Alexander Reichle-Schmehl un jour écrivit:
>>
I can see that CVE-2008-3272 and CVE-2008-3275 had already been fixed
in DSA-1630-1, but can you confirm that the other CVE doesn't affect
2.6.18?
Well... According to
http://security-tracker.debian.net/tracker/source-package/linux-2.6 it
isn't.
The security tracker could be wrong. While useful, I don't trust It
blindly.
More specifically, can someone confirm that CVE-2008-3915 doesn't affect
the 2.6.18 kernel series in Debian? If I believe this link, this bug is
not limited to 2.6.24 in Etch-and-a-half.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3915
http://security-tracker.debian.net/tracker/CVE-2008-3915 list only
2.6.24 as affected.
Looking your link, the first version they list is 2.6.19.4. So, yes, it
pretty much looks to me, as if etch's 2.6.18 is not affected by this
issue.
Look better: 2.6.18 is listed, but as one of the last entries. I don't
know why It is not listed in the same order, but It is true that It was
easy to miss It.
Also, even if you would have been right, It would still be possible
that Debian added a patch backporting the security problem (or
hiding/fixing the bug by pure luck). Checking for that bug is not very
difficult, but checking for this bug and all the other one can be very
time consumming and boring, which can explain some delay.
Simon Valiquette
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]