Package "linux-lts-quantal"

  linux-lts-quantal (3.5.0-54.81~precise1) precise; urgency=low

  [ Upstream Kernel Changes ]

  * l2tp: Privilege escalation in ppp over l2tp sockets
    - LP: #1341472
    - CVE-2014-4943

  linux-lts-quantal (3.5.0-52.79~precise1) precise; urgency=low

  [ Upstream Kernel Changes ]

  * x86_64,ptrace: Enforce RIP <= TASK_SIZE_MAX (CVE-2014-4699)
    - LP: #1337339
    - CVE-2014-4699
 -- Luis Henriques <email address hidden> Fri, 04 Jul 2014 10:52:15 +0100

  linux-lts-quantal (3.5.0-52.78~precise1) precise; urgency=low

  [ Luis Henriques ]

  * Release Tracking Bug
    - LP: #1328969

  [ Andy Whitcroft ]

  * [debian] insertchanges -- fix to work across major version changes

  [ Brad Figg ]

  * Non-rebase branch fixups so startnewrelease will work.
  * debian/rules.d/0-common-vars.mk: drop anything after ~ from the version
  * debian/rules.d/1-maintainer.mk: Add '-lts-' to the tag that being used
    to find the base commit

  [ Kamal Mostafa ]

  * [Config] add debian/gbp.conf

  [ Upstream Kernel Changes ]

  * filter: prevent nla extensions to peek beyond the end of the message
    - LP: #1319561, #1319563
    - CVE-2014-3145
 -- Luis Henriques <email address hidden> Wed, 11 Jun 2014 17:23:37 +0100

  linux-lts-quantal (3.5.0-51.77~precise1) precise; urgency=low

  [ Upstream Kernel Changes ]

  * futex-prevent-requeue-pi-on-same-futex.patch futex: Forbid uaddr ==
    uaddr2 in futex_requeue(..., requeue_pi=1)
    - LP: #1326367
    - CVE-2014-3153
  * futex: Validate atomic acquisition in futex_lock_pi_atomic()
    - LP: #1326367
    - CVE-2014-3153
  * futex: Always cleanup owner tid in unlock_pi
    - LP: #1326367
    - CVE-2014-3153
  * futex: Make lookup_pi_state more robust
    - LP: #1326367
    - CVE-2014-3153
 -- Brad Figg <email address hidden> Wed, 04 Jun 2014 16:49:16 -0700

  linux-lts-quantal (3.5.0-51.76~precise1) precise; urgency=low

  [ Brad Figg ]

  * Revert "rtlwifi: Set the link state"

  [ Kamal Mostafa ]

  * Release Tracking Bug
    - re-used previous tracking bug

linux (3.5.0-51.75) quantal; urgency=low

  [ Kamal Mostafa ]

  * Merged back Ubuntu-3.5.0-49.74 security release
  * Revert "n_tty: Fix n_tty_write crash when echoing in raw mode"
    - LP: #1314762
  * Release Tracking Bug
    - LP: #1317333

  [ Upstream Kernel Changes ]

  * ipv6: don't set DST_NOCOUNT for remotely added routes
    - LP: #1293726
    - CVE-2014-2309
  * vhost: fix total length when packets are too short
    - LP: #1312984
    - CVE-2014-0077
  * n_tty: Fix n_tty_write crash when echoing in raw mode
    - LP: #1314762
    - CVE-2014-0196
  * floppy: ignore kernel-only members in FDRAWCMD ioctl input
    - LP: #1316729
    - CVE-2014-1737
  * floppy: don't write kernel-only members to FDRAWCMD ioctl output
    - LP: #1316735
    - CVE-2014-1738

linux (3.5.0-50.74) quantal; urgency=low

  [ Joseph Salisbury ]

  * Release Tracking Bug
    - LP: #1313852

  [ Upstream Kernel Changes ]

  * rds: prevent dereference of a NULL device in rds_iw_laddr_check
    - LP: #1302222
    - CVE-2014-2678
  * vhost: validate vhost_get_vq_desc return value
    - LP: #1298117
    - CVE-2014-0055
  * netfilter: nf_conntrack_dccp: fix skb_header_pointer API usages
    - LP: #1295090
    - CVE-2014-2523
  * ALSA: oxygen: Xonar DG(X): capture from I2S channel 1, not 2
    - LP: #1310783
  * ALSA: oxygen: Xonar DG(X): modify DAC routing
    - LP: #1310783
  * mac80211: fix AP powersave TX vs. wakeup race
    - LP: #1310783
  * iwlwifi: dvm: clear IWL_STA_UCODE_INPROGRESS when assoc fails
    - LP: #1310783
  * ath9k: protect tid->sched check
    - LP: #1310783
  * ath9k: Fix ETSI compliance for AR9462 2.0
    - LP: #1310783
  * genirq: Remove racy waitqueue_active check
    - LP: #1310783
  * sched: Fix double normalization of vruntime
    - LP: #1310783
  * cpuset: fix a race condition in __cpuset_node_allowed_softwall()
    - LP: #1310783
  * firewire: net: fix use after free
    - LP: #1310783
  * mwifiex: do not advertise usb autosuspend support
    - LP: #1310783
  * NFS: Fix a delegation callback race
    - LP: #1310783
  * can: flexcan: fix shutdown: first disable chip, then all interrupts
    - LP: #1310783
  * can: flexcan: flexcan_open(): fix error path if flexcan_chip_start()
    fails
    - LP: #1310783
  * tracing: Do not add event files for modules that fail tracepoints
    - LP: #1310783
  * ocfs2: fix quota file corruption
    - LP: #1310783
  * rapidio/tsi721: fix tasklet termination in dma channel release
    - LP: #1310783
  * ALSA: usb-audio: Add quirk for Logitech Webcam C500
    - LP: #1310783
  * drm/radeon: TTM must be init with cpu-visible VRAM, v2
    - LP: #1310783
  * drm/radeon/atom: select the proper number of lanes in transmitter setup
    - LP: #1310783
  * powerpc: Align p_dyn, p_rela and p_st symbols
    - LP: #1310783
  * libata: add ATA_HORKAGE_BROKEN_FPDMA_AA quirk for Seagate Momentus
    SpinPoint M8 (2BA30001)
    - LP: #1310783
  * usb: Add device quirk for Logitech HD Pro Webcams C920 and C930e
    - LP: #1310783
  * usb: Make DELAY_INIT quirk wait 100ms between Get Configuration
    requests
    - LP: #1310783
  * ARM: 7991/1: sa1100: fix compile problem on Collie
    - LP: #1310783
  * firewire: don't use PREPARE_DELAYED_WORK
    - LP: #1310783
  * x86: Ignore NMIs that come in during early boot
    - LP: #1310783
  * x86: fix compile error due to X86_TRAP_NMI use in asm files
    - LP: #1310783
  * virtio-net: alloc big buffers also when guest can receive UFO
    - LP: #1310783
  * tg3: Don't check undefined error bits in RXBD
    - LP: #1310783
  * net: sctp: fix sctp_sf_do_5_1D_ce to verify if we/peer is AUTH capable
    - LP: #1310783
  * usb: dwc3: add support for Merrifield
    - LP: #1310783
  * mac80211: clear sequence/fragment number in QoS-null frames
    - LP: #1310783
  * mwifiex: copy AP's HT capability info correctly
    - LP: #1310783
  * net: unix socket code abuses csum_partial
    - LP: #1310783
  * ibmveth: Fix endian issues with MAC addresses
    - LP: #1310783
  * [SCSI] isci: fix reset timeout handling
    - LP: #1310783
  * [SCSI] isci: correct erroneous for_each_isci_host macro
    - LP: #1310783
  * [SCSI] qla2xxx: Poll during initialization for ISP25xx and ISP83xx
    - LP: #1310783
  * ocfs2 syncs the wrong range...
    - LP: #1310783
  * fs/proc/base.c: fix GPF in /proc/$PID/map_files
    - LP: #1310783
  * vmxnet3: fix netpoll race condition
    - LP: #1310783
  * [SCSI] storvsc: NULL pointer dereference fix
    - LP: #1310783
  * PCI: Enable INTx in pci_reenable_device() only when MSI/MSI-X not
    enabled
    - LP: #1310783
  * KVM: SVM: fix cr8 intercept window
    - LP: #1310783
  * drm/ttm: don't oops if no invalidate_caches()
    - LP: #1310783
  * vmxnet3: fix building without CONFIG_PCI_MSI
    - LP: #1310783
  * x86/amd/numa: Fix northbridge quirk to assign correct NUMA node
    - LP: #1310783
  * Btrfs: fix data corruption when reading/updating compressed extents
    - LP: #1310783
  * jiffies: Avoid undefined behavior from signed overflow
    - LP: #1310783
  * ALSA: compress: Pass through return value of open ops callback
    - LP: #1310783
  * acpi-cpufreq: set current frequency based on target P-State
    - LP: #1310783
  * hpfs: deadlock and race in directory lseek()
    - LP: #1310783
  * intel_idle: Check cpu_idle_get_driver() for NULL before dereferencing
    it.
    - LP: #1310783
  * ipc/msg: fix race around refcount
    - LP: #1310783
  * Input: synaptics - add manual min/max quirk
    - LP: #1310783
  * Input: synaptics - add manual min/max quirk for ThinkPad X240
    - LP: #1310783
  * x86: fix boot on uniprocessor systems
    - LP: #1310783
  * staging: speakup: Prefix externally-visible symbols
    - LP: #1310783
  * ext4: atomically set i