[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#254325: kernel-source-2.4.22: DoS in OSS Sound Blaster Driver (CAN-2004-0178)

On Mon, Jun 14, 2004 at 09:43:12AM -0700, Matt Zimmerman wrote:
> On Mon, Jun 14, 2004 at 05:32:07PM +0100, Martin Michlmayr wrote:
> > * Matt Zimmerman <mdz@debian.org> [2004-06-14 08:46]:
> > > debian-kernel: Can we remove kernel-source-2.4.22 from sid yet?
> > 
> > It has been removed from sid at the end of May.

Sorry, I was a bit remiss in checking up to see if 2.4.22 had been
removed or not. Obviously there is no point in applying these patches
to a non-existent package.

> OK, so there is no point in keeping these bugs around.  If they still apply
> to modern kernels, they should be reassigned.  If any of them apply to woody
> kernels, that subset should be forwarded to the security team.

I tried to add the sid tag to the bugs which only effect kernels
in sid, and ommitt it otherwise. In otherwords, for woody, look into the ones
that don't have the sid tag.

I have a couple of questions about the kernel packages.

1. If Herbet is no longer the maintainer, who is?

2. Am I currect in thinking that sid currently has the
   following kernel-source packages, no more, no less?

   2.4: 2.4.20, 2.4.24, 2.4.2, 2.4.26
   2.6: 2.6.5, 2.6.6

3. Are there any plans to remove any of these packages in the near

4. What packages are going to be included in sid?

   My understanding is that for woody, basically each architecture
   has one supported kernel-source tree, with the possibly addition
   of some specialised trees. From memory this is 2.4.18 or 
   2.4.17 depending on the architecture. Is something similar planned
   for sid?

5. Is there a mailing list / web page / whatever that outlines
   what kernels are currently available in what distribution,
   which are planned for removal, etc...

6. Does anyone check the CVEs and other vendor's updated kernel
   package advisories as they come out to make sure that the
   debian packages are up to date?

7. Is there any value in me refiling these bugs, and possibly other
   of a similar vein, against other kernel-source packages.
   And if so, which ones?

I am quite willing to help out, please point me in the right direction.


Reply to: