[Secure-testing-team] what else needs a DTSA right now?
Steve Langasek
vorlon at debian.org
Tue Aug 30 20:53:13 UTC 2005
On Tue, Aug 30, 2005 at 10:09:16AM -0400, Joey Hess wrote:
> Can anyone suggest any more good candidates for DTSAs in the list of
> unfixed holes in testing? I've been trying to cover all the remote
> exploits and bad local exploits and aside from updating the kernel and
> mozilla thunderbird (which I can't get to build), I don't see many
> other obvious candidates of that nature.
> I also looked at these:
> - zlib: too young in unstable, would rather not add new upstreams of
> core libs to the repo until we know what can go wrong
There's zlib1g/1:1.2.2-4.sarge.2 in t-p-u on spohr for 10 of 11
architectures; getting the s390 binaries accepted requires ftp-master
intervention because a race condition was hit with the upload, but once
that's done, we can push the same DSA binaries directly into testing...
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
vorlon at debian.org http://www.debian.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20050830/c56343d7/attachment.pgp
More information about the Secure-testing-team
mailing list