[Secure-testing-team] updated poppler package
Thijs Kinkhorst
thijs at debian.org
Mon Feb 21 14:23:08 UTC 2011
Hi Mike,
On Monday 21 February 2011 02:30:25 Michael Gilbert wrote:
> I sent fixed the current poppler security issue a while back before
> squeeze was released and sent a mail, but never heard anything. I've
> just rebuilt a squeeze update. See:
> http://mentors.debian.net/pool/main/p/poppler
>
> Should this get a DSA?
Thanks for your work. I do not believe this needs a DSA because according to
Dan, "the chance of being able to exploit this for anything other
than a crash is very remote". We can roll it up when another poppler issue
comes up in the future.
I see that for sid 0.16.2 is already pending so I've sent a followup mail to
the BTS to ask for the CVE id's to be included in the changelog.
> I wonder if it would help to set up a security.debian.org bug tracker
> (similar to the release.debian.org [0]) so stuff like this doesn't get
> lost?
We already have a bug tracker, which is rt.debian.org. You may file issues
there at will. We're now just starting with the new 'front desk' rotating
schedule - one of the tasks of the front desk is to ensure issues like this
end up in RT.
Cheers,
Thijs
More information about the Secure-testing-team
mailing list