Re: Please clarifiy: kernel-sources / ptracebug / debian security announcenments
Am Mit, 2003-05-07 um 17.05 schrieb Adrian 'Dagurashibanipal' von
Bidder:
> On Wednesday 07 May 2003 14:53, Peter Holm wrote:
>
> > The actual kernel sources that one can get via apt-get, are they
> > already patched?
kernel-source-2.4.20 in unstable is patched.
> I fear there's no such place. The security announcements are only made when a
> fixed package is released, and to my knowledge there is no centralized debian
> specific place to get security announcements for security bugs where no patch
> is (yet) available.
I am not quite sure how much the security team feels responsible for the
kernel. The ptrace bug is not the only problem as there are other
security problems (for example in the netfilter code) that have never
been fixed in stable.
Additionally, often patches are only available for current kernel
versions, but not for older ones that are all available within woody.
How far back must patches be backported?
Is there a clear policy about this issue?
Sebastian
Reply to: