On Wed, 29 Jul 2009 16:43:10 -0400 Michael S. Gilbert wrote: > On Wed, 29 Jul 2009 22:00:46 +0200, Francesco Poli wrote: > > Hi all! > > > > I found another vulnerability in the tracker that shows up as fixed in > > lenny, and as unfixed in squeeze, despite the package version is the > > *same* in the two branches. > > > > http://security-tracker.debian.net/tracker/CVE-2009-2584 > > fixed. Thanks a lot! ;-) > i keep overlooking squeeze when i do these updates. i will > force myself to remember next time. Good! :) > > > BTW, the fix seems to be > > http://lkml.org/lkml/2009/7/20/348 > > which, IIUC, has not yet been applied to the upstream mainline kernel > > > > I haven't even found a Debian BTS bug report: should an important (?) > > bug be filed? > > the vulnerable code was introduced after 2.6.26, so only unstable's > kernel is affected. the kernel-sec team is aware and tracking the > problem, so a report is not necessary. Fair enough! Thanks for your quick reaction and reply. Bye. -- New location for my website! Update your bookmarks! http://www.inventati.org/frx ..................................................... Francesco Poli . GnuPG key fpr == C979 F34B 27CE 5CD8 DC12 31B5 78F4 279B DD6D FCF4
Attachment:
pgpUWGZroaDUo.pgp
Description: PGP signature