In general, I prefer using Debian kernel-source packages, and applying Debian kernel-patch... to those.
If you build your kernels using kernel-package, this can be done nearly automagically. To find out how go here: http://newbiedoc.sourceforge.net/system/kernel-pkg.html#PATCHES-KERNEL-PKG DSA311 was issued on 08 June; the latest kernel-source-2.4.20 (-8) was uploaded on 07 June. This suggests to me that the ioperm vulnerability has not yet been fixed, and this is confirmed by looking at the changelogs. Herbert is very good about showing us what he's fixed in new kernel-source packages. I believe the confusing statement in the DSA is less confusing if one remembers that by definition security updates are only made to stable packages. The changes necessary to fix vulnerabilities for not-yet-released packages (testing and unstable) are made by uploading new packages to unstable, which in due course make their way into testing. Since you're building your own kernel from source you don't need cramfs, which is used IIRC for initrd -- and you don't need initrd either. Just make sure support for your root filesystem and your boot device are compiled directly into the kernel (not as modules). Your strategy of starting with the bf2.4-xfs config sounds like a good one. Kevin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
