Re: kernel security bug #307900

To: debian-devel@lists.debian.org
Subject: Re: kernel security bug #307900
From: Hamish Moffatt <hamish@debian.org>
Date: Sun, 5 Jun 2005 16:37:00 +1000
Message-id: <[🔎] 20050605063700.GA24752@cloud.net.au>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] sa4r7fhbl0w.fsf@snoopy.microcomaustralia.com.au>
References: <[🔎] sa4r7fhbl0w.fsf@snoopy.microcomaustralia.com.au>

On Sun, Jun 05, 2005 at 12:22:07PM +1000, Brian May wrote:
> As far as I can tell from reading the bug report, the bug has not been
> fixed in sarge, will not be fixed for the release, but the bug has
> been closed.
> 
> Have we come to the point where making a release is more important
> then fixing known security bugs?
> 
> Does this mean people who want secure pre-compiled kernels have to
> resort to unstable until the issue is fixed?

woody's kernels are vulnerable to CAN-2004-1235, a uselib() race
condition. The bug became public in January. I emailed team@security.d.o
after I got hacked last month, but there was no reply.


Hamish
-- 
Hamish Moffatt VK3SB <hamish@debian.org> <hamish@cloud.net.au>

Reply to:

References:
- kernel security bug #307900
  - From: Brian May <bam@debian.org>

Prev by Date: Re: Is Ubuntu a debian derivative or is it a fork?
Next by Date: Re: Is Ubuntu a debian derivative or is it a fork?
Previous by thread: kernel security bug #307900
Next by thread: Re: kernel security bug #307900
Index(es):
- Date
- Thread