Re: kernel security bug #307900
On Sun, Jun 05, 2005 at 12:22:07PM +1000, Brian May wrote:
> As far as I can tell from reading the bug report, the bug has not been
> fixed in sarge, will not be fixed for the release, but the bug has
> been closed.
>
> Have we come to the point where making a release is more important
> then fixing known security bugs?
>
> Does this mean people who want secure pre-compiled kernels have to
> resort to unstable until the issue is fixed?
woody's kernels are vulnerable to CAN-2004-1235, a uselib() race
condition. The bug became public in January. I emailed team@security.d.o
after I got hacked last month, but there was no reply.
Hamish
--
Hamish Moffatt VK3SB <hamish@debian.org> <hamish@cloud.net.au>
Reply to: