[Secure-testing-team] r-base upload
Thijs Kinkhorst
thijs at debian.org
Tue Nov 4 08:57:06 UTC 2008
Hi Stefan,
On Tue, November 4, 2008 09:14, Stefan Fritsch wrote:
> Hi Thijs,
>
>
> from the announcement mail:
>
>> Migrated from unstable:
>> =======================
>>
>
>> r-base 2.7.1-1+lenny1: DTSA-162-1 : r-base - symlink attack
>> CVE-2008-3931:
>>
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3931
>
>> http://bugs.debian.org/496418
>>
>
> Something is strange here (and I want to improve the announcement
> script). AFAICS you did a t-p-u upload for r-base. Was this the same
> package as the one from the DTSA?
>
> Strangely, there is no r-base package for lenny on klecker anymore.
> Was it removed manually? Or do the packages get removed from klecker
> automatically when they are accepted in t-p-u?
I upload my own build of the package to t-p-u. I did this because the bug
was fixed in sid but could not migrate. I looked for a DTSA but couldn't
find any (didn't look in the ML, but in the archives). I'm not sure when
and why it disappeared.
cheers,
Thijs
More information about the Secure-testing-team
mailing list