How up-to-date is Debian's stable release kept to fix published kernel security vulnerabilities?

To: debian-user@lists.debian.org
Subject: How up-to-date is Debian's stable release kept to fix published kernel security vulnerabilities?
From: Kelly Dean <kellydeanch@yahoo.com>
Date: Tue, 15 Feb 2011 13:46:51 -0800 (PST)
Message-id: <[🔎] 223175.89618.qm@web121518.mail.ne1.yahoo.com>

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2943 was published Sept 30, 2010, and says that Linux 2.6.32.5 is vulnerable. Squeeze uses 2.6.32-5, built on Jan 12, 2011. Is Squeeze's kernel fixed, or does it have the vulnerability?

http://security-tracker.debian.org/tracker/status/release/stable currently says that "the stable" suite has the vulnerability, and Squeeze is currently the latest stable, but the page doesn't explicitly say that Squeeze is the latest stable and has the vulnerability, and there's no timestamp on the page. The last-modified header appears to have the common bug of reporting the server's current clock time rather than the page's last modified timestamp, so that's useless too.

Did Squeeze really get released with a high-urgency remote kernel vulnerability which was published four months earlier?

Reply to:

Follow-Ups:
- Re: How up-to-date is Debian's stable release kept to fix published kernel security vulnerabilities?
  - From: Johan Grönqvist <johan.gronqvist@gmail.com>
- Re: How up-to-date is Debian's stable release kept to fix published kernel security vulnerabilities?
  - From: Liam O'Toole <liam.p.otoole@gmail.com>

Prev by Date: Re: Middle button copy/paste
Next by Date: Re: hyperlatex for squeeze
Previous by thread: Re: hi,everyone! can someone give some suggestion for install debian in macbook pro 6.2?
Next by thread: Re: How up-to-date is Debian's stable release kept to fix published kernel security vulnerabilities?
Index(es):
- Date
- Thread