Re: CVE-2010-2478, CVE-2010-2537: fixed in linux-2.6 2.6.32-19

To: Hideki Yamane <henrich@debian.or.jp>
Cc: debian-security-tracker@lists.debian.org
Subject: Re: CVE-2010-2478, CVE-2010-2537: fixed in linux-2.6 2.6.32-19
From: Moritz Muehlenhoff <jmm@inutil.org>
Date: Wed, 1 Sep 2010 18:57:35 +0200
Message-id: <[🔎] 20100901165735.GA2564@galadriel.inutil.org>
In-reply-to: <[🔎] 20100902000150.bf18e9e0.henrich@debian.or.jp>
References: <[🔎] 20100902000150.bf18e9e0.henrich@debian.or.jp>

On Thu, Sep 02, 2010 at 12:01:50AM +0900, Hideki Yamane wrote:
> Hi,
> 
>  Due to kernel-sec repository, those two CVEs are fixed.
>  http://svn.debian.org/wsvn/kernel-sec/retired/CVE-2010-2478
>  http://svn.debian.org/wsvn/kernel-sec/retired/CVE-2010-2537
> 
>  and debian/patches/bugfix/all/stable/2.6.32.17.patch was introduced 
>  in 2.6.32-19. So, those two bugs in lenny-backports, Squeeze, Sid and 
>  experimental  are not affected now.
> 
> > squeeze	2.6.32-20	vulnerable
> > lenny-backports	2.6.32-20~bpo50+1	vulnerable
> > sid	2.6.32-21	vulnerable
> > experimental	2.6.35-1~experimental.2	vulnerable
> 
>  They won't note it to changelog, see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=594491

Thanks, I've modified the Security Tracker.

If you want to have direct access to the Tracker, please see
http://security-tracker.debian.org/tracker/data/report and request
access to the Alioth project.

Cheers,
        Moritz

Reply to:

Follow-Ups:
- Re: CVE-2010-2478, CVE-2010-2537: fixed in linux-2.6 2.6.32-19
  - From: Hideki Yamane <henrich@debian.or.jp>

References:
- CVE-2010-2478, CVE-2010-2537: fixed in linux-2.6 2.6.32-19
  - From: Hideki Yamane <henrich@debian.or.jp>

Prev by Date: CVE-2010-2478, CVE-2010-2537: fixed in linux-2.6 2.6.32-19
Next by Date: icedove: security issue - already fixed?
Previous by thread: CVE-2010-2478, CVE-2010-2537: fixed in linux-2.6 2.6.32-19
Next by thread: Re: CVE-2010-2478, CVE-2010-2537: fixed in linux-2.6 2.6.32-19
Index(es):
- Date
- Thread