[Cc'ing debian-kernel for clarification] Joey Hess wrote: > Here are the ones the testing security team is currently tracking > that are fixed in unstable but don't yet have a fix in sarge, plus a few > others of interest:
It seems as if the local DoS in the a.out loader (only exploitable when VM memory overcommitment is turned on) is still unfixed in kernel-source- 2.6.8: The changelog for 2.6.8-9 mentions another unrelated elf/a.out vulnarability, but I can't find the proposed patch by Chris Wright in the diff.gz, so maybe this has slipped through until now or fixed in a different way, I don't know: http://marc.theaimsgroup.com/?l=linux-kernel&m=110023019006886&w=2 Cheers, Moritz
