Am Mit, 2003-05-07 um 17.05 schrieb Adrian 'Dagurashibanipal' von Bidder: > On Wednesday 07 May 2003 14:53, Peter Holm wrote: > > > The actual kernel sources that one can get via apt-get, are they > > already patched?
kernel-source-2.4.20 in unstable is patched. > I fear there's no such place. The security announcements are only made when a > fixed package is released, and to my knowledge there is no centralized debian > specific place to get security announcements for security bugs where no patch > is (yet) available. I am not quite sure how much the security team feels responsible for the kernel. The ptrace bug is not the only problem as there are other security problems (for example in the netfilter code) that have never been fixed in stable. Additionally, often patches are only available for current kernel versions, but not for older ones that are all available within woody. How far back must patches be backported? Is there a clear policy about this issue? Sebastian