> The DSA [1] claims that all the CVEs are fixed in etch by > linux-2.6.24/2.6.24-6~etchnhalf.7, while the tracker pages for > CVE-2008-5134 [3] and CVE-2008-5182 [4] claim that etch is still vulnerable. Fixed. Cheers, Moritz