Josip Rodin
2010-Sep-20 07:50 UTC
[Secure-testing-team] new .32 kernel not urgent for testing?
Hi,
http://packages.debian.org/changelogs/pool/main/l/linux-2.6/linux-2.6_2.6.32-23/changelog
says:
linux-2.6 (2.6.32-23) unstable; urgency=low
[...]
[ dann frazier ]
* compat: Make compat_alloc_user_space() incorporate the access_ok()
(CVE-2010-3081)
* x86-64, compat (CVE-2010-3301):
- Retruncate rax after ia32 syscall entry tracing
- Test %rax for the syscall number, not %eax
* wireless extensions: fix kernel heap content leak (CVE-2010-2955)
* KEYS (CVE-2010-2960):
- Fix RCU no-lock warning in keyctl_session_to_parent()
- Fix bug in keyctl_session_to_parent() if parent has no session keyring
-- dann frazier <dannf at debian.org> Fri, 17 Sep 2010 15:27:04 -0600
Is this intentionally urgency=low or not?
http://packages.qa.debian.org/l/linux-2.6.html says
* Too young, only 2 of 10 days old
* Not touching package due to block request by freeze (contact
debian-release if update is needed)
--
2. That which causes joy or happiness.
dann frazier
2010-Sep-20 22:21 UTC
[Secure-testing-team] new .32 kernel not urgent for testing?
On Mon, Sep 20, 2010 at 09:50:01AM +0200, Josip Rodin wrote:> Hi, > > http://packages.debian.org/changelogs/pool/main/l/linux-2.6/linux-2.6_2.6.32-23/changelog > says: > > linux-2.6 (2.6.32-23) unstable; urgency=low > [...] > > [ dann frazier ] > * compat: Make compat_alloc_user_space() incorporate the access_ok() > (CVE-2010-3081) > * x86-64, compat (CVE-2010-3301): > - Retruncate rax after ia32 syscall entry tracing > - Test %rax for the syscall number, not %eax > * wireless extensions: fix kernel heap content leak (CVE-2010-2955) > * KEYS (CVE-2010-2960): > - Fix RCU no-lock warning in keyctl_session_to_parent() > - Fix bug in keyctl_session_to_parent() if parent has no session keyring > > -- dann frazier <dannf at debian.org> Fri, 17 Sep 2010 15:27:04 -0600 > > Is this intentionally urgency=low or not? > > http://packages.qa.debian.org/l/linux-2.6.html says > > * Too young, only 2 of 10 days old > * Not touching package due to block request by freeze (contact > debian-release if update is needed)Josip, The release team has forced this migration. -- dann frazier