[Secure-testing-team] new .32 kernel not urgent for testing?
Josip Rodin
joy at entuzijast.net
Mon Sep 20 07:50:01 UTC 2010
Hi,
http://packages.debian.org/changelogs/pool/main/l/linux-2.6/linux-2.6_2.6.32-23/changelog
says:
linux-2.6 (2.6.32-23) unstable; urgency=low
[...]
[ dann frazier ]
* compat: Make compat_alloc_user_space() incorporate the access_ok()
(CVE-2010-3081)
* x86-64, compat (CVE-2010-3301):
- Retruncate rax after ia32 syscall entry tracing
- Test %rax for the syscall number, not %eax
* wireless extensions: fix kernel heap content leak (CVE-2010-2955)
* KEYS (CVE-2010-2960):
- Fix RCU no-lock warning in keyctl_session_to_parent()
- Fix bug in keyctl_session_to_parent() if parent has no session keyring
-- dann frazier <dannf at debian.org> Fri, 17 Sep 2010 15:27:04 -0600
Is this intentionally urgency=low or not?
http://packages.qa.debian.org/l/linux-2.6.html says
* Too young, only 2 of 10 days old
* Not touching package due to block request by freeze (contact
debian-release if update is needed)
--
2. That which causes joy or happiness.
More information about the Secure-testing-team
mailing list