[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA 1681-1] New Linux 2.6.24 packages fix several vulnerabilities

On Thu, Dec 11, 2008 at 06:49:59PM +0000, Dominic Hargreaves wrote:
> On Thu, Dec 11, 2008 at 11:38:28AM -0700, dann frazier wrote:
> > Yes - 2.6.18 is in stable, and as such will be security supported for
> > at least another year. Minor/local DoS security issues in the kernel
> > are very frequent, so updated packages are constantly in
> > preparation. Preparing kernel updates is resource intensive so, unless
> > there's a severe issue, etch users should expect 2.6.18 and 2.6.24
> > updates to be staggered.
> Yup, that's pretty much what I expected to hear; thanks for confirming.
> May I make a suggestion that you include a comment along these lines in
> the advisory texts? It would help reassure users that things haven't been
> forgotten about greatly.

Yes, this has been a FAQ since the release of etchnhalf. I'll see
about adding something to the text template. Does this look ok?

  Debian 'etch' includes linux kernel packages based upon both the
  2.6.18 and 2.6.24 linux releases.  All known security issues are
  carefully tracked against both packages and both packages will
  receive security updates until security support for Debian 'etch'
  ceases. However, given the high frequency at which low-severity
  security issues are discovered in the kernel and the resource
  requirements of doing an update, non-critical 2.6.18 and 2.6.24
  updates will typically release in a staggered or "leap-frog"

dann frazier

Reply to: