Re: Freeze Please?
On Thu, Feb 06, 2003 at 10:30:39PM -0600, Graham Wilson wrote:
> is there an easy way (or any way, for that matter) to find out which
> security bugs affect testing?
Not that I know of. Take for example wget. There was a security
update with release 1.8.2-8; testing has 1.8.2-5. DSA-209-1. AFAICS
the version in testing is still vulnerable.
I think the first step is documenting the vulnerabilities.
The easiest way for archieving this is going thru all the DSAs,
checking the version they affect and checking the version in testing,
then checking the reported bugs and filing bugs tagged "security,
sarge" (or tagging existing ones) and setting the severity to critical.
Who wants to help?