Re: [DSA 1494-1] Still vulnerable?

From: Jens Schüßler <jgs(at)trash.net>
Date: Tue Feb 12 2008 - 16:49:13 EST

• Florian Weimer <fw@deneb.enyo.de> wrote:
  > * Jens Schüßler:
  >
  > >> Not in our tests. Are you sure you're running the new kernel? What
  > >> does "uname -a" say?
  >
  > > $uname -a
  > > Linux algol 2.6.18+2008-02-12 #1 Tue Feb 12 16:49:10 CET 2008 i686 GNU/Linux
  > >
  > > As I said, fresh compiled from the new sources-Packet
  >
  > Please send me your copy of fs/splice.c.
  

Sorry, i deleted the source meanwhile.
>
> I just downloaded linux-source-2.6.18 2.6.18.dfsg.1-18etch1, and it does
> contain the correct version. This suggests some sort of problem at your
> end, I'm afraid.

Maybe, I think so, but I don't know why. I just build it again as I said in the other posting, and now it works.

But the buildinfo shows the same source package version than before...

$zcat /usr/share/doc/linux-image-2.6.18+2008-02-12/buildinfo.gz binutils-2.17-3
dpkg-1.13.25
dpkg-dev-1.13.25

gcc-4.1.1-15
gcc-3.3-base-3.3.6-15
gcc-3.4-base-3.4.6-5
gcc-4.1-4.1.1-21
gcc-4.1-base-4.1.1-21

libc6-2.3.6.ds1-13etch4
libc6-dev-2.3.6.ds1-13etch4
make-3.81-2
perl-5.8.8-7etch1
this was built on a machine with the kernel: Linux algol 2.6.22+2008-02-12 #1 Tue Feb 12 20:29:32 CET 2008 i686 GNU/Linux using the compiler:
gcc version 4.1.2 20061115 (prerelease) (Debian 4.1.1-21) kernel source package used:
linux-source-2.6.18-2.6.18.dfsg.1-18etch1 applied kernel patches: Received on Tue Feb 12 17:04:01 2008