[Pkg-trac-devel] Security updates for CVE-2008-{2951,3328}
Nico Golde
nico at ngolde.de
Sat Aug 9 19:18:38 UTC 2008
Hi Roberto,
* Roberto C. Sánchez <roberto at connexer.com> [2008-08-09 18:57]:
> I am using trac on Etch on one of my servers. I was recently alerted by
> one of my users to these two CVEs:
>
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2951
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3328
>
> I notice that last update to trac in Etch has a changelog entry dated
> May 21, 2008. Is an updated being prepared for these two CVEs? Should
> I file a bug against the package (there is currently no bug filed)?
There is no bug filed because at the time those issue were
handled this was already fixed in unstable. They are tracked
via:
http://security-tracker.debian.net/tracker/CVE-2008-2951
http://security-tracker.debian.net/tracker/CVE-2008-3328
Feel free to open an additional bug for stable.
Given the impact of the issues I am not sure if they warrant
a DSA. However I think if you are going to prepare an update
this will be happily handled.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-trac-devel/attachments/20080809/ac5dce03/attachment.pgp
More information about the Pkg-trac-devel
mailing list