|as of “Sat Oct 20 15:05:37 2001” UTC/GMT, there are packages in incoming.debian.org with kernel and potato in the name, so these should be coming out (possibly today as they look to have just been uploaded this morning, US time).
the package changelogs refer to kernel-source 22.214.171.124, which is also in incoming and its changelog http://incoming.debian.org/kernel-source-2.2.19_126.96.36.199-1_i386.changes mentions the patches to the two exploits. so these debs should take care of all our problems.
remember, afaik, that these are local exploits, so don’t get in a frenzy or panic about your personal machine at home which only you use (with only one user account besides root; you do have TWO accounts don’t you, and you don’t use root as your primary login, RIGHT? ;-), but just apt-get these packages from your nearest debian mirror at your earliest convenience. now, for admins with users on linux boxes, remote or local shell access, you have back-ups and auditing, RIGHT? 😉