|
|
|
|
|
1
2nd July 19:47
External User
Posts: 1
|
New Linux 2.6.24 packages fix several vulnerabilities
All these issues are also listed as affecting 2.6.18 on
<http://security-tracker.debian.net/tracker/>. Are there plans to release fixed packages? Cheers, Dominic. -- Dominic Hargreaves | http://www.larted.org.uk/~dom/ PGP key 5178E2A5 from the.earth.li (keyserver,web,email) -- To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org |
|
|
|
|
2
2nd July 19:47
External User
Posts: 1
|
New Linux 2.6.24 packages fix several vulnerabilities
Yup, that's pretty much what I expected to hear; thanks for confirming.
May I make a suggestion that you include a comment along these lines in the advisory texts? It would help reassure users that things haven't been forgotten about greatly. Cheers, Dominic. -- Dominic Hargreaves | http://www.larted.org.uk/~dom/ PGP key 5178E2A5 from the.earth.li (keyserver,web,email) -- To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org |
|
|
|
3
2nd July 19:48
External User
Posts: 1
|
New Linux 2.6.24 packages fix several vulnerabilities
That looks fine. Thanks for looking at this and all your kernel security
support work. Dominic. -- Dominic Hargreaves | http://www.larted.org.uk/~dom/ PGP key 5178E2A5 from the.earth.li (keyserver,web,email) -- To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org |
|
|
|
4
3rd July 17:35
External User
Posts: 1
|
New Linux 2.6.24 packages fix several vulnerabilities
Yes, this has been a FAQ since the release of etchnhalf. I'll see
about adding something to the text template. Does this look ok? Debian 'etch' includes linux kernel packages based upon both the 2.6.18 and 2.6.24 linux releases. All known security issues are carefully tracked against both packages and both packages will receive security updates until security support for Debian 'etch' ceases. However, given the high frequency at which low-severity security issues are discovered in the kernel and the resource requirements of doing an update, non-critical 2.6.18 and 2.6.24 updates will typically release in a staggered or "leap-frog" fashion. -- dann frazier -- To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org |
|
|
|
5
3rd July 17:35
External User
Posts: 1
|
New Linux 2.6.24 packages fix several vulnerabilities
Some do, some don't
 The security tracker is the canonical resource- though you're welcome to monitor the kernel and kernel-sec svn repositories on alioth if you want more granular information. Yes - 2.6.18 is in stable, and as such will be security supported for at least another year. Minor/local DoS security issues in the kernel are very frequent, so updated packages are constantly in preparation. Preparing kernel updates is resource intensive so, unless there's a severe issue, etch users should expect 2.6.18 and 2.6.24 updates to be staggered. -- dann frazier -- To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org |
|
|
|
6
3rd July 17:35
External User
Posts: 1
|
New Linux 2.6.24 packages fix several vulnerabilities
I'd suggest you add something more explicit, maybe:
[fashion], that is when higher-severity issues are fixed. or something similar. -- Marcin Owsiany <porridge@debian.org> http://marcin.owsiany.pl/ GnuPG: 1024D/60F41216 FE67 DA2D 0ACA FC5E 3F75 D6F6 3A0D 8AA0 60F4 1216 -- To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org |
|
|
|
7
3rd July 17:35
External User
Posts: 1
|
New Linux 2.6.24 packages fix several vulnerabilities
Well, I don't think that's what I mean. High-severity fixes will
release as soon as possible - likely simultaneously. -- dann frazier -- To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org |
|
|
|
8
3rd July 17:35
External User
Posts: 1
|
New Linux 2.6.24 packages fix several vulnerabilities
Well, that is what I meant as well, but my English is apparently not
good enough to express it. I think there is a single fact that the reader should get from this: Low severity fixes often wait until there is a need for a high-severity fix. Does that sound better? -- Marcin Owsiany <porridge@debian.org> http://marcin.owsiany.pl/ GnuPG: 1024D/60F41216 FE67 DA2D 0ACA FC5E 3F75 D6F6 3A0D 8AA0 60F4 1216 -- To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org |
|
|
|
9
3rd July 17:35
External User
Posts: 1
|
New Linux 2.6.24 packages fix several vulnerabilities
Not quite, in case of an emergency release such as the vmsplice issue (where
the exploit was posted in the wild) the low severity issues will rather be postponed to a followup DSA. Cheers, Moritz -- To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org |
|
|
|
10
3rd July 17:35
External User
Posts: 1
|
New Linux 2.6.24 packages fix several vulnerabilities
I don't think my sentence implies that they never wait _even_ longer
than a high-severity fix. It just states they they wait. Anyway, all I'm trying to achieve is make that FAQ entry easy to understand for a non-native English speaker. -- Marcin Owsiany <porridge@debian.org> http://marcin.owsiany.pl/ GnuPG: 1024D/60F41216 FE67 DA2D 0ACA FC5E 3F75 D6F6 3A0D 8AA0 60F4 1216 -- To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org |
|
|
Linear Mode
