I'd be grateful if someone could please try to deconfuse me about what the current stable kernel 2.4.18 source package is ..
DSA 403-1 (http://www.debian.org/security/2003/dsa-403) states that the do_brk security hole was fixed in vanilla kernel 2.4.23, and that "For Debian it has been fixed in version 2.4.18-12 of the kernel source packages, version 2.4.18-14 of the i386 kernel images and version 2.4.18-11 of the alpha kernel images" But when I ran apt-get a couple of days ago, to upgrade my existing kernel-source package, what I got was version 2.4.18-14, rather than the 2.4.18-12 that the above implies. Specifically, what I got was http://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-source-2.4.18_2.4.18-14_all.deb This source deb may well be Good Stuff, but how does it relate to the security advisory ? Does it mean there have been more fixes since the DSA ? TIA for any light anyone can shed. Nick Boyce Bristol, UK -- "We did a risk management review. We concluded that there was no risk of any management." -- Hugo Mills <[EMAIL PROTECTED]>
