Re: [SECURITY] [DSA 1286-1] New Linux 2.6.18 packages fix several vulnerabilities
Hi,
On Mittwoch, 2. Mai 2007, Celejar wrote:
> Dann Frazier <dannf@debian.org> wrote:
> > Package : linux-2.6
> > Vulnerability : several
> > Problem-Type : local/remote
> > Debian-specific: no
> > CVE ID : CVE-2007-0005 CVE-2007-0958 CVE-2007-1357
> > CVE-2007-1592
> 1) DSA 1286-1 isn't (yet) on the Debian Security page [0]. I assume
> this means that the advisories are mailed first and subsequently
> added to the website?
Yes.
> 2) The advisory doesn't mention unstable, but three of the four
> CVEs affect kernels up to 2.6.21, which would include 2.6.20 in
> unstable. Will there be an advisory mentioning unstable?
No, the fixes will just be (or already have been) uploaded to
unstable.
You can get more up-to-date information from the security tracker:
http://security-tracker.debian.net/tracker/CVE-2007-0005
...
http://security-tracker.debian.net/tracker/status/release/unstable
The information there shows that the issues are already fixed in
2.6.20-1.
Look at the debsecan package. It can notify you about security issues
in unstable automatically.
Cheers,
Stefan
Reply to: