
  * Enable CONFIG_FILTER and CRAMFS.

 -- Jochen Röhrig <jr@debian.org>  Tue, 11 Dec 2001 22:28:02 +0100

kernel-image-2.4.7-s390 (2.4.7-4) unstable; urgency=low

  * Integrated a new kernel-patch from the IBM Developerworks
    website (released on 2001.11.09).
  * Integrated a patch by Gerhard Ton <gt@debian.org> which adds
    support for a second initrd (needed by the s390 boot-floppies).

 -- Jochen Röhrig <jr@debian.org>  Tue, 13 Nov 2001 22:05:01 +0100

kernel-image-2.4.7-s390 (2.4.7-3) unstable; urgency=low

  * Integrated the current kernel-patches from the IBM Developerworks
    website.
  * Renamed kernel-headers-deb and fixed problem with version-info in
    include/linux/version.h
  * Install System.map and config in /boot/ of s390-tape-udeb.

 -- Jochen Röhrig <jr@debian.org>  Fri, 26 Oct 2001 00:45:08 +0200

kernel-image-2.4.7-s390 (2.4.7-2) unstable; urgency=low

  * Compile NFS support as module.
  * Corrected some dependencies.
  * Changed section to devel.

 -- Jochen Röhrig <jr@debian.org>  Thu,  6 Sep 2001 20:36:32 +0200

kernel-image-2.4.7-s390 (2.4.7-1) unstable; urgency=low

  * New upstream release.
  * Build s390-tape binary package as udeb.

 -- Jochen Röhrig <jr@debian.org>  Wed, 22 Aug 2001 00:43:24 +0200

kernel-image-2.4.5-s390 (2.4.5-1) unstable; urgency=low

  * Initial release, based on the kernel-image-2.4.7-i386 package

 -- Stefan Gybas <sgybas@debian.org>  Wed,  1 Aug 2001 09:03:24 +0200
