On Mon, Dec 13, 2004 at 06:59:32PM +0100, Moritz Muehlenhoff wrote: > Steve Langasek wrote: > >> prozilla (unfixed; bug #284117) for CAN-2004-1120 > >> Well it's not fixed, and no patch is known. Candidate for > >> removal. > > > > Tagged for removal. > But as the stable version is already vulnerable this will still leave > people with an installed exploitable version when upgrading to Sarge? Yes, this is one of the consequences of RC bugs in software we choose to no longer support, or which has a security bug that no one is willing/able to fix. This is why such packages are marked as "obsolete" by the package management tools when they're no longer available in the archive, and why it's a good idea for users of stable to examine the list of obsolete packages on their system following a major upgrade. -- Steve Langasek postmodern programmer
Attachment:
signature.asc
Description: Digital signature