Re: dbus for LTS

To: Thorsten Alteholz <alteholz@debian.org>
Cc: debian-lts@lists.debian.org
Subject: Re: dbus for LTS
From: Moritz Muehlenhoff <jmm@inutil.org>
Date: Fri, 11 Jul 2014 08:23:37 +0200
Message-id: <[🔎] 20140711062337.GA17860@inutil.org>
In-reply-to: <[🔎] alpine.DEB.2.02.1407101951140.14182@jupiter.server.alteholz.net>
References: <[🔎] alpine.DEB.2.02.1407101951140.14182@jupiter.server.alteholz.net>

On Thu, Jul 10, 2014 at 08:06:02PM +0200, Thorsten Alteholz wrote:
> Hi,
>
> according to the security tracker there are three CVEs[1] for dbus which  
> shall all affect Squeeze (DSA-2971-1).
>
> As far as I understand CVE-2014-3532 is for kernels above 2.6.37-rc4 but  
> only 2.6.32 is in Squeeze.

Ack. I think it's fine to mark it as not-affected (and even when running a more
recent kernel it's a minor issue anyway)

> The code that will be patched for CVE-2014-3533 is not available in  
> Squeeze.

Ack.

> So only CVE-2014-3477 remains which is marked as no-dsa.
>
> Can somebody please confirm this?

Ack, this can be dropped from lts-needed.

Cheers,
        Moritz

Reply to:

References:
- dbus for LTS
  - From: Thorsten Alteholz <alteholz@debian.org>

Prev by Date: dbus for LTS
Next by Date: Interest in ia32-libs for squeeze-lts
Previous by thread: dbus for LTS
Next by thread: Interest in ia32-libs for squeeze-lts
Index(es):
- Date
- Thread