[Full-Disclosure] Gentoo versioning [was: [ GLSA 200403-02 ] Linux kernel do_mremap local privilege escalation vulnerability]

From: Marcin Owsiany (marcin_at_owsiany.pl)
Date: 03/24/04

  • Next message: christopher hobbs: "Re: [Full-Disclosure] New link - ISS 'Witty' Worm Analyzed" 
    To: full-disclosure@lists.netsys.com
Date: Wed, 24 Mar 2004 19:00:39 +0100

    On Sat, Mar 06, 2004 at 11:40:27PM +0000, Tim Yamin wrote:
    > ~ -------------------------------------------------------------------
    > ~ Kernel / Unaffected Version / Manual Update?
    > ~ -------------------------------------------------------------------
    >
    > ~ aa-sources................2.4.23-r1...................YES..........
    > ~ alpha-sources.............2.4.21-r4................................
    > ~ ck-sources................2.4.24-r1...................YES..........
    > ~ ck-sources................2.6.2-r1....................YES..........
    [...]
    > ~ IMPORTANT: IF YOUR KERNEL IS MARKED AS "YES" ABOVE, THEN YOU SHOULD
    > ~ UPDATE YOUR KERNEL EVEN IF PORTAGE REPORTS THAT THE SAME
    > ~ VERSION IS INSTALLED.

    I don't know Gentoo, but could someone describe the reason for this
    note? It seems something is very broken. Does that mean that version
    string does not uniquely identify a version of package?

    regards,

    Marcin 

    -- 
Marcin Owsiany <marcin@owsiany.pl>              http://marcin.owsiany.pl/
GnuPG: 1024D/60F41216  FE67 DA2D 0ACA FC5E 3F75  D6F6 3A0D 8AA0 60F4 1216
 
"Every program in development at MIT expands until it can read mail."
                                                              -- Unknown
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
  • Next message: christopher hobbs: "Re: [Full-Disclosure] New link - ISS 'Witty' Worm Analyzed"

    Relevant Pages

    • Re: Controlling Javascript from server side
      ... but five different language implementations here. ... 'true' means that the request must be handled asynchronously. ... There is exactly *no* reason for such a thing here. ... | percent-endoded string). ...
      (comp.lang.javascript)
    • Re: Is that a good design?
      ... I would have been able to reason the first gotcha. ... public string FirstName; ... has a reference architecture that shows the use of patterns. ... Public Shared Function GetUserInstance() As User ...
      (microsoft.public.dotnet.framework)
    • Re: packagemaker script assistance needed.
      ... Is there a reason you're conditionalizing the whole block instead of one ... string will do as you want.) ...
      (comp.sys.mac.programmer.help)
    • Re: Allow Zero Length String Property - 2000 vs 2003
      ... Well, if that was the reason, I believe my second point still stands - ... Web Interfaces do empty strings. ... > "Brendan Reynolds" <brenreyn at indigo dot ie> wrote in message ... >> Are you the same person who posted the 'Allow Zero Length String in MS ...
      (microsoft.public.access.tablesdbdesign)
    • Re: a method to make js have the ability to inherit
      ... but without the implied type-conversion of the string ... that uses the name of a specific constructor. ... programmer has no idea at all what types of object they are ... no reason for ever doing so. ...
      (comp.lang.javascript)