[Secure-testing-team] new .32 kernel not urgent for testing?
dann frazier
dannf at dannf.org
Mon Sep 20 22:21:00 UTC 2010
On Mon, Sep 20, 2010 at 09:50:01AM +0200, Josip Rodin wrote:
> Hi,
>
> http://packages.debian.org/changelogs/pool/main/l/linux-2.6/linux-2.6_2.6.32-23/changelog
> says:
>
> linux-2.6 (2.6.32-23) unstable; urgency=low
> [...]
>
> [ dann frazier ]
> * compat: Make compat_alloc_user_space() incorporate the access_ok()
> (CVE-2010-3081)
> * x86-64, compat (CVE-2010-3301):
> - Retruncate rax after ia32 syscall entry tracing
> - Test %rax for the syscall number, not %eax
> * wireless extensions: fix kernel heap content leak (CVE-2010-2955)
> * KEYS (CVE-2010-2960):
> - Fix RCU no-lock warning in keyctl_session_to_parent()
> - Fix bug in keyctl_session_to_parent() if parent has no session keyring
>
> -- dann frazier <dannf at debian.org> Fri, 17 Sep 2010 15:27:04 -0600
>
> Is this intentionally urgency=low or not?
>
> http://packages.qa.debian.org/l/linux-2.6.html says
>
> * Too young, only 2 of 10 days old
> * Not touching package due to block request by freeze (contact
> debian-release if update is needed)
Josip,
The release team has forced this migration.
--
dann frazier
More information about the Secure-testing-team
mailing list