Re: CVE-2017-5754 - ETA?
- Date: Mon, 08 Jan 2018 18:38:51 +0100
- From: Sven Joachim <svenjoac@xxxxxx>
- Subject: Re: CVE-2017-5754 - ETA?
On 2018-01-08 17:04 +0000, Tixy wrote:
> On Mon, 2018-01-08 at 11:36 -0400, francis picabia wrote:
>> > The DSA has been (will be shortly?) released for stable. Unstable,
>> > testing, and likely oldstable will probably follow soon.
>> > https://security-tracker.debian.org/tracker/DSA-4078-1
>> Thanks for the response. I'm looking now and I see stretch and wheezy
>> addressed, but not jessie. Odd. Why would old-stable be a challenge?
> It's a major set of changes that needs to be ported and tested. Perhaps
> there we're more companies and distro's working on the 3.2 kernel in
> Wheezy compared to 3.16 as used in Jessie.
I doubt that, both 3.2 and 3.16 are maintained by Ben Hutchings and are
not used by any major distro except Debian AFAIK.
> Or perhaps the latter port hit problems, who knows.
Definitely, both Ben and testers/reviewers hit showstopper bugs
including failure to boot at all. See the thread on the stable@vger
list at https://www.spinics.net/lists/stable/index.html#209049.