CVE-2010-2478, CVE-2010-2537: fixed in linux-2.6 2.6.32-19

To: debian-security-tracker@lists.debian.org
Cc: henrich@debian.or.jp
Subject: CVE-2010-2478, CVE-2010-2537: fixed in linux-2.6 2.6.32-19
From: Hideki Yamane <henrich@debian.or.jp>
Date: Thu, 2 Sep 2010 00:01:50 +0900
Message-id: <[🔎] 20100902000150.bf18e9e0.henrich@debian.or.jp>

Hi,

 Due to kernel-sec repository, those two CVEs are fixed.
 http://svn.debian.org/wsvn/kernel-sec/retired/CVE-2010-2478
 http://svn.debian.org/wsvn/kernel-sec/retired/CVE-2010-2537

 and debian/patches/bugfix/all/stable/2.6.32.17.patch was introduced 
 in 2.6.32-19. So, those two bugs in lenny-backports, Squeeze, Sid and 
 experimental  are not affected now.

> squeeze	2.6.32-20	vulnerable
> lenny-backports	2.6.32-20~bpo50+1	vulnerable
> sid	2.6.32-21	vulnerable
> experimental	2.6.35-1~experimental.2	vulnerable

 They won't note it to changelog, see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=594491


-- 
Regards,

 Hideki Yamane     henrich @ debian.or.jp/org
 http://wiki.debian.org/HidekiYamane

Reply to:

Follow-Ups:
- Re: CVE-2010-2478, CVE-2010-2537: fixed in linux-2.6 2.6.32-19
  - From: Moritz Muehlenhoff <jmm@inutil.org>

Next by Date: Re: CVE-2010-2478, CVE-2010-2537: fixed in linux-2.6 2.6.32-19
Next by thread: Re: CVE-2010-2478, CVE-2010-2537: fixed in linux-2.6 2.6.32-19
Index(es):
- Date
- Thread