Re: final report on all woody DSAs and sarge

To: vorlon@debian.org
Cc: security@debian.org, debian-release@lists.debian.org
Subject: Re: final report on all woody DSAs and sarge
From: Christian Guggenberger <christian.guggenberger@physik.uni-regensburg.de>
Date: Thu, 12 Aug 2004 10:21:28 +0200
Message-id: <[🔎] 1092298888.1767.10.camel@localhost>
Reply-to: christian.guggenberger@physik.uni-regensburg.de

>On Wed, Aug 11, 2004 at 10:42:03PM -0300, Joey Hess wrote:
>> We have now finished checking all the DSAs since woody's release, except
>> for a few that we didn't reach any conclusions on. That the following
>> DSAs seem to still be unfixed in sarge:
>
>> php4 4:4.3.8-1 needed, have 4:4.3.4-4 for DSA-531
>> netkit-telnet-ssl 0.17.24+0.1-2 needed, have 0.17.24+0.1-1 for DSA-529
>> pavuk (unfixed; bug #264684) for DSA-527
>> rlpr (unfixed; bug #255402) for DSA-524
>> lha 1.14i-8 needed, have 1.14i-2 for DSA-515
>> log2mail (unfixed; bug #264687) for DSA-513
>> mysql-dfsg 4.0.18-6 needed, have 4.0.18-5 for DSA-483
>> hsftp 1.15-1 needed, have 1.12-1 for DSA-447
>> trr19 (unfixed; bug #264702) for DSA-430
>> slocate (unfixed; bug #226103) for DSA-428
>> tomcat4 4.1.24-2 needed, have 4.0.4-4 for DSA-395
>> gtksee 0.5.6-1 needed, have 0.5.2-0.1 for DSA-337
>> tomcat4 4.1.16-1 needed, have 4.0.4-4 for DSA-225
>
>Hmm, do I understand right that the above is really the complete list of
>security fixes pending for sarge?

FYI, at least apache2 still has a pending security issue (#256963 should be reopened 
and tagged sarge, [CAN-2004-0493] and [CAN-2004-0488])
Fixed in 2.0.50-1, propagation to testing awaiting builds of 2.0.50-8 for s390 and m68k.
Maybe there are some other packages left - especially those not in woody.

 - Christian

Reply to:

Prev by Date: Re: final report on all woody DSAs and sarge
Next by Date: Re: final report on all woody DSAs and sarge
Previous by thread: Re: final report on all woody DSAs and sarge
Next by thread: Hinting pcsc*
Index(es):
- Date
- Thread