[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#834327: jessie-pu: package gnupg2/2.0.26-6+deb8u1



Aurelien Jarno <aurelien@aurel32.net> schrieb:
> On 2016-08-14 16:00, Salvatore Bonaccorso wrote:
>> Package: release.debian.org
>> Severity: normal
>> Tags: jessie
>> User: release.debian.org@packages.debian.org
>> Usertags: pu
>> 
>> Dear SRM
>> 
>> I would like to propose the following hardening to src:gnupg2 which was
>> found during the analysis of a vulnerability report to the security team
>> and related to
>> https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_razavi.pdf
>> and developed by NIIBE Yutaka. The underlying problem in hardware cannot
>> be solved in software (and thus we don't want to issue a DSA for it, and
>> give possibly this false impression), and as pointed out by Florian
>
> I wonder if it would be a good idea to release an announcement without
> any software change recommending people to not enable KSM on their
> hosts?

I think a NEWS file for the kernel would be best?

Cheers,
        Moritz


Reply to: