Re: DSA-1653-1 vs. tracker
* Francesco Poli <frx@firenze.linux.it> [2008-10-15 22:05:59 CEST]:
> DSA-1653-1 [1] has been recently issued and a corresponding tracker
> page [2] was added.
>
> However, it seems that there's an inconsistency between the
> DSA and the tracker.
>
> The DSA [1] claims that all the CVEs are fixed in etch by
> linux-2.6/2.6.18.dfsg.1-22etch3, while the tracker page for
> CVE-2008-3276 [3] claims that etch is still vulnerable.
For completeness, CVE-2008-3525 lists linux-2.6.24 as unfixed, too.
Thanks,
Rhonda
Reply to: