[PKG-IRC-Maintainers] ngircd remote exploit, 2nd time...
Thijs Kinkhorst
thijs at debian.org
Fri Jan 18 10:42:47 UTC 2008
Hi Mario,
On Thu, January 17, 2008 21:49, Mario Iseli wrote:
> I got in contact with you at the end of November 2007 because of
> CVE-2007-6034 and CVE-2007-6062, the answer was that the bug isn't
> interesting enough. Now, two days ago - there was a new security bug
> (CVE-2008-0285 aka #461067). This one is remote exploitable as well. So
> - what now? Don't you find it a good idea to proceed now with an
> official security upload? I already did it for unstable and I'd have a fix
> for Etch ready too. Please get in contact with me soon, otherwise I will
> look with Andreas Barth that it will be included in the next Etch
> point-release.
If you can show me the proposed packages or debdiff I can judge if this
would be suitable for stable. If we can fix two remote crashings in one
DSA it may be worth it, if the patch is sufficiently uncomplicated.
I'm tracking this in RT # 473
thanks,
Thijs
More information about the Pkg-irc-maintainers
mailing list