Aurelien Jarno <aurel...@aurel32.net> schrieb: > On 2016-08-14 16:00, Salvatore Bonaccorso wrote: >> Package: release.debian.org >> Severity: normal >> Tags: jessie >> User: release.debian....@packages.debian.org >> Usertags: pu >> >> Dear SRM >> >> I would like to propose the following hardening to src:gnupg2 which was >> found during the analysis of a vulnerability report to the security team >> and related to >> https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_razavi.pdf >> and developed by NIIBE Yutaka. The underlying problem in hardware cannot >> be solved in software (and thus we don't want to issue a DSA for it, and >> give possibly this false impression), and as pointed out by Florian > > I wonder if it would be a good idea to release an announcement without > any software change recommending people to not enable KSM on their > hosts?
I think a NEWS file for the kernel would be best? Cheers, Moritz