Package: src:linux Version: 4.9.110-1~deb8u1 Severity: grave Tags: newcomer
Dear Maintainer, On august 6th DSA-4266-1 linux was announced (https://www.debian.org/security/2018/dsa-4266.en.html). However, source package linux-4.9 (debian oldstable, jessie) is not included in the overview for CVE-2018-5390 (https://security-tracker.debian.org/tracker/CVE-2018-5390). On august 8th an updated kernel package was published for affected distributions with linux kernel 4.9+ (debian stable, stretch). On debian jessie I can only install up to 4.9.0-0.bpo.7-amd64 (4.9.110-1~deb8u1), which, as far as I can tell, should be affected by CVE-2018-5390 as well. As of today there does not seem to be any update regarding this CVE with respect to linux-4.9 on debian oldstable (jessie). Can I conclude linux-4.9 on debian oldstable is not affected, or will there be an update for this package as well? Thanks in advance, Gerlof Fokkema -- Package-specific info: ** Kernel log: boot messages should be attached ** Model information sys_vendor: Supermicro product_name: X8DTU product_version: 1234567890 chassis_vendor: Supermicro chassis_version: 1234567890 bios_vendor: American Megatrends Inc. bios_version: 2.1c board_vendor: Supermicro board_name: X8DTU board_version: 1234567890 -- System Information: Debian Release: 8.10 APT prefers oldstable-updates APT policy: (500, 'oldstable-updates'), (500, 'oldstable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-0.bpo.7-amd64 (SMP w/16 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages linux-image-4.9.0-0.bpo.7-amd64 depends on: ii initramfs-tools [linux-initramfs-tool] 0.120+deb8u3 ii kmod 18-3 ii linux-base 4.3~bpo8+1 Versions of packages linux-image-4.9.0-0.bpo.7-amd64 recommends: ii firmware-linux-free 3.3 ii irqbalance 1.1.0-2~bpo8+1 Versions of packages linux-image-4.9.0-0.bpo.7-amd64 suggests: pn debian-kernel-handbook <none> ii grub-pc 2.02~beta2-22+deb8u1 pn linux-doc-4.9 <none> Versions of packages linux-image-4.9.0-0.bpo.7-amd64 is related to: pn firmware-amd-graphics <none> pn firmware-atheros <none> pn firmware-bnx2 <none> pn firmware-bnx2x <none> pn firmware-brcm80211 <none> pn firmware-cavium <none> pn firmware-intel-sound <none> pn firmware-intelwimax <none> pn firmware-ipw2x00 <none> pn firmware-ivtv <none> pn firmware-iwlwifi <none> pn firmware-libertas <none> pn firmware-linux-nonfree <none> pn firmware-misc-nonfree <none> pn firmware-myricom <none> pn firmware-netxen <none> pn firmware-qlogic <none> pn firmware-realtek <none> pn firmware-samsung <none> pn firmware-siano <none> pn firmware-ti-connectivity <none> pn xen-hypervisor <none> -- no debconf information
