Hi everybody,
just curious: any particular reason why we didn't see a backport any sooner of the integer overflow in the brk system call (see recent announcement by Wichert Akkerman: http://lists.debian.org/debian-security-announce/debian-security-announce-2003/msg00212.html) like we did with the ptrace issue some time back?
Wasn't it (the brk vuln) considered to be threatening enough to justify a quick fix, or was it because the fix by Andrew Morton didn't say (kerne changelog) enough about the potential seriousness of the vuln, or?
-- B/R, Frederik Dannemare
