Hi, Due to kernel-sec repository, those two CVEs are fixed. http://svn.debian.org/wsvn/kernel-sec/retired/CVE-2010-2478 http://svn.debian.org/wsvn/kernel-sec/retired/CVE-2010-2537
and debian/patches/bugfix/all/stable/2.6.32.17.patch was introduced in 2.6.32-19. So, those two bugs in lenny-backports, Squeeze, Sid and experimental are not affected now. > squeeze 2.6.32-20 vulnerable > lenny-backports 2.6.32-20~bpo50+1 vulnerable > sid 2.6.32-21 vulnerable > experimental 2.6.35-1~experimental.2 vulnerable They won't note it to changelog, see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=594491 -- Regards, Hideki Yamane henrich @ debian.or.jp/org http://wiki.debian.org/HidekiYamane -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
