Hi, I think it would be a good idea to get a DTSA (Debian Testing Security Advisory) issued for 2.4.27 and 2.6.8. 2.4.27-11 is already in testing, but the number of security bugs fixed in this version is significant: there are 9 CAN numbers for 2.4.27-11[1]; and 4 other security patches that do not have CVE entries[2]. It seems that it would be a good idea to do an advisory to alert people that these security holes have been fixed and that they need to upgrade and reboot if they haven't already 2.6.8 is scheduled to be removed from sid, and consequentially in testing as well, however it may be good to do an advisory to alert those who are running 2.6.8 to upgrade to linux-2.6 (2.6.12) as the kernel they are running is not being supported (and the transition is not super obvious) and the number of security holes for the version in testing (2.6.8-16) adds up to a whopping 13 CAN numbers[3] and 21 other security patches[4]. Neither of these advisories is a typical DTSA, as we normally we only do advisories for things that are blocked from reaching testing by some other issue, but I think that it would be good to do these two advisories because of the sheer number of security holes fixed as well as the necessary upgrade path that people need to take if they wish to maintain the integrity of their machines. I have begun the work to prepare this advisory for release, we basically need 2.6.8 to leave the archvie and the 2.6.12 packages to enter testing before the 2.6.8 DTSA can be released. The DTSA would just list the normal testing repositories for the upgrade (rather than the secure-testing repositories). Micah 1. CAN-2005-2458, CAN-2005-2459, CAN-2005-1767, CAN-2005-2456, CAN-2005-1768, CAN-2005-0756 CAN-2005-0757, CAN-2005-1762, CAN-2005-1768 2. 184_arch-x86_64-ia32-ptrace32-oops.diff, 174_net-ipv4-netfilter-nat-mem.diff, 178_fs_ext2_ext3_xattr-sharing.diff, 179_net-ipv4-netfilter-ip_recent-last_pkts.diff 3. CAN-2005-1763, CAN-2005-1762, CAN-2005-0756, CAN-2005-1265, CAN-2005-0757, CAN-2005-1765, CAN-2005-1761, CAN-2005-2456, CAN-2005-2548, CAN-2004-2302, CAN-2005-1767, CAN-2005-2458, CAN-2005-2459 4. mckinley_icache.dpatch, arch-x86_64-kernel-smp-boot-race.dpatch, arch-x86_64-mm-ioremap-page-lookup.dpatch, fs-exec-ptrace-core-exec-race.dpatch, fs-exec-ptrace-deadlock.dpatch, fs-exec-posix-timers-leak-1.dpatch, fs-exec-posix-timers-leak-2.dpatch, fs-hfs-oops-and-leak.dpatch, net-bridge-netfilter-etables-smp-race.dpatch, net-bridge-forwarding-poison-2.dpatch, net-rose-ndigis-verify.dpatch, sound-usb-usbaudio-unplug-oops.dpatch, net-ipv4-ipvs-conn_tab-race.dpatch, arch-ia64-ptrace-getregs-putregs.dpatch, ppc32-time_offset-misuse.dpatch, netfilter-NAT-memory-corruption.dpatch, netfilter-ip_conntrack_untracked-refcount.dpatch, sys_get_thread_area-leak.dpatch, fs_ext2_ext3_xattr-sharing.dpatch, net-ipv4-netfilter-ip_recent-last_pkts.dpatch, arch-x86_64-mm-ioremap-page-lookup-fix.dpatch
Attachment:
signature.asc
Description: Digital signature