Fixed IOS datestamps?

Steve Rude writes:

Quick question, I'm not sure if this is applicable, but I am having some
confusion of what versions of code to upgrade to, and a call to the TAC
didn't help. All apologies if this is off topic at all.

We are currently running 12.2(8)T5 on several of our 2600 series routers
and according to the advisory, we should upgrade to 12.2(8)T10 to get
the fix. I downloaded 12.2(8)T10, and the date is June 16th. ?? What
gives, that seems really old for a rebuild.

The same thing with 12.2(15)T5, the date is June 25th. Am I downloading
the right code?

I don't want to reboot every router on our network 2 times.

Please keep in mind that the releases shown in the software table of a
Cisco Security Advisory are the first fixed releases for a train.

They are _NOT_ necessarily recommended releases for your situation. To
get a recommendation, you need to talk to the TAC or your support team.

The purpose of the first fixed release table is to help you determine if
you are running a vulnerable release. If you happen to be running an
old rebuild that's shown in that table, then you're not vulnerable.

If you happen to be running an old rebuild that's _newer_ than the one
in the same train shown in that table, you're still not vulnerable.

Feel free to ask the TAC for a later release than those shown in the FFR
table. They or your support team are much better able to help you find
the best release for your situation. The advisory can't possibly do
that; all it can tell you is if you are vulnerable or not.

Hope this helps. I know it's a confusing issue.

Disclaimer: I'm not a member of the PSIRT team anymore, nor do I work in
the TAC. I only a former PSIRT member trying to lessen the load on the
TAC and the Cisco PSIRT.