Hi, On Wed, Jan 20, 2016 at 10:42:04AM +0800, Bjoern Nyjorden wrote: > Thanks Holger & Ben, > > Most appreciated. So, just to confirm; my take away on this is: > > * 1. "Wheezy" Linux kernels are NOT AFFECTED. > > * 2. "Wheezy" & "Jessie" BACKPORTS Linux kernels are VUNERABLE. > > If I have understood correctly?
For the most important CVE, https://security-tracker.debian.org/tracker/CVE-2016-0728 this is right. The issue was introduced in upstream commit 3a50597de8635cd05133bd12c95681c82fe7b878 which is in Kernels v3.8-rc1 onways. Wheezy Kernel is not affected, Wheezy and Jessie backports are vunerable but beeing fixed. You can get the full picture for Wheezy and Jessie status by starting from https://security-tracker.debian.org/tracker/DSA-3448-1 and following the CVE references for details. The other issues which affect Wheezy as well will be fixed for Wheezy in a later DSA. (yes, the security-tracker does not track backports). Hope this helps, Regards, Salvatore
