[Secure-testing-team] DTSA for 2.6.8 and 2.4.27

Horms horms at debian.org
Sat Sep 10 05:01:45 UTC 2005


On Fri, Sep 09, 2005 at 02:49:18PM +0200, Moritz Muehlenhoff wrote:
> Micah Anderson wrote:
> > I think it would be a good idea to get a DTSA (Debian Testing Security
> > Advisory) issued for 2.4.27 and 2.6.8. 
> >       
> > Neither of these advisories is a typical DTSA, as we normally we only do
> > advisories for things that are blocked from reaching testing by some other
> > issue, but I think that it would be good to do these two advisories because
> > of the sheer number of security holes fixed as well as the necessary upgrade
> > path that people need to take if they wish to maintain the integrity of
> > their machines.
> 
> Good idea, but I'd suggest to make a clean-sweep run over all kernel
> issues before. Some entries definitely need updating, (wrt to 2.4/2.6
> mapping and IIRC Horms has some mails pending as well, he told me some days
> ago. Also several more issues should receive a CVE mapping.
> 
> Wrt keeping a complete history we should also move the entries based on
> older kernel-source packages to linux-2.6, as this will be the new
> permanent source package for 2.6 kernels.

I also notice that 2.6.13.1 has now been released. This likely contains
fixes relevant for us. Though I'm not sure which if any apply to our
2.4.27, 2.6.8 or 2.6.12. Nor, which ones are security problems. I'll
look through it on Monday, unless someone gets there before me.

I usually get the broken out patches from here, though 2.6.13.1 doesn't
seem to be there, I'm not sure if that is a tempoary problem or not.

http://www.kernel.org/git/?p=linux/kernel/git/chrisw/stable-queue.git;a=tree

-- 
Horms




More information about the Secure-testing-team mailing list