--nextPart1770374.pxppWBdyd9
Content-Type: Text/Plain;
  charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

In <20110509043430.GA1984@cox.net>, Robert Holtzman wrote:
>On Sun, May 08, 2011 at 10:08:31PM +0200, Florian Weimer wrote:
>> * Kelly Dean:
>> > http://web.nvd.nist.gov/view/vuln/detail?vulnId=3DCVE-2010-2943 was
>> > published Sept 30, 2010, and says that Linux 2.6.32.5 is
>> > vulnerable. Squeeze uses 2.6.32-5, built on Jan 12, 2011. Is
>> > Squeeze's kernel fixed, or does it have the vulnerability?
>>=20
>> According to our records, this issue was addressed in version
>> 2.6.32-31 of the linux-2.6 package, which is also the version
>> currently in sqeeze.
>
>If so, why is my squeeze installation, fully updated, showing 2.6.32-5?

Because you don't understand Debian kernel packaging.

% apt-cache policy linux-image-2.6.32-5-amd64
linux-image-2.6.32-5-amd64:
  Installed: 2.6.32-31
  Candidate: 2.6.32-31
  Version table:
     2.6.32-34 0
        850 http://127.0.0.1/debian/ squeeze-proposed-updates/main amd64=20
Packages
 *** 2.6.32-31 0
        900 http://127.0.0.1/debian/ squeeze/main amd64 Packages
        100 /var/lib/dpkg/status

The package name is "linux-image-2.6.32-5-amd64"; the package version is=20
"2.6.32-31"; the .deb file would be named "linux-image-2.6.32-5-
amd64_2.6.32-31.deb".

=46or normal (i.e. non-meta-) packages:  The package name is (currently) of=
 the=20
form "linux-image-$upstream_version-$ABI_version-$arch"; the package versio=
n=20
is "$upstream_version-$debian_version" -- like most other packages.

Part of the version is in the package name to allow for co-installation.  A=
=20
similar naming is used for shared libraries for the same purpose.  Dependin=
g=20
on upstream support (and maintainer support) for co-installation, all or pa=
rt=20
of the version string may be included in package, directory, and file names.
=2D-=20
Boyd Stephen Smith Jr.                   ,=3D ,-_-. =3D.
bss@iguanasuicide.net                   ((_/)o o(\_))
ICQ: 514984 YM/AIM: DaTwinkDaddy         `-'(. .)`-'
http://iguanasuicide.net/                    \_/

--nextPart1770374.pxppWBdyd9
Content-Type: application/pgp-signature; name=signature.asc 
Content-Description: This is a digitally signed message part.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEABECAAYFAk3HhGgACgkQ55pqL7G1QFlUUQCfZ1zXQQIWP/aJ+PvIiNJW06Hv
5vkAn2vswsHczfW8kOT28GTR8Yf7Noyd
=tttV
-----END PGP SIGNATURE-----

--nextPart1770374.pxppWBdyd9--


-- 
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/201105090106.32559.bss@iguanasuicide.net