Re: phpMyAdmin : security-related version not yet packaged?
On Mon, Nov 22, 2004 at 01:10:48PM +0100, Christophe Chisogne wrote:
> There's a new version of phpMyAdmin [1] which is security related [2].
> It seems not yet packaged [3], and I see nothing in Changelog [4]
> or in the bts [5]. But it's very new (2004-11-18).
>
> What should I do as Debian user in that case ?
> - mail maintainer?
> - fill a bug report? (tags wishlist? grave because security related?)
Severity grave, it's a security hole, and add the tag 'security'. This
will ensure attention of the maintainer (who gets all bugs), the
security team (who monitors all bugs tagged security), and a whole bunch
of Debian Developers watching all release-critical bugs.
Filing a bug is the best way to ensure the quickest response. Note that
bugs are public, so this is only applicable in the event of disclosed
security issues.
If you provide information like whether woody is affected or not, that's
of course always appreciated.
> - wait a week or two?
This would very likely also work, but it's IMHO better to play it safe,
just in case this issue has slipped the attention of the maintainer
(unlikely in this case).
> - find other way to know if someone's working on it?
If there is a bug, one can look at the buglog to see the status.
> Christophe
--Jeroen
--
Jeroen van Wolffelaar
Jeroen@wolffelaar.nl (also for Jabber & MSN; ICQ: 33944357)
http://Jeroen.A-Eskwadraat.nl
Reply to: