Linux 2.6 update for Etch

To: debian-security@lists.debian.org
Subject: Linux 2.6 update for Etch
From: Peter Pentchev <roam@ringlet.net>
Date: Thu, 18 Feb 2010 14:53:14 +0200
Message-id: <20100218125314.GA11434@straylight.m.ringlet.net>

Hi,

First of all, apologies if this is sent to the wrong list, or if this
information is already available somewhere; also, I'm aware that
security support for Debian Etch ended a couple of days ago.

In the recent DSA-1996-1 for the linux-2.6 package vulnerabilities,
there was the following sentence:

  For the oldstable distribution (etch), these problems, where
  applicable, will be fixed in updates to linux-2.6 and linux-2.6.24.

Now, since we several servers that we are currently in the process of
migrating to Lenny, but the migration will not be complete for at
least several more weeks (and yes, I know this is our own fault :),
I'd just like to ask if there's any timeframe on when the Etch
updates for the linux-2.6 package shall be released - without meaning
to hurry anybody or to be pushy or something; I'm quite aware of
all the work that goes into maintaining security updates across
multiple versions of multiple packages on ooooold distributions,
and the security team has my sincere thanks and condolences for all
the work they have to do so we can sleep soundly :)

Or maybe I'm missing something and the Etch update has already been
released?  But the only updated package I can see at
http://security.debian.org/pool/updates/main/l/ is the "latest" one -
linux-latest-2.6_6etch3; but from what I can see, it builds
the linux-image-2.6-amd64_2.6.18+6etch3 package, which just depends on
linux-image-2.6.18-6-amd64 (the actual kernel), and the actual kernel
at http://security.debian.org/pool/updates/main/l/linux-2.6/ seems
to still be at version 2.6.18.dfsg.1-26etch1 from November 5, 2009.

Am I missing something, or is it just a question of manpower and time?
If the latter, sorry if this mail comes through as pushy - it's really
not meant to be!

Again, thanks to the security team for all their hard work!
Please CC me on replies, since I'm not subscribed to this list.

G'luck,
Peter

-- 
Peter Pentchev	roam@ringlet.net    roam@cnsys.bg    roam@FreeBSD.org
PGP key:	http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint	2EE7 A7A5 17FC 124C F115  C354 651E EFB0 2527 DF13
This sentence contradicts itself - or rather - well, no, actually it doesn't!

Attachment: pgp39blWQ71BZ.pgp
Description: PGP signature

Reply to:

Follow-Ups:
- Re: Linux 2.6 update for Etch
  - From: Michael Gilbert <michael.s.gilbert@gmail.com>

Prev by Date: Re: [SECURITY] [DSA-1997-1] New mysql-dfsg-5.0 packages fix several vulnerabilities
Next by Date: www.debian.org/security/ does not know about kernel update??
Previous by thread: Re: [SECURITY] [DSA-1997-1] New mysql-dfsg-5.0 packages fix several vulnerabilities
Next by thread: Re: Linux 2.6 update for Etch
Index(es):
- Date
- Thread