[Secure-testing-team] Lenny security bug sprint

Raphael Geissert atomo64+debian at gmail.com
Fri Nov 28 23:30:31 UTC 2008


Moritz Muehlenhoff wrote:
>  
> Updated status below:
> 
> cups / CVE-2008-5183
>   Status needs checking
> 

Will prod the maintainer

> 
> flamethrower / CVE-2008-5141
>   Dann has already prepared an update, but it's not been uploaded yet.
> 

Already Ok'ed by RT

> 
> mailscanner / CVE-2008-5140 and more mentioned in the Debian bug
>   No fix yet.
> 

Just requested a new CVE id, or the update of the current one with the extra
issues.

> 
> msp-webserver / CVE-2008-5160
>   Appears to have many quality issues, pushed for removal
> 

dato wants to wait a bit before removing

> 
> nagios3 / CVE-2008-5028
>   Maintainer wanted to have had it ready by last friday, needs prodding.
> 

Maintainer sent mail to -release asking for approval of new upstream version
properly fixing the bug.

> 
> smarty CVE-2008-4810 / CVE-2008-4811
>   -4810 is about the original bug, -4811 is about the incomplete fix for all
>   the attack vectors. Raphael will ask on oss list.
> 

am I?
will see who needs to be prodded, but I don't think it will be on oss list.

Cheers,
-- 
Raphael Geissert - Debian Maintainer
www.debian.org - get.debian.net





More information about the Secure-testing-team mailing list