Simon Valiquette wrote: > Alexander Reichle-Schmehl un jour écrivit: > >> >>> I can see that CVE-2008-3272 and CVE-2008-3275 had already been >>> fixed >>> in DSA-1630-1, but can you confirm that the other CVE doesn't affect >>> 2.6.18? >> >> Well... According to >> http://security-tracker.debian.net/tracker/source-package/linux-2.6 it >> isn't. >> > > The security tracker could be wrong. While useful, I don't trust It > blindly. > >>> More specifically, can someone confirm that CVE-2008-3915 doesn't >>> affect the 2.6.18 kernel series in Debian? If I believe this link, >>> this bug is not limited to 2.6.24 in Etch-and-a-half. >>> >>> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3915 >> >> http://security-tracker.debian.net/tracker/CVE-2008-3915 list only >> 2.6.24 as affected. >> >> Looking your link, the first version they list is 2.6.19.4. So, yes, it >> pretty much looks to me, as if etch's 2.6.18 is not affected by this >> issue. > > Look better: 2.6.18 is listed, but as one of the last entries. I > don't know why It is not listed in the same order, but It is true that > It was easy to miss It. > > Also, even if you would have been right, It would still be possible > that Debian added a patch backporting the security problem (or > hiding/fixing the bug by pure luck). Checking for that bug is not > very difficult, but checking for this bug and all the other one can be > very time consumming and boring, which can explain some delay. > > > Simon Valiquette > > Is the I-key on your keyboard locked to uppercase for some reason ? SCNR
-- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
