Re: final report on all woody DSAs and sarge
>On Wed, Aug 11, 2004 at 10:42:03PM -0300, Joey Hess wrote:
>> We have now finished checking all the DSAs since woody's release, except
>> for a few that we didn't reach any conclusions on. That the following
>> DSAs seem to still be unfixed in sarge:
>> php4 4:4.3.8-1 needed, have 4:4.3.4-4 for DSA-531
>> netkit-telnet-ssl 0.17.24+0.1-2 needed, have 0.17.24+0.1-1 for DSA-529
>> pavuk (unfixed; bug #264684) for DSA-527
>> rlpr (unfixed; bug #255402) for DSA-524
>> lha 1.14i-8 needed, have 1.14i-2 for DSA-515
>> log2mail (unfixed; bug #264687) for DSA-513
>> mysql-dfsg 4.0.18-6 needed, have 4.0.18-5 for DSA-483
>> hsftp 1.15-1 needed, have 1.12-1 for DSA-447
>> trr19 (unfixed; bug #264702) for DSA-430
>> slocate (unfixed; bug #226103) for DSA-428
>> tomcat4 4.1.24-2 needed, have 4.0.4-4 for DSA-395
>> gtksee 0.5.6-1 needed, have 0.5.2-0.1 for DSA-337
>> tomcat4 4.1.16-1 needed, have 4.0.4-4 for DSA-225
>Hmm, do I understand right that the above is really the complete list of
>security fixes pending for sarge?
FYI, at least apache2 still has a pending security issue (#256963 should be reopened
and tagged sarge, [CAN-2004-0493] and [CAN-2004-0488])
Fixed in 2.0.50-1, propagation to testing awaiting builds of 2.0.50-8 for s390 and m68k.
Maybe there are some other packages left - especially those not in woody.