Re: dbus for LTS
On Thu, Jul 10, 2014 at 08:06:02PM +0200, Thorsten Alteholz wrote:
> Hi,
>
> according to the security tracker there are three CVEs[1] for dbus which
> shall all affect Squeeze (DSA-2971-1).
>
> As far as I understand CVE-2014-3532 is for kernels above 2.6.37-rc4 but
> only 2.6.32 is in Squeeze.
Ack. I think it's fine to mark it as not-affected (and even when running a more
recent kernel it's a minor issue anyway)
> The code that will be patched for CVE-2014-3533 is not available in
> Squeeze.
Ack.
> So only CVE-2014-3477 remains which is marked as no-dsa.
>
> Can somebody please confirm this?
Ack, this can be dropped from lts-needed.
Cheers,
Moritz
Reply to: