69266 – GLSA 200407-02 and 200407-16 may need update

Bug 69266 - GLSA 200407-02 and 200407-16 may need update

Summary: GLSA 200407-02 and 200407-16 may need update

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	GLSA Errors (show other bugs)
Hardware:	All All

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2004-10-28 07:11 UTC by Thierry Carrez (RETIRED)
Modified:	2004-10-29 01:09 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Thierry Carrez (RETIRED) gentoo-dev

2004-10-28 07:11:34 UTC

200407-02 lists as affected, without any unaffected version:
sys-kernel/vanilla-sources <= 2.4.26

200407-16 lists as affected, without any unaffected version:
sys-kernel/mips-sources	< 2.4.26-r5
sys-kernel/vanilla-sources <= 2.4.26

Since vanilla-sources-2.4.27 and mips-sources-2.4.27-r1 are out, it would be interesting to look if all vulnerabilities are taken care of in 2.4.27 and to update old GLSAs accrodingly.

Comment 1 Thierry Carrez (RETIRED) gentoo-dev

2004-10-28 11:54:35 UTC

I would say that 2.4.27 vanilla is still vulnerable to some of the vulnerabilities described in these two advisories. Plasmaroo: could you confirm ?

Comment 2 Tim Yamin (RETIRED) gentoo-dev

2004-10-28 13:41:39 UTC

We leave "vanilla" as vanilla with no security fixes or anything, or at least that is how it usually goes.

Comment 3 Tim Yamin (RETIRED) gentoo-dev

2004-10-28 13:56:52 UTC

Hrm, misread the question. 2.4.27 should incorporate the needed fixes from both GLSAs, only missing item seems to be CAN-2004-0447 which is a IA64 fix, and vanilla-sources isn't keyworded "ia64" so it should be fine.

Comment 4 Thierry Carrez (RETIRED) gentoo-dev

2004-10-29 01:09:30 UTC

Both GLSA fixed so that >=2.4.27 is OK.