Re: smokeping DLA test

To: debian-lts@lists.debian.org
Cc: Antoine Beaupré <anarcat@debian.org>
Subject: Re: smokeping DLA test
From: Niko Tyni <ntyni@debian.org>
Date: Thu, 26 Nov 2015 14:57:09 +0200
Message-id: <[🔎] 20151126125709.GA3942@estella.local.invalid>
In-reply-to: <[🔎] 871tbeasxn.fsf@marcos.anarc.at>
References: <[🔎] 871tbeasxn.fsf@marcos.anarc.at>

[cc'ing you just in case you aren't subscribed]

On Wed, Nov 25, 2015 at 12:29:40PM -0500, Antoine Beaupré wrote:
 
> this is my first DLA, so i want to make sure i am doing this
> right... Already i am worried i have skipped a step because i have
> already reserved DLA-348-1 in the security tracker for this... But i
> feel this is not so much of a problem as I haven't sent the advisory
> just yet.
> 
> The DLA covers an old security issue that was never fixed in squeeze,
> but also a new security issue that was just pushed to security-master
> for wheezy and jessie today.

Hi, the new security issue is clearly CVE-2015-0859, but the squeeze
version of smokeping isn't vulnerable AFAICS?

It doesn't have the 'shift @ARGV' thing in the CGI script, that was
introduced in 2.6.5-1 (so between squeeze and wheezy) and I can't see
it using command line arguments for anything else either...
-- 
Niko Tyni   ntyni@debian.org

Reply to:

Follow-Ups:
- Re: smokeping DLA test
  - From: Antoine Beaupré <anarcat@debian.org>

References:
- smokeping DLA test
  - From: Antoine Beaupré <anarcat@debian.org>

Prev by Date: Re: Packages with issues against mysql-5.5 and dbconfig-common (was: Testing mysql-5.5 on squeeze)
Next by Date: Re: [Python-modules-team] squeeze update of python-django?
Previous by thread: Re: smokeping DLA test
Next by thread: Re: smokeping DLA test
Index(es):
- Date
- Thread