Bug#438325: [etch] linux-image-2.6-* still depends on vulnerable kernel image linux-image-2.6.18-4-*
Package: linux-image-2.6-686
Version: 2.6.18+6
Severity: important
Justification: prevents automated security related kernel updates
(also affects linux-image-2.6-* for i386/amd64, can't tell for other archs)
Hi, I just received [DSA 1356-1] via the DSA mailing list and also got
linux-source-2.6.18 (version 2.6.18.dfsg.1-13etch1) downloaded via cron-apt,
but was wondering why cron-apt hadn't also downloaded a newer
linux-image-package.
Checking the available packages, I noticed that linux-image-2.6.18-5-686
(version 2.6.18.dfsg.1-13etch1) is available and immediatley upgraded to it.
Unfortunately, all available meta-packages linux-image-2.6-* still depend on
linux-image-2.6.18-4-* instead of linux-image-2.6.18-5-* and therefore
prevent non-manual upgrades.
If this isn't intended for reasons unkown to me, I propose the
linux-image-2.6-*-packages should also be updated.
Cheers.
Reply to: