Re: CVEs for linux-2.6
On Mon, 16 Nov 2009 21:07:53 +0100, Francesco Poli wrote:
> Hi everyone!
>
> According to changelogs,
> squeeze linux-2.6/2.6.30-8 is based on upstream stable release 2.6.30.8
> and sid linux-2.6/2.6.31-2 is based on upstream stable release 2.6.31.6
>
> Taking these assumptions into account, if we look at CVE descriptions,
> it may be *suspected* that
>
> http://security-tracker.debian.org/tracker/CVE-2009-2584
> http://security-tracker.debian.org/tracker/CVE-2009-2691
> http://security-tracker.debian.org/tracker/CVE-2009-2848
> should be fixed in both squeeze and sid
>
> while
>
> http://security-tracker.debian.org/tracker/CVE-2009-3621
> should be fixed in sid
often, the cve texts are not trustworthy. however, in these case, i've
checked the patches, and the texts are correct. i have thus updated
the tracker. thanks for catching these inconsistencies.
mike
Reply to: