[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#573531: drbd8-modules-2.6.26-2-amd64: Can not load drbd module

On Mon, Mar 15, 2010 at 06:50:58PM +0100, Moritz Muehlenhoff wrote:
> On 2010-03-15, dann frazier <dannf@debian.org> wrote:
> > On Mon, Mar 15, 2010 at 11:30:31AM -0400, David Miller wrote:
> >> I've also been bitten by this bug - noticed it last Friday and it  
> >> doesn't seem to be fixed this morning.
> >>
> >> Is there an ETA on a fix with packages?
> >
> > Packages are now available in the security repo (an apt-get upgrade
> > should suffice).
> >
> > I'm hoping to get a CVE ID before sending out a formal DSA.
> 
> Why? That should be covered by the CVE ID for the original connector
> security bug.

Just to make sure we're talking about the same thing...

One reason for this upload is to deal with the ABI breakage from the
kernel upload which fixed CVE-2009-3725. I agree that no additional
CVE is warranted to deal with that.

However, as part of fixing this, we discovered that drbd contains a
security issue as well. This issue is in the same class as the issues
covered by CVE-2009-3725. However, CVE-2009-3725 has an explicit list
of 4 subsystems it covers, and drbd is not one of them.

-- 
dann frazier
Reply to: