http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2943 was published Sept 30, 2010, and says that Linux 2.6.32.5 is vulnerable. Squeeze uses 2.6.32-5, built on Jan 12, 2011. Is Squeeze's kernel fixed, or does it have the vulnerability?
http://security-tracker.debian.org/tracker/status/release/stable currently says that "the stable" suite has the vulnerability, and Squeeze is currently the latest stable, but the page doesn't explicitly say that Squeeze is the latest stable and has the vulnerability, and there's no timestamp on the page. The last-modified header appears to have the common bug of reporting the server's current clock time rather than the page's last modified timestamp, so that's useless too. Did Squeeze really get released with a high-urgency remote kernel vulnerability which was published four months earlier? -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/223175.89618...@web121518.mail.ne1.yahoo.com
