[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: final report on all woody DSAs and sarge

Hi Joey,

Many thanks for tackling this.

On Wed, Aug 11, 2004 at 10:42:03PM -0300, Joey Hess wrote:
> We have now finished checking all the DSAs since woody's release, except
> for a few that we didn't reach any conclusions on. That the following
> DSAs seem to still be unfixed in sarge:

> php4 4:4.3.8-1 needed, have 4:4.3.4-4 for DSA-531
> netkit-telnet-ssl 0.17.24+0.1-2 needed, have 0.17.24+0.1-1 for DSA-529
> pavuk (unfixed; bug #264684) for DSA-527
> rlpr (unfixed; bug #255402) for DSA-524
> lha 1.14i-8 needed, have 1.14i-2 for DSA-515
> log2mail (unfixed; bug #264687) for DSA-513
> mysql-dfsg 4.0.18-6 needed, have 4.0.18-5 for DSA-483
> hsftp 1.15-1 needed, have 1.12-1 for DSA-447
> trr19 (unfixed; bug #264702) for DSA-430
> slocate (unfixed; bug #226103) for DSA-428
> tomcat4 4.1.24-2 needed, have 4.0.4-4 for DSA-395
> gtksee 0.5.6-1 needed, have 0.5.2-0.1 for DSA-337
> tomcat4 4.1.16-1 needed, have 4.0.4-4 for DSA-225

Hmm, do I understand right that the above is really the complete list of
security fixes pending for sarge?

FWIW, the netkit-telnet-ssl fix should go in tomorrow.  None of the rest
of the pending ones seem to be held up by any external factors, except
for tomcat4 which has the contrib issue to contend with, and gtksee
which is tied up with libtiff (and therefore the bug will be resolved
with that transition one way or another).

Steve Langasek
postmodern programmer

Attachment: signature.asc
Description: Digital signature

Reply to: