Re: Another stable vs. testing inconsistency

On Wed, 29 Jul 2009 22:00:46 +0200, Francesco Poli wrote:
> Hi all!
> 
> I found another vulnerability in the tracker that shows up as fixed in
> lenny, and as unfixed in squeeze, despite the package version is the
> *same* in the two branches.
> 
> http://security-tracker.debian.net/tracker/CVE-2009-2584

fixed.  i keep overlooking squeeze when i do these updates.  i will
force myself to remember next time.

> BTW, the fix seems to be
> http://lkml.org/lkml/2009/7/20/348
> which, IIUC, has not yet been applied to the upstream mainline kernel
> 
> I haven't even found a Debian BTS bug report: should an important (?)
> bug be filed?

the vulnerable code was introduced after 2.6.26, so only unstable's
kernel is affected. the kernel-sec team is aware and tracking the
problem, so a report is not necessary.

mike


-- 
To UNSUBSCRIBE, email to debian-security-tracker-request@xxxxxxxxxxxxxxxx
with a subject of "unsubscribe". Trouble? Contact listmaster@xxxxxxxxxxxxxxxx