On Sat, 3 Jan 2004 11:16:26 +0100, Maurizio Lemmo wrote: >On sabato 03 gennaio 2004, alle 05:26, Nick Boyce wrote: >> I'd be grateful if someone could please try to deconfuse me about what >> the current stable kernel 2.4.18 source package is .. >> >> DSA 403-1 (http://www.debian.org/security/2003/dsa-403) states that >> the do_brk security hole was fixed in vanilla kernel 2.4.23, and that >> >> "For Debian it has been fixed in version 2.4.18-12 of >> the kernel source packages, version 2.4.18-14 of the >> i386 kernel images and version 2.4.18-11 of the alpha >> kernel images" > >I think this was simply a mistake. It's nonsense that image is more >update from the source it came from. I think they invert the version >number, in the mail message.
Thanks for your comment - that seems most likely to me too. I've now looked back through the debian-security archive, and the previous few kernel updates were : DSA 358-1 (31.Jul.2003) ==> kernel-source-2.4.18-11 (multiple bugs) DSA 358-2 ( 5.Aug.2003) ==> kernel-source-2.4.18-12 (fixes oops) DSA 358-4 (13.Aug.2003) ==> kernel-source-2.4.18-13 (fixes oops) so the new version can't be any less than 2.4.18-14, and DSA 403-1 must contain a typo/thinko. I was just being ultra-paranoid, and double-checking everything in the light of recent events. I must calm down ;-) >It's my opinion, but, i think it's correct. Yep - thanks again for the feedback. Nick Boyce Bristol, UK -- Steinbach's Guideline for Systems Programming: Never test for an error condition you don't know how to handle.
