Re: kernel security bug #307900
>>>>> "Steve" == Steve Langasek <vorlon@debian.org> writes:
Steve> kernel-image packages built against 2.6.8-16 are available
Steve> in sarge for the past week or so for i386, alpha, and ia64.
[...]
Steve> In light of the announcement at the beginning of May that
Steve> sarge is security-supported, I think it would be a good
Steve> idea for any DSAs issued over these holes to include
Steve> mention of the relevant kernel versions for i386 etc., so
Steve> that users who have upgraded earlier know that they need to
Steve> upgrade and reboot.
I think it would also be a good idea if the change log in the
kernel-image package could mention any DSAs fixed...
The changelog I have says:
--- cut ---
kernel-image-2.6.8-i386 (2.6.8-16) unstable; urgency=low
* Fix up AMD descriptions to include CPU name.
Thanks to J. Grant. (Simon Horman)
* Removed "for those who want the latest ..." from header
package descriptons as this is what packages from
kernel-latest-2.6-i386 do. (Simon Horman)
* Build against kernel-tree-2.6.8-16. (Simon Horman)
* Add myself as an uploader. (Simon Horman)
-- Simon Horman <horms@debian.org> Thu, 19 May 2005 16:52:19 +0900
kernel-image-2.6.8-i386 (2.6.8-15) unstable; urgency=high
* Build against 2.6.8-15.
-- Andres Salomon <dilinger@debian.org> Tue, 22 Mar 2005 12:39:59 -0500
--- cut ---
This still leaves me confused if it fixed the problem or not.
I guess I am expected to cross reference this with the changelog of
the kernel-source package.
What is the "kernel-tree-2.6.8-16" package? Or is this an abbreviation
for "kernel-tree-2.6.8" version "2.6.8-16"? Does this imply
"kernel-source version 2.6.8-16"?
Again, I think it would be much quicker, easier, and less prone to
errors if the DSAs where mentioned in the relevant kernel-image-change
too.
--
Brian May <bam@debian.org>
Reply to: