Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 338855 - Please mark =sys-kernel/gentoo-sources-2.6.34-r10
Summary: Please mark =sys-kernel/gentoo-sources-2.6.34-r10
Status: RESOLVED INVALID
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: New packages (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Kernel Bug Wranglers and Kernel Maintainers
URL:
Whiteboard:
Keywords: STABLEREQ
Depends on:
Blocks: CVE-2010-3301
  Show dependency tree
 
Reported: 2010-09-26 21:21 UTC by Mike Pagano
Modified: 2010-09-27 00:32 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Mike Pagano gentoo-dev 2010-09-26 21:21:34 UTC 
This will make sure gentoo has a stable kernel that includes the fix for CVE-2010-3301, a root access vulnerability.
Comment 1 kfm 2010-09-26 22:21:34 UTC 
2.6.34.7 does NOT contain the fix for CVE-2010-3301. I don't think it is worth investing any energy at all in stabilising any vanilla-sources-2.6.34.x release. For a detailed explanation as to why and a recommendation that I think would better serve vanilla-sources users in general, see bug 338739.
Comment 2 kfm 2010-09-26 22:57:48 UTC 
I just learned from asn that 2.6.35.5 is off the cards due to bug 334341. This is a tricky situation then as the only other safe version of vanilla-sources is 2.6.32.22.
Comment 3 Mike Pagano gentoo-dev 2010-09-26 23:32:32 UTC 
2.6.34-r10 contains the needed patches, not vanilla sources.
Comment 4 Mike Pagano gentoo-dev 2010-09-26 23:52:22 UTC 
-r11 coming with an additional security patch.
Comment 5 kfm 2010-09-27 00:09:10 UTC 
> 2.6.34-r10 contains the needed patches, not vanilla sources. 

I know, but for the record, the original summary requested that vanilla-sources-2.6.34.7 be stabilised also, with the inference that it contained a fix. My comments were in response to that aspect of the request.