Hi Joey, Many thanks for tackling this. On Wed, Aug 11, 2004 at 10:42:03PM -0300, Joey Hess wrote: > We have now finished checking all the DSAs since woody's release, except > for a few that we didn't reach any conclusions on. That the following > DSAs seem to still be unfixed in sarge: > php4 4:4.3.8-1 needed, have 4:4.3.4-4 for DSA-531 > netkit-telnet-ssl 0.17.24+0.1-2 needed, have 0.17.24+0.1-1 for DSA-529 > pavuk (unfixed; bug #264684) for DSA-527 > rlpr (unfixed; bug #255402) for DSA-524 > lha 1.14i-8 needed, have 1.14i-2 for DSA-515 > log2mail (unfixed; bug #264687) for DSA-513 > mysql-dfsg 4.0.18-6 needed, have 4.0.18-5 for DSA-483 > hsftp 1.15-1 needed, have 1.12-1 for DSA-447 > trr19 (unfixed; bug #264702) for DSA-430 > slocate (unfixed; bug #226103) for DSA-428 > tomcat4 4.1.24-2 needed, have 4.0.4-4 for DSA-395 > gtksee 0.5.6-1 needed, have 0.5.2-0.1 for DSA-337 > tomcat4 4.1.16-1 needed, have 4.0.4-4 for DSA-225 Hmm, do I understand right that the above is really the complete list of security fixes pending for sarge? FWIW, the netkit-telnet-ssl fix should go in tomorrow. None of the rest of the pending ones seem to be held up by any external factors, except for tomcat4 which has the contrib issue to contend with, and gtksee which is tied up with libtiff (and therefore the bug will be resolved with that transition one way or another). -- Steve Langasek postmodern programmer
Attachment:
signature.asc
Description: Digital signature