Re: [SECURITY] [DSA 1681-1] New Linux 2.6.24 packages fix several vulnerabilities

To: Dominic Hargreaves <dom@earth.li>
Cc: debian-security@lists.debian.org
Subject: Re: [SECURITY] [DSA 1681-1] New Linux 2.6.24 packages fix several vulnerabilities
From: dann frazier <dannf@dannf.org>
Date: Thu, 11 Dec 2008 12:11:05 -0700
Message-id: <[🔎] 20081211191104.GB11905@colo.lackof.org>
In-reply-to: <[🔎] 20081211184959.GH1531@urchin.earth.li>
References: <20081204175911.GG14564@ldl.fc.hp.com> <[🔎] 20081211170652.GG1531@urchin.earth.li> <[🔎] 20081211183828.GA11905@colo.lackof.org> <[🔎] 20081211184959.GH1531@urchin.earth.li>

On Thu, Dec 11, 2008 at 06:49:59PM +0000, Dominic Hargreaves wrote:
> On Thu, Dec 11, 2008 at 11:38:28AM -0700, dann frazier wrote:
> > Yes - 2.6.18 is in stable, and as such will be security supported for
> > at least another year. Minor/local DoS security issues in the kernel
> > are very frequent, so updated packages are constantly in
> > preparation. Preparing kernel updates is resource intensive so, unless
> > there's a severe issue, etch users should expect 2.6.18 and 2.6.24
> > updates to be staggered.
> 
> Yup, that's pretty much what I expected to hear; thanks for confirming.
> 
> May I make a suggestion that you include a comment along these lines in
> the advisory texts? It would help reassure users that things haven't been
> forgotten about greatly.

Yes, this has been a FAQ since the release of etchnhalf. I'll see
about adding something to the text template. Does this look ok?

  Debian 'etch' includes linux kernel packages based upon both the
  2.6.18 and 2.6.24 linux releases.  All known security issues are
  carefully tracked against both packages and both packages will
  receive security updates until security support for Debian 'etch'
  ceases. However, given the high frequency at which low-severity
  security issues are discovered in the kernel and the resource
  requirements of doing an update, non-critical 2.6.18 and 2.6.24
  updates will typically release in a staggered or "leap-frog"
  fashion.

-- 
dann frazier

Reply to:

Follow-Ups:
- Re: [SECURITY] [DSA 1681-1] New Linux 2.6.24 packages fix several vulnerabilities
  - From: Dominic Hargreaves <dom@earth.li>
- Re: [SECURITY] [DSA 1681-1] New Linux 2.6.24 packages fix several vulnerabilities
  - From: Marcin Owsiany <porridge@debian.org>

References:
- Re: [SECURITY] [DSA 1681-1] New Linux 2.6.24 packages fix several vulnerabilities
  - From: Dominic Hargreaves <dom@earth.li>
- Re: [SECURITY] [DSA 1681-1] New Linux 2.6.24 packages fix several vulnerabilities
  - From: dann frazier <dannf@dannf.org>
- Re: [SECURITY] [DSA 1681-1] New Linux 2.6.24 packages fix several vulnerabilities
  - From: Dominic Hargreaves <dom@earth.li>

Prev by Date: Re: [SECURITY] [DSA 1681-1] New Linux 2.6.24 packages fix several vulnerabilities
Next by Date: Re: [SECURITY] [DSA 1681-1] New Linux 2.6.24 packages fix several vulnerabilities
Previous by thread: Re: [SECURITY] [DSA 1681-1] New Linux 2.6.24 packages fix several vulnerabilities
Next by thread: Re: [SECURITY] [DSA 1681-1] New Linux 2.6.24 packages fix several vulnerabilities
Index(es):
- Date
- Thread