commit b8ba0a6f58e67c059c323a0896949a41befd0003
Author: Greg Kroah-Hartman <gregkh@suse.de>
Date:   Fri Nov 16 10:14:27 2007 -0800

    Linux 2.6.23.8

commit 36ef66c5d137b9a31fd8c35d236fb9e26ef74f97
Author: Roland McGrath <roland@redhat.com>
Date:   Tue Nov 13 22:11:50 2007 -0800

    wait_task_stopped: Check p->exit_state instead of TASK_TRACED (CVE-2007-5500)
    
    patch a3474224e6a01924be40a8255636ea5522c1023a in mainline
    
    The original meaning of the old test (p->state > TASK_STOPPED) was
    "not dead", since it was before TASK_TRACED existed and before the
    state/exit_state split.  It was a wrong correction in commit
    14bf01bb0599c89fc7f426d20353b76e12555308 to make this test for
    TASK_TRACED instead.  It should have been changed when TASK_TRACED
    was introducted and again when exit_state was introduced.
    
    Signed-off-by: Roland McGrath <roland@redhat.com>
    Cc: Oleg Nesterov <oleg@tv-sign.ru>
    Cc: Alexey Dobriyan <adobriyan@sw.ru>
    Cc: Kees Cook <kees@ubuntu.com>
    Acked-by: Scott James Remnant <scott@ubuntu.com>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

commit b0f08ee5e5b8dfc3a875a41c24db878373274799
Author: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
Date:   Wed Nov 14 15:47:18 2007 -0800

    TCP: Make sure write_queue_from does not begin with NULL ptr (CVE-2007-5501)
    
    patch 96a2d41a3e495734b63bff4e5dd0112741b93b38 in mainline.
    
    NULL ptr can be returned from tcp_write_queue_head to cached_skb
    and then assigned to skb if packets_out was zero. Without this,
    system is vulnerable to a carefully crafted ACKs which obviously
    is remotely triggerable.
    
    Besides, there's very little that needs to be done in sacktag
    if there weren't any packets outstanding, just skipping the rest
    doesn't hurt.
    
    Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
    Signed-off-by: David S. Miller <davem@davemloft.net>