Bug 69266

Summary:	GLSA 200407-02 and 200407-16 may need update
Product:	Gentoo Security	Reporter:	Thierry Carrez (RETIRED) <koon>
Component:	GLSA Errors	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	normal
Priority:	High
Version:	unspecified
Hardware:	All
OS:	All
Whiteboard:
Package list:		Runtime testing required:	---

Description Thierry Carrez (RETIRED) gentoo-dev

2004-10-28 07:11:34 UTC

200407-02 lists as affected, without any unaffected version:
sys-kernel/vanilla-sources <= 2.4.26

200407-16 lists as affected, without any unaffected version:
sys-kernel/mips-sources	< 2.4.26-r5
sys-kernel/vanilla-sources <= 2.4.26

Since vanilla-sources-2.4.27 and mips-sources-2.4.27-r1 are out, it would be interesting to look if all vulnerabilities are taken care of in 2.4.27 and to update old GLSAs accrodingly.

Comment 1 Thierry Carrez (RETIRED) gentoo-dev

2004-10-28 11:54:35 UTC

I would say that 2.4.27 vanilla is still vulnerable to some of the vulnerabilities described in these two advisories. Plasmaroo: could you confirm ?

Comment 2 Tim Yamin (RETIRED) gentoo-dev

2004-10-28 13:41:39 UTC

We leave "vanilla" as vanilla with no security fixes or anything, or at least that is how it usually goes.

Comment 3 Tim Yamin (RETIRED) gentoo-dev

2004-10-28 13:56:52 UTC

Hrm, misread the question. 2.4.27 should incorporate the needed fixes from both GLSAs, only missing item seems to be CAN-2004-0447 which is a IA64 fix, and vanilla-sources isn't keyworded "ia64" so it should be fine.

Comment 4 Thierry Carrez (RETIRED) gentoo-dev

2004-10-29 01:09:30 UTC

Both GLSA fixed so that >=2.4.27 is OK.