[Secure-testing-team] Updates for testing-security track page
Francesco Poli
frx at firenze.linux.it
Mon Jun 5 22:44:17 UTC 2006
On Tue, 6 Jun 2006 00:27:24 +0200 Francesco Poli wrote:
> On Mon, 5 Jun 2006 11:30:29 +0200 Djoume SALVETTI wrote:
>
> > Thanks for your report
>
> You're welcome.
>
> BTW, since you appreciated it, here's more of the same! ;-)
And even more:
* ruby1.6 1.6.8-13 needed, have 1.6.8-12 [m68k] for CVE-2005-2337
I cannot see any evidence that the m68k arch is still out of sync w.r.t.
to this package. If I read the package migration status[1] correctly,
this vulnerability seems to be fixed in unstable and testing for all
architectures.
Wait, no!, from the build log[2], it seems that the m68k build failed!
Why doesn't the package migration status[1] say anything about this?
What's wrong?
What did I fail to understand?
[1] http://bjorn.haxx.se/debian/testing.pl?package=ruby1.6
[2]
http://buildd.debian.org/fetch.php?&pkg=ruby1.6&ver=1.6.8-13&arch=m68k&stamp=1141764930&file=log&as=raw
* runit (unfixed; bug #356016) for CVE-2006-1319
The bug report[3] claims the issue is fixed in version 1.4.1-1, which is
already superseded by version 1.5.1-1 in testing[4]. Hence, I would say
this vulnerability is fixed in both unstable and testing.
[3] http://bugs.debian.org/356016
[4] http://bjorn.haxx.se/debian/testing.pl?package=runit
--
:-( This Universe is buggy! Where's the Creator's BTS? ;-)
......................................................................
Francesco Poli GnuPG Key ID = DD6DFCF4
Key fingerprint = C979 F34B 27CE 5CD8 DC12 31B5 78F4 279B DD6D FCF4
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20060606/48c3b08a/attachment.pgp
More information about the Secure-testing-team
mailing list