[Tails-dev] Linux CVE-2014-3153 and Tails 1.0.1

このメッセージを削除

このメッセージに返信
著者: intrigeri
日付:  
To: tails-dev
題目: [Tails-dev] Linux CVE-2014-3153 and Tails 1.0.1
Hi,

our stable branch, on which 1.0.1 will be based, still installs a 3.12
kernel we had imported a while ago. I think we should really fix the
last serious issue (CVE-2014-3153) that was unembargoed yesterday, in
1.0.1.

I see two options:

  a) find a set of backported patches and build our own 3.12 kernel,
     for once (note that for different kernel versions, the fixes are
     subtly different, from what I've read on oss-security, so this
     might not be trivial)


  b) upgrade to current sid's kernel (the one we would have shipped
     in 1.1 if it hadn't been postponed)


I'm in favor of (b): even if it's a bit risky, it feels less risky
than trying to adapt security fixes on a kernel they weren't
meant for.

What do others, and especially the release manager, think?

Cheers,
--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc