[Secure-testing-team] what else needs a DTSA right now?
Andres Salomon
dilinger at debian.org
Tue Aug 30 17:00:08 UTC 2005
On Tue, 2005-08-30 at 18:10 +0200, Moritz Muehlenhoff wrote:
> Joey Hess wrote:
> > > > Can anyone suggest any more good candidates for DTSAs in the list of
> > > > unfixed holes in testing? I've been trying to cover all the remote
> > > > exploits and bad local exploits and aside from updating the kernel and
> > >
> > > I want to have a deeper look at this. Horms has some stuff pending
> > > he hasn't had the time to backport yet and some CVE assignments are
> > > pending, but preparing updated recent 2.6.8 and 2.4.27 packages
> > > for etch seems like a good idea (as they are security/major fix only
> > > anyway), until linux-2.6 has made it into testing.
> >
> > The big problem with this is that it cannot be autobuilt since etch
> > still has all the different kernel source packages.
>
> Yes, but plenty of porters in debian-kernel were building the kernels
> Horms prepared for Sarge, so they might be willing to do the same for
> Etch as well.
>
Heh, getting porters to compile kernels is actually quite a long and
drawn out process. Horms announced 2.6.8 kernel-source packages on Aug
17th; it's now Aug 30, and we still don't have builds for all
architectures (still waiting on mips; we finally got m68k images just
yesterday). You may get better results helping us get linux-2.6 images
into testing. :)
More information about the Secure-testing-team
mailing list