Hello Michael,

no, it seems to be fine now. The phantom kernel update appeared for the
last time in the e-mail dated June 4th (CEST).

Thank you,
Christian

2016-11-14 9:45 GMT+01:00 Michael Stapelberg <[email protected]>:

> control: tags -1 + moreinfo
>
> Hi Christian,
>
> Christian Pernegger <[email protected]> writes:
>
> > This is the most recent e-mail. (Still no update in sight.)
> >
> > Thank you,
> > Christian
> >
> > ---------- Forwarded message ----------
> > From: <[email protected]>
> > Date: 2016-05-09 2:00 GMT+02:00
> > Subject: Debian security status of crabtree
> > To: [email protected]
> >
> >
> > Security report based on the jessie release
> >
> > *** Available security updates
> >
> > CVE-2013-4312 The Linux kernel before 4.4.1 allows local users to...
> >   <http://security-tracker.debian.org/tracker/CVE-2013-4312>
> >   - linux-image-3.16.0-4-amd64 (medium urgency)
>
> This issue is not reproducible for me:
>
> $ docker run -t -i debian:jessie /bin/bash
> root@f7a9763172e3:/# apt update
> root@f7a9763172e3:/# apt install linux-image-3.16.0-4-amd64
> root@f7a9763172e3:/# apt install debsecan ca-certificates
> root@f7a9763172e3:/# apt-cache policy linux-image-3.16.0-4-amd64
> linux-image-3.16.0-4-amd64:
>   Installed: 3.16.7-ckt25-2
>   Candidate: 3.16.36-1+deb8u2
>   Version table:
>      3.16.36-1+deb8u2 0
>         500 http://security.debian.org/ jessie/updates/main amd64 Packages
>      3.16.36-1+deb8u1 0
>         500 http://httpredir.debian.org/debian/ jessie/main amd64 Packages
>  *** 3.16.7-ckt25-2 0
>         500 http://httpredir.debian.org/debian/ jessie-updates/main amd64
> Packages
>         100 /var/lib/dpkg/status
> root@f7a9763172e3:/# debsecan --format=report --suite=jessie|grep
> CVE-2013-4312
> root@f7a9763172e3:/#
>
> In https://security-tracker.debian.org/tracker/CVE-2013-4312, I see the
> issue marked as fixed for jessie in version 3.16.7-ckt20-1+deb8u4, which
> is older than what you have installed.
>
> I’m wondering if this might have been a server-side data glitch.
>
> Can you still reproduce the issue?
>
> --
> Best regards,
> Michael
>

Reply via email to