[Secure-testing-team] Re: <package> Buffer Overflow

[Neil McGovern]

> > This is just a heads up and of course not publicly disclosed yet. I intend 
> > to make a X.XX.X release really soon and publish that for when this flaw 
> > gets announced. 
[snip]
> 
> thank you. i will wait for you to publish X.XX.X.
> 
> currently, the affected version in debian are only in unstable and
> testing. the unstable version will be upgraded as soon as you publish
> X.XX.X, the testing version is not subject to strict security support.
> 
> i CCed the debian testing security group to let them correct me if
> i'm wrong.
> 

Well, the testing version *is* subject to security support, as we do it
:)

However, we only deal with publically announced security issues. An
upload to unstable with a high urgency will ensure it gets pushed into
testing asap, and if it's stalled by anything, we'll release a DTSA.

As an aside, I've censored this mail, and asked for the original to be
removed from the archives. This email address is a public list, so isn't
suitable for undisclosed problems. The correct address for that is
team at security.debian.org

Regards,
Neil McGovern
-- 
A. Because it breaks the logical sequence of discussion
Q. Why is top posting bad?
gpg key - http://www.halon.org.uk/pubkey.txt ; the.earth.li B345BDD3
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20060313/0312c68a/attachment.pgp