[Secure-testing-team] Question about CVE-2006-1513
Francesco Poli
frx at firenze.linux.it
Sun Jul 2 17:15:07 UTC 2006
On Sun, 02 Jul 2006 16:33:29 +0200 Florian Weimer wrote:
> * Francesco Poli:
>
> > A naive question about an issue that I found on the security bug
> > tracker[1]: CVE-2006-1513[2] is listed as fixed in stable and
> > oldstable by DSA-1041-1, but is still considered unfixed in testing
> > and unstable. On the other hand the issue is fixed in
> > stable-security by version 1.3.3-3sarge1, while unstable and testing
> > still have version 1.3.3-3 (which is vulnerable).
> > Isn't it possible to just forward-port 1.3.3-3sarge1 to unstable (as
> > version 1.3.3-4) and to testing-security (as version 1.3.3-3etch1)?
>
> See this thread on debian-devel:
>
> <http://lists.debian.org/debian-devel/2006/06/msg00877.html>
>
> I believe this is the same issue.
It seems so.
I went rapidly through the whole thread: IIUC, there's a bug in dinstall
that prevents updates like this to propagate from stable-security to
unstable and testing.
I hope it can be fixed soon.
Maybe, in the meantime, it would be a good idea to upload abc2ps
1.3.3-3sarge1 to unstable (and/or to testing-security) as version
1.3.3-4, anyway...
Or am I missing something (else)?
--
:-( This Universe is buggy! Where's the Creator's BTS? ;-)
......................................................................
Francesco Poli GnuPG Key ID = DD6DFCF4
Key fingerprint = C979 F34B 27CE 5CD8 DC12 31B5 78F4 279B DD6D FCF4
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20060702/cd2e314e/attachment.pgp
More information about the Secure-testing-team
mailing list