[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA 1286-1] New Linux 2.6.18 packages fix several vulnerabilities

On Wed, 2 May 2007 23:13:30 +0200
Stefan Fritsch <sf@sfritsch.de> wrote:

> Hi,
> 
> On Mittwoch, 2. Mai 2007, Celejar wrote:
> > Dann Frazier <dannf@debian.org> wrote:
> > > Package        : linux-2.6
> > > Vulnerability  : several
> > > Problem-Type   : local/remote
> > > Debian-specific: no
> > > CVE ID         : CVE-2007-0005 CVE-2007-0958 CVE-2007-1357
> > > CVE-2007-1592
> 
> > 1) DSA 1286-1 isn't (yet) on the Debian Security page [0]. I assume
> > this means that the advisories are mailed first and subsequently
> > added to the website?
> 
> Yes.
> 
> > 2) The advisory doesn't mention unstable, but three of the four
> > CVEs affect kernels up to 2.6.21, which would include 2.6.20 in
> > unstable. Will there be an advisory mentioning unstable?
> 
> No, the fixes will just be (or already have been) uploaded to 
> unstable.
> 
> You can get more up-to-date information from the security tracker:
> 
> http://security-tracker.debian.net/tracker/CVE-2007-0005
> ...
> http://security-tracker.debian.net/tracker/status/release/unstable
> 
> The information there shows that the issues are already fixed in 
> 2.6.20-1.
> 
> Look at the debsecan package. It can notify you about security issues 
> in unstable automatically. 
> 
> Cheers,
> Stefan

Thanks very much for the information.

Celejar
--
mailmin.sourceforge.net - remote access via secure (OpenPGP) email
ssuds.sourceforge.net - A Simple Sudoku Solver and Generator
Reply to: