Hi, On Mittwoch, 2. Mai 2007, Celejar wrote: > Dann Frazier <[EMAIL PROTECTED]> wrote: > > Package : linux-2.6 > > Vulnerability : several > > Problem-Type : local/remote > > Debian-specific: no > > CVE ID : CVE-2007-0005 CVE-2007-0958 CVE-2007-1357 > > CVE-2007-1592
> 1) DSA 1286-1 isn't (yet) on the Debian Security page [0]. I assume > this means that the advisories are mailed first and subsequently > added to the website? Yes. > 2) The advisory doesn't mention unstable, but three of the four > CVEs affect kernels up to 2.6.21, which would include 2.6.20 in > unstable. Will there be an advisory mentioning unstable? No, the fixes will just be (or already have been) uploaded to unstable. You can get more up-to-date information from the security tracker: http://security-tracker.debian.net/tracker/CVE-2007-0005 ... http://security-tracker.debian.net/tracker/status/release/unstable The information there shows that the issues are already fixed in 2.6.20-1. Look at the debsecan package. It can notify you about security issues in unstable automatically. Cheers, Stefan -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
