Re: security issues in kfreebsd

To: Petr Salinger <Petr.Salinger@seznam.cz>
Cc: debian-bsd@lists.debian.org
Subject: Re: security issues in kfreebsd
From: Nico Golde <nico@ngolde.de>
Date: Mon, 3 Dec 2007 00:18:11 +0100
Message-id: <[🔎] 20071202231811.GA26057@ngolde.de>
In-reply-to: <Pine.LNX.4.62.0711261437110.32704@sci.felk.cvut.cz>
References: <20071126111535.GA21796@ngolde.de> <Pine.LNX.4.62.0711261437110.32704@sci.felk.cvut.cz>

Hi Petr,
sorry for the delay, I was just too busy :(

* Petr Salinger <Petr.Salinger@seznam.cz> [2007-11-26 14:44]:
> >There are a bunch of open security issues in the tracker[0]
> >which no one takes care about at the moment because there is
> >enough other stuff to do right now.
> >
> >It would be nice if someone from the debian-bsd team could
> >check them and report back. Fixes are also welcome ;-P
> 
> >[0] http://security-tracker.debian.net/tracker/source-package/kfreebsd-5
> 
> The kfreebsd-5 package is considered obsolete, in official debian
> archive it will be replaced by kfreebsd-7 after release of FreeBSD 7.0, current 
> snapshot is uploaded into experimental.
> For expected schedule see http://www.freebsd.org/releases/7.0R/schedule.html

Ok, looks good reffering to this the release will be "soon" 
:)

[...] 
> Also users of kfreebsd-5 have been warned by
> 
> ********************************************************************************
> README.Debian for kfreebsd-5
> ----------------------------
> 
> Please note that the security support may not be assured for kfreebsd-5
> until Debian GNU/kFreeBSD is an official port.
> 
> -- GNU/kFreeBSD Maintainers <debian-bsd@lists.debian.org>
> 
> ********************************************************************************
> 
> Would you prefer to upload kfreebsd-6 into official debian archive asap
> and after passing NEW on ftp-master drop kfreebsd-5 from official archive ?

It's good to see a warning there, this is really the minimum 
in such a case. It would be good to see kfreebsd-6 in the 
archive if it addresses those security issues so please go 
ahead and upload it. It would be also possible to fix all 
the remaining bugs but that looks like a fair amount of work 
compared to the -6 upload. Please mention the CVE ids which 
are fixed in your changelog to let us track them easier and 
add this version in the security tracker.
Kind regards
NIco
-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

Attachment: pgpjEpF65wa4B.pgp
Description: PGP signature

Reply to:

Prev by Date: Bug#453944: FreeBSD: CVE-2007-6150 programming error in random number generator
Next by Date: type-handling 0.2.22 MIGRATED to testing
Previous by thread: Bug#453944: FreeBSD: CVE-2007-6150 programming error in random number generator
Next by thread: type-handling 0.2.22 MIGRATED to testing
Index(es):
- Date
- Thread