Re: Status of brk vulnerability in kernel-source-2.4.20-11, 2.4.21-5, 2.4.22-3?

On Wed, Dec 03, 2003 at 05:38:11PM -0500, Nathanael Nerode wrote: The security advisory does not mention these (the current 2.4.x kernels available in sarge), and the upstream fix is apparently not until 2.4.23. No offense... but (a) why would the DSA mention Sarge, and (b) isn't it obvious

Status of brk vulnerability in kernel-source-2.4.20-11, 2.4.21-5, 2.4.22-3?

The security advisory does not mention these (the current 2.4.x kernels available in sarge), and the upstream fix is apparently not until 2.4.23. Can we get an announcement as to the safety of these Debian packages? -- Nathanael Nerode neroden at gcc.gnu.org