[Secure-testing-team] Lenny security bug sprint
Raphael Geissert
atomo64+debian at gmail.com
Fri Nov 28 23:30:31 UTC 2008
Moritz Muehlenhoff wrote:
>
> Updated status below:
>
> cups / CVE-2008-5183
> Status needs checking
>
Will prod the maintainer
>
> flamethrower / CVE-2008-5141
> Dann has already prepared an update, but it's not been uploaded yet.
>
Already Ok'ed by RT
>
> mailscanner / CVE-2008-5140 and more mentioned in the Debian bug
> No fix yet.
>
Just requested a new CVE id, or the update of the current one with the extra
issues.
>
> msp-webserver / CVE-2008-5160
> Appears to have many quality issues, pushed for removal
>
dato wants to wait a bit before removing
>
> nagios3 / CVE-2008-5028
> Maintainer wanted to have had it ready by last friday, needs prodding.
>
Maintainer sent mail to -release asking for approval of new upstream version
properly fixing the bug.
>
> smarty CVE-2008-4810 / CVE-2008-4811
> -4810 is about the original bug, -4811 is about the incomplete fix for all
> the attack vectors. Raphael will ask on oss list.
>
am I?
will see who needs to be prodded, but I don't think it will be on oss list.
Cheers,
--
Raphael Geissert - Debian Maintainer
www.debian.org - get.debian.net
More information about the Secure-testing-team
mailing list