[Secure-testing-team] Kernel vulnerabilities in sarge-checks
Moritz Muehlenhoff
jmm at inutil.org
Tue Mar 22 19:03:42 UTC 2005
Dominic Hargreaves wrote:
> I noticed that while kernel vulns appear as kernel-source packages, we
> are not tracking the various kernel-image packages. Should we not also
> be doing this?
Yes, but tracking this manually seems way to error-prone, as kernel-sources
for sid are in a steady flow.
I just wrote a little Python script to automatically generate a list of
vulnerable kernel image packages against the CAN list. I parses the CAN
list for kernel-source entries and all that remains to be done is to keep
a list which kernel on which arch is built against which kernel-source
package. Example:
i386 2.6.8 2.6.8-12
sparc 2.6.8 2.6.8-11
(Meaning that the 2.6.8 kernel for i386 was built against kernel-source
2.6.8.12 and sparc against 2.6.8-11).
It's attached, comments welcome.
Cheers,
Moritz
-------------- next part --------------
A non-text attachment was scrubbed...
Name: kernel-check.py
Type: text/x-python
Size: 1060 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20050322/2777e96a/kernel-check.py
-------------- next part --------------
i386 2.6.8 2.6.8-12
sparc 2.6.8 2.6.8-11
More information about the Secure-testing-team
mailing list