Re: status of getting security fixes into sarge

To: debian-release@lists.debian.org
Cc: debian-kernel@lists.debian.org
Subject: Re: status of getting security fixes into sarge
From: Moritz Muehlenhoff <jmm@inutil.org>
Date: Mon, 13 Dec 2004 19:07:31 +0100
Message-id: <[🔎] E1Cdubb-0001n5-Gu@localhost.localdomain>
In-reply-to: <[🔎] 20041209212012.GA3607@kitenet.net>
References: <[🔎] 20041209212012.GA3607@kitenet.net>

[Cc'ing debian-kernel for clarification]

Joey Hess wrote:
> Here are the ones the testing security team is currently tracking
> that are fixed in unstable but don't yet have a fix in sarge, plus a few
> others of interest:

It seems as if the local DoS in the a.out loader (only exploitable when
VM memory overcommitment is turned on) is still unfixed in kernel-source-
2.6.8:
The changelog for 2.6.8-9 mentions another unrelated elf/a.out vulnarability,
but I can't find the proposed patch by Chris Wright in the diff.gz, so maybe
this has slipped through until now or fixed in a different way, I don't know:
http://marc.theaimsgroup.com/?l=linux-kernel&m=110023019006886&w=2

Cheers,
        Moritz

Reply to:

References:
- status of getting security fixes into sarge
  - From: Joey Hess <joeyh@debian.org>

Prev by Date: Re: status of getting security fixes into sarge
Next by Date: Re: Hint for mozilla-thunderbird/0.9-6
Previous by thread: Re: status of getting security fixes into sarge
Next by thread: Re: status of getting security fixes into sarge
Index(es):
- Date
- Thread