control: tags -1 + moreinfo Hi Christian,
Christian Pernegger <[email protected]> writes: > This is the most recent e-mail. (Still no update in sight.) > > Thank you, > Christian > > ---------- Forwarded message ---------- > From: <[email protected]> > Date: 2016-05-09 2:00 GMT+02:00 > Subject: Debian security status of crabtree > To: [email protected] > > > Security report based on the jessie release > > *** Available security updates > > CVE-2013-4312 The Linux kernel before 4.4.1 allows local users to... > <http://security-tracker.debian.org/tracker/CVE-2013-4312> > - linux-image-3.16.0-4-amd64 (medium urgency) This issue is not reproducible for me: $ docker run -t -i debian:jessie /bin/bash root@f7a9763172e3:/# apt update root@f7a9763172e3:/# apt install linux-image-3.16.0-4-amd64 root@f7a9763172e3:/# apt install debsecan ca-certificates root@f7a9763172e3:/# apt-cache policy linux-image-3.16.0-4-amd64 linux-image-3.16.0-4-amd64: Installed: 3.16.7-ckt25-2 Candidate: 3.16.36-1+deb8u2 Version table: 3.16.36-1+deb8u2 0 500 http://security.debian.org/ jessie/updates/main amd64 Packages 3.16.36-1+deb8u1 0 500 http://httpredir.debian.org/debian/ jessie/main amd64 Packages *** 3.16.7-ckt25-2 0 500 http://httpredir.debian.org/debian/ jessie-updates/main amd64 Packages 100 /var/lib/dpkg/status root@f7a9763172e3:/# debsecan --format=report --suite=jessie|grep CVE-2013-4312 root@f7a9763172e3:/# In https://security-tracker.debian.org/tracker/CVE-2013-4312, I see the issue marked as fixed for jessie in version 3.16.7-ckt20-1+deb8u4, which is older than what you have installed. I’m wondering if this might have been a server-side data glitch. Can you still reproduce the issue? -- Best regards, Michael
