Hi! * Simon Valiquette <v.simon@ieee.org> [080912 11:14]: [ Disclaimer: I'm not a member of the security team nor of our kernel team, so I don't know any details ] >> The latest kernel related DSA (1636) only affected the 2.6.24 >> kernel shipped with Etch-and-a-half. > I can see that CVE-2008-3272 and CVE-2008-3275 had already been fixed > in DSA-1630-1, but can you confirm that the other CVE doesn't affect > 2.6.18? Well... According to http://security-tracker.debian.net/tracker/source-package/linux-2.6 it isn't. > More specifically, can someone confirm that CVE-2008-3915 doesn't affect > the 2.6.18 kernel series in Debian? If I believe this link, this bug is > not limited to 2.6.24 in Etch-and-a-half. > > http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3915 http://security-tracker.debian.net/tracker/CVE-2008-3915 list only 2.6.24 as affected. Looking your link, the first version they list is 2.6.19.4. So, yes, it pretty much looks to me, as if etch's 2.6.18 is not affected by this issue. Best Regards, Alexander
Attachment:
signature.asc
Description: Digital signature