Re: CVEs for linux-2.6

To: debian-security-tracker@lists.debian.org
Subject: Re: CVEs for linux-2.6
From: Michael Gilbert <michael.s.gilbert@gmail.com>
Date: Mon, 16 Nov 2009 16:33:41 -0500
Message-id: <[🔎] 20091116163341.dcd31be6.michael.s.gilbert@gmail.com>
In-reply-to: <[🔎] 20091116222152.e969fe72.frx@firenze.linux.it>
References: <[🔎] 20091116210753.c404d413.frx@firenze.linux.it> <[🔎] 20091116161012.5fda9bd2.michael.s.gilbert@gmail.com> <[🔎] 20091116222152.e969fe72.frx@firenze.linux.it>

On Mon, 16 Nov 2009 22:21:52 +0100, Francesco Poli wrote:
> On Mon, 16 Nov 2009 16:10:12 -0500 Michael Gilbert wrote:
> 
> > On Mon, 16 Nov 2009 21:07:53 +0100, Francesco Poli wrote:
> [...]
> > > it may be *suspected* that
> > > 
> > > http://security-tracker.debian.org/tracker/CVE-2009-2584
> [...]
> > > should be fixed in both squeeze and sid
> [...]
> > often, the cve texts are not trustworthy.
> 
> Yes, I am aware of this issue: that's why I said *suspected*!   ;-)
> 
> > however, in these case, i've
> > checked the patches, and the texts are correct.
> 
> Great!  :-)
> 
> > i have thus updated
> > the tracker.  thanks for catching these inconsistencies.
> 
> Thanks to you for updating the tracker!  :)
> 
> It seems that CVE-2009-2584 is still inconsistent, though.
> Could you please fix that, as well?

ok, so the cve text is actually wrong for that one.  it was never fixed
in the 2.6.30 series, but it has been fixed in 2.6.31.6.

mike

Reply to:

Follow-Ups:
- Re: CVEs for linux-2.6
  - From: Francesco Poli <frx@firenze.linux.it>

References:
- CVEs for linux-2.6
  - From: Francesco Poli <frx@firenze.linux.it>
- Re: CVEs for linux-2.6
  - From: Michael Gilbert <michael.s.gilbert@gmail.com>
- Re: CVEs for linux-2.6
  - From: Francesco Poli <frx@firenze.linux.it>

Prev by Date: Re: CVEs for linux-2.6
Next by Date: Re: CVEs for linux-2.6
Previous by thread: Re: CVEs for linux-2.6
Next by thread: Re: CVEs for linux-2.6
Index(es):
- Date
- Thread