Hosting Provided By

Re: [SECURITY] [DSA 1422-1] New e2fsprogs packages fix arbitrary code execution

From: Moritz Muehlenhoff <jmm(at)inutil.org>
Date: Sun Dec 16 2007 - 15:47:53 EST

Juan Gallego wrote:
> is sarge affected by this vulnerability? or has sarge been archived and i
> missed the announcement?

The main attack vector - pygrub/xen - doesn't exist in Sarge. The other attacks are more or less theoretical and hardly justify modifications to an important core package like this.

Cheers,

Moritz

-- 
To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Received on Sun Dec 16 16:33:06 2007

This message: [ Message body ]
Next message: William Chipman: "PCI vulnerability scan - PHP4 on Sarge"
Previous message: Robert B Jackson: "Robert B Jackson is on vacation."
In reply to: Juan Gallego: "Re: [SECURITY] [DSA 1422-1] New e2fsprogs packages fix arbitrary code execution"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Mar 19 2008 - 06:54:35 EDT