On Wed, 2 May 2007 21:37:39 +0200 Dann Frazier <[EMAIL PROTECTED]> wrote:
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > - -------------------------------------------------------------------------- > Debian Security Advisory DSA 1286-1 [EMAIL PROTECTED] > http://www.debian.org/security/ Dann Frazier > May 2nd, 2007 http://www.debian.org/security/faq > - -------------------------------------------------------------------------- > > Package : linux-2.6 > Vulnerability : several > Problem-Type : local/remote > Debian-specific: no > CVE ID : CVE-2007-0005 CVE-2007-0958 CVE-2007-1357 CVE-2007-1592 > > Several local and remote vulnerabilities have been discovered in the Linux > kernel that may lead to a denial of service or the execution of arbitrary > code. The Common Vulnerabilities and Exposures project identifies the > following problems: [snip] > This problem has been fixed in the stable distribution in version > 2.6.18.dfsg.1-12etch1. Just trying to improve my understanding of Debian security advisories. 1) DSA 1286-1 isn't (yet) on the Debian Security page [0]. I assume this means that the advisories are mailed first and subsequently added to the website? 2) The advisory doesn't mention unstable, but three of the four CVEs affect kernels up to 2.6.21, which would include 2.6.20 in unstable. Will there be an advisory mentioning unstable? The Security FAQ [1] says: Q: How is security handled for testing and unstable? A: The short answer is: it's not. Testing and unstable are rapidly moving targets and the security team does not have the resources needed to properly support those. If you want to have a secure (and stable) server you are strongly encouraged to stay with stable. However, work is in progress to change this, with the formation of a testing security team which has begun work to offer security support for testing, and to some extent, for unstable. But most DSAa mention which unstable package provides a fix. What happens for something like 2.6.20, which doesn't exist in stable? [0] http://www.debian.org/security/ [1] http://www.debian.org/security/faq#testing Celejar -- mailmin.sourceforge.net - remote access via secure (OpenPGP) email ssuds.sourceforge.net - A Simple Sudoku Solver and Generator -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
