It's clear that it's important to fix the brk vulnerability. It is intended to release sarge with a 2.4 kernel as the default, I believe.
Therefore, it is imperative that there be a 2.4 kernel in sarge which has the brk vulnerability patched. Currently, none of the 2.4 kernels in sarge or sid have it fixed, apparently. Could one of the Debian kernel maintainers please confirm that there are plans to have either 2.4.23, or a patched version of 2.4.22, available in sid as soon as possible? Or, if there aren't such plans.... -- Nathanael Nerode <neroden at gcc.gnu.org> http://home.twcny.rr.com/nerode/neroden/fdl.html
