[Secure-testing-team] Security update for Debian Testing

Steffen Joeris steffen.joeris at skolelinux.de
Tue Sep 11 02:24:05 UTC 2007 

Hi

Sorry for the late response.

On Sun, 9 Sep 2007 10:03:58 am sf at sfritsch.de wrote:
> This automatic mail gives an overview over security issues that were
> recently fixed in Debian Testing. The majority of fixed packages migrates
> to testing from unstable. If this would take too long, fixed packages are
> uploaded to the testing-security repository instead. It can also happen
> that vulnerable packages are removed from Debian testing.
I would just add a short comment here:

In case the package got removed, we encourage the admin to remove the package 
as well or take other measures.


> Migrated from unstable:
> =======================
> konversation 1.0.1-4:
> CVE-2007-4400: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4400
>                http://bugs.debian.org/439837
>
> tar 1.18-2:
> CVE-2007-4131: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4131
>                http://bugs.debian.org/439335
>
> zoph 0.7.0.2-2:
> CVE-2007-3905: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3905
>                http://bugs.debian.org/435711
>
>
>
> How to update:
> --------------
> Make sure the line
>
> 	deb http://security.debian.org lenny/updates main contrib non-free

I would also add the normal line for ftp.debian.org here (maybe without 
contrib and non-free). This again makes sure that the people have both in and 
get the packages fixes from migration.

I was talking to nion last night and we were unsure about the following. The 
DTSA announcements always included some nice additional information and I 
would guess that sysadmins appreciate these information in the announcement. 
Therefore, we were wondering, if we should continue sending out DTSA 
announcements for uploads to testing-security, in addition to this mail. Of 
course, if there are strong objections, we will leave it out.

Cheers
Steffen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20070911/6d4674aa/attachment.pgp

More information about the Secure-testing-team mailing list