On 2024-05-15 at 03:05, Hans wrote: > Dear developers, As usual, most of us here are not Debian developers, even if some of us may be software developers. > in April 2024 the security hole CVE-2023-6546 was discovered in linux-image, and I believe, it > is fixed in kernel 6.1.0 (from debian/stable) as soon after this a new kernel was released. > > However, there is no new kernel 6.5.0-*-bpo released at that time, so my question: > > Does anyone know, if this fix was also integrated in kernel 6.5.0-*.bpo ? I don't have a definitive answer, but you might look at: https://security-tracker.debian.org/tracker/CVE-2023-6546 The only place it mentions 6.5 is in the Notes section, where it mentions 6.5-rc7 (with a kernel.org link) in the context of a statement that the Linux kernel in Debian buster does not include the vulnerable code. I would therefore suspect that any 6.5.x kernel probably was not affected by this vulnerability to begin with. -- The Wanderer The reasonable man adapts himself to the world; the unreasonable one persists in trying to adapt the world to himself. Therefore all progress depends on the unreasonable man. -- George Bernard Shaw
Attachment:
signature.asc
Description: OpenPGP digital signature