On Mon, Jun 06, 2005 at 09:31:05PM -0400, George Georgalis wrote: > >This was the changelog.Debian.gz entry for the last bzip2 update: > >bzip2 (1.0.2-1.woody2) stable-security; urgency=high > > * Non-maintainer upload by the Security Team > * No changes rebuild because maintainer prevented distribution of > security fix, thanks a lot! > >The only useful information I see threre is "urgency=high" -- but no >clear explinaton. Was this just an incomplete log? The maintainer did >not respond to my inquiry. Is there a CAN? Is there a better file to >extract specific info from? > >I can read; but the second point is ambigous, the first point doesn't >help, nor does the urgency level. So what exactly happened? I uploaded bzip2 1.0.2-1.1 to stable which clashed with Martin Schulze's plan. 1.0.2-1.woody2 is the same as 1.0.2-1.1. bzip2 (1.0.2-1.1) stable; urgency=medium . * Fixed RC bug "file permissions modification race (CAN-2005-0953)", closes: #303300. Patch by Santiago Ruano Rincon <santiago@unicauca.edu.co>. Original patch available at http://marc.theaimsgroup.com/?l=bugtraq&m=111352423504277&w=2 I submitted 1.0.2-1.woody3 and Martin included in the last release of woody. bzip2 (1.0.2-1.woody3) stable-security; urgency=high . * Fixed "CAN-2005-1260 decompression bomb vulnerability", closes: #310803. Patch by Martin Pitt <martin.pitt@ubuntu.com>. Regards, Anibal Monsalve Salazar -- .''`. Debian GNU/Linux : :' : Free Operating System `. `' http://debian.org/ `- http://v7w.com/anibal
Attachment:
signature.asc
Description: Digital signature