[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: kernel security bug #307900

On Sun, Jun 05, 2005 at 12:22:07PM +1000, Brian May wrote:
> As far as I can tell from reading the bug report, the bug has not been
> fixed in sarge, will not be fixed for the release, but the bug has
> been closed.
> Have we come to the point where making a release is more important
> then fixing known security bugs?
> Does this mean people who want secure pre-compiled kernels have to
> resort to unstable until the issue is fixed?

woody's kernels are vulnerable to CAN-2004-1235, a uselib() race
condition. The bug became public in January. I emailed team@security.d.o
after I got hacked last month, but there was no reply.

Hamish Moffatt VK3SB <hamish@debian.org> <hamish@cloud.net.au>

Reply to: