CVE-2010-2478, CVE-2010-2537: fixed in linux-2.6 2.6.32-19
Hi,
Due to kernel-sec repository, those two CVEs are fixed.
http://svn.debian.org/wsvn/kernel-sec/retired/CVE-2010-2478
http://svn.debian.org/wsvn/kernel-sec/retired/CVE-2010-2537
and debian/patches/bugfix/all/stable/2.6.32.17.patch was introduced
in 2.6.32-19. So, those two bugs in lenny-backports, Squeeze, Sid and
experimental are not affected now.
> squeeze 2.6.32-20 vulnerable
> lenny-backports 2.6.32-20~bpo50+1 vulnerable
> sid 2.6.32-21 vulnerable
> experimental 2.6.35-1~experimental.2 vulnerable
They won't note it to changelog, see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=594491
--
Regards,
Hideki Yamane henrich @ debian.or.jp/org
http://wiki.debian.org/HidekiYamane
Reply to: