On 2016-08-14 16:00, Salvatore Bonaccorso wrote: > Package: release.debian.org > Severity: normal > Tags: jessie > User: release.debian....@packages.debian.org > Usertags: pu > > Dear SRM > > I would like to propose the following hardening to src:gnupg2 which was > found during the analysis of a vulnerability report to the security team > and related to > https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_razavi.pdf > and developed by NIIBE Yutaka. The underlying problem in hardware cannot > be solved in software (and thus we don't want to issue a DSA for it, and > give possibly this false impression), and as pointed out by Florian
I wonder if it would be a good idea to release an announcement without any software change recommending people to not enable KSM on their hosts? Aurelien -- Aurelien Jarno GPG: 4096R/1DDD8C9B aurel...@aurel32.net http://www.aurel32.net