Re: Security in sarge

To: debian-release@lists.debian.org, mdz@debian.org, security@debian.org
Subject: Re: Security in sarge
From: tsr@achos.com (Tobias Stefan Richter)
Date: Tue, 28 Sep 2004 17:12:15 +0200
Message-id: <20040928151215.A2E0E6B063@cave.achos.com>
In-reply-to: <20040928011037.GI28117@mauritius.dodds.net>
References: <20040926120030.GA838@kyllikki.infodrom.north.de>

>> > pavuk (unfixed; bug #264684) for DSA-527
>
>> pavuk 0.9pl28-3 fixed that. #264684 is left open only for the other
>> security hole mentioned there. We might need a DSA for that hole..
>> I'm not explicitly tracking it since it already has an RC bug.
>
> Package is in a weird state in the archive (binaries but no sources);
> requires an ftpmaster to look at it, preferably for removal from sarge.
>
[...]
>> rlpr (unfixed; bug #255402) for DSA-524
>
> rlpr is in the same state as pavuk above.

I didn't look into pavuk, but rlpr has as far as I see no weird state.
The latest Debian version is from the above DSA (2.02-7woody1), which 
could savely be included in sarge. Upstream has 2.05, though.
I would not like to see it removed.

Thanks,
Tobias

Reply to:

Follow-Ups:
- Re: Security in sarge
  - From: Steve Langasek <vorlon@debian.org>

References:
- Re: Security in sarge
  - From: Steve Langasek <vorlon@debian.org>

Prev by Date: Re: Bug#273806: Please remove unrar from testing
Next by Date: status of non-US
Previous by thread: Re: Security in sarge
Next by thread: Re: Security in sarge
Index(es):
- Date
- Thread