is 2.6.26-19lenny1 legit?

I don't seen any annoucement on security-announce or on security.debian.org!
Are these packages legit?

linux-headers-2.6.26-2-amd64_2.6.26-19lenny1_amd64.deb
linux-headers-2.6.26-2-common_2.6.26-19lenny1_amd64.deb
linux-libc-dev_2.6.26-19lenny1_amd64.deb
linux-image-2.6.26-2-amd64_2.6.26-19lenny1_amd64.deb

linux-image-2.6.26-2-686_2.6.26-19lenny1_i386.deb
linux-libc-dev_2.6.26-19lenny1_i386.deb


Here's the last two changelog entries I found in the amd64 deb
(linux-image-2.6.26-2-amd64_2.6.26-19lenny1_amd64.deb). I couldn't find the
changelog on packages.debian.org.


linux-2.6 (2.6.26-19lenny1) stable-security; urgency=high

  * appletalk: Fix skb leak when ipddp interface is not loaded
    (CVE-2009-2903)                                          
  * KVM: x86: Disallow hypercalls for guest callers in rings > 0
    (CVE-2009-3290)                                            
  * selinux: prevent local users from bypassing mmap_min_addr
    in unconfined domains (CVE-2009-2695)                    
  * fix information leak in llc_ui_getname (CVE-2009-3001)
  * net: fix information leak due to uninitialized structures in
    getname functions (CVE-2009-3002)                          
  * eCryptfs: Prevent lower dentry from going negative during unlink
    (CVE-2009-2908)                                                
  * net ax25: Fix signed comparison in the sockopt handler (CVE-2009-2909)
  * x86: Don't leak 64-bit kernel register values to 32-bit processes
    (CVE-2009-2910)                                                  
  * NFSv4: move iattr & verf attributes of struct nfsd4_open out of the
    union (CVE-2009-3286)                                              
  * r8169: use hardware auto padding (CVE-2009-3613)

 -- dann frazier <dannf@...>  Sat, 17 Oct 2009 10:52:13 -0600

linux-2.6 (2.6.26-19) stable; urgency=high

  [ Moritz Muehlenhoff ]
  * Input: ALPS - add signature for Toshiba Satellite Pro M10
    (Closes: #434722)                                        

  [ dann frazier ]
  * aacraid: Fix regression w/ bigmem kernel (Closes: #537771)
  * [parisc] isa-eeprom - Fix loff_t usage (CVE-2009-2846)
  * do_sigaltstack: avoid copying 'stack_t' as a structure to user space
    (CVE-2009-2847)                                                    
  * execve: must clear current->clear_child_tid (CVE-2009-2848)
  * md: avoid dereferencing NULL pointer when accessing suspend_* sysfs
    attributes (CVE-2009-2849)                                        

 -- dann frazier <dannf@...>  Tue, 18 Aug 2009 22:45:27 -0600


--
Tom Vier <nester@...>
DSA Key ID 0x15741ECE


--
To UNSUBSCRIBE, email to debian-security-REQUEST@...
with a subject of "unsubscribe". Trouble? Contact listmaster@...

On Fri, 23 Oct 2009 11:04:03 -0400, Tom Vier wrote:
yes, these updates are legitimate.  i saw some recent activity working
on the security announcement for this, but for some reason it has not
gone out yet.  maybe an oversight?

mike


--
To UNSUBSCRIBE, email to debian-security-REQUEST@...
with a subject of "unsubscribe". Trouble? Contact listmaster@...

On Fri, Oct 23, 2009 at 11:23:13AM -0400, Michael Gilbert wrote:
I sent out the DSA last night, but it appears to have been rejected
from the list. Last time this happened it was due to a non-ascii
character in the text, I'll retry in a moment.

--
dann frazier


--
To UNSUBSCRIBE, email to debian-security-REQUEST@...
with a subject of "unsubscribe". Trouble? Contact listmaster@...