Re: working for wheezy-security until wheezy-lts starts
Antoine Beaupré <anarcat@orangeseeds.org> writes:
> I am not aware of any such tool. How did you do the following comparison
> - by hand?
Yes, I did.
What I imagine is having same tool that will look at an input file
(e.g. debian/changelog) and find everything that looks like a CVE, and
then compare against distribution X in
https://security-tracker.debian.org/tracker/CVE-2015-8104
Of course, might be worth waiting to see what happens to CVEs first.
>> Not fixed in backported Ubuntu precise version 4.1.6.1-0ubuntu0.12.04.10:
>> - CVE-2014-5146 (marked No DSA)
>> - CVE-2014-5149 (marked No DSA)
>> - CVE-2014-8104 (marked vulnerable; description says "Linux kernel
>> through 4.2.6" not sure if this means it is fixed or broken by 4.2.6)
>> - CVE-2014-8341 (marked No DSA)
>
> 2014-8104 is probably a typo, as it concerns OpenVPN according to the
> security tracker. You probably mean CVE-2015-8104...
Yes, that looks like a typo. Thanks for the correction.
> That is an impressive list, and it does seem like we should merge our
> efforts with Ubuntu here!
Agreed.
--
Brian May <bam@debian.org>
Reply to: