On Thu, Sep 02, 2010 at 12:01:50AM +0900, Hideki Yamane wrote: > Hi, > > Due to kernel-sec repository, those two CVEs are fixed. > http://svn.debian.org/wsvn/kernel-sec/retired/CVE-2010-2478 > http://svn.debian.org/wsvn/kernel-sec/retired/CVE-2010-2537 > > and debian/patches/bugfix/all/stable/2.6.32.17.patch was introduced > in 2.6.32-19. So, those two bugs in lenny-backports, Squeeze, Sid and > experimental are not affected now. > > > squeeze 2.6.32-20 vulnerable > > lenny-backports 2.6.32-20~bpo50+1 vulnerable > > sid 2.6.32-21 vulnerable > > experimental 2.6.35-1~experimental.2 vulnerable > > They won't note it to changelog, see > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=594491
Thanks, I've modified the Security Tracker. If you want to have direct access to the Tracker, please see http://security-tracker.debian.org/tracker/data/report and request access to the Alioth project. Cheers, Moritz -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
