Re: apt-get not upgrading kernel
Simon Valiquette wrote:
> Alexander Reichle-Schmehl un jour écrivit:
> >>
>>> I can see that CVE-2008-3272 and CVE-2008-3275 had already been
>>> fixed
>>> in DSA-1630-1, but can you confirm that the other CVE doesn't affect
>>> 2.6.18?
>>
>> Well... According to
>> http://security-tracker.debian.net/tracker/source-package/linux-2.6 it
>> isn't.
>>
>
> The security tracker could be wrong. While useful, I don't trust It
> blindly.
>
>>> More specifically, can someone confirm that CVE-2008-3915 doesn't
>>> affect the 2.6.18 kernel series in Debian? If I believe this link,
>>> this bug is not limited to 2.6.24 in Etch-and-a-half.
>>>
>>> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3915
>>
>> http://security-tracker.debian.net/tracker/CVE-2008-3915 list only
>> 2.6.24 as affected.
>>
>> Looking your link, the first version they list is 2.6.19.4. So, yes, it
>> pretty much looks to me, as if etch's 2.6.18 is not affected by this
>> issue.
>
> Look better: 2.6.18 is listed, but as one of the last entries. I
> don't know why It is not listed in the same order, but It is true that
> It was easy to miss It.
>
> Also, even if you would have been right, It would still be possible
> that Debian added a patch backporting the security problem (or
> hiding/fixing the bug by pure luck). Checking for that bug is not
> very difficult, but checking for this bug and all the other one can be
> very time consumming and boring, which can explain some delay.
>
>
> Simon Valiquette
>
>
Is the I-key on your keyboard locked to uppercase for some reason ?
SCNR
Reply to: