On Thu, Aug 12, 2004 at 10:21:28AM +0200, Christian Guggenberger wrote: > >On Wed, Aug 11, 2004 at 10:42:03PM -0300, Joey Hess wrote: > >> We have now finished checking all the DSAs since woody's release, except > >> for a few that we didn't reach any conclusions on. That the following > >> DSAs seem to still be unfixed in sarge: > >> php4 4:4.3.8-1 needed, have 4:4.3.4-4 for DSA-531 > >> netkit-telnet-ssl 0.17.24+0.1-2 needed, have 0.17.24+0.1-1 for DSA-529 > >> pavuk (unfixed; bug #264684) for DSA-527 > >> rlpr (unfixed; bug #255402) for DSA-524 > >> lha 1.14i-8 needed, have 1.14i-2 for DSA-515 > >> log2mail (unfixed; bug #264687) for DSA-513 > >> mysql-dfsg 4.0.18-6 needed, have 4.0.18-5 for DSA-483 > >> hsftp 1.15-1 needed, have 1.12-1 for DSA-447 > >> trr19 (unfixed; bug #264702) for DSA-430 > >> slocate (unfixed; bug #226103) for DSA-428 > >> tomcat4 4.1.24-2 needed, have 4.0.4-4 for DSA-395 > >> gtksee 0.5.6-1 needed, have 0.5.2-0.1 for DSA-337 > >> tomcat4 4.1.16-1 needed, have 4.0.4-4 for DSA-225 Of these, the following packages have now been updated in testing: php4 4:4.3.8-9 netkit-telnet-ssl 0.17.24+0.1-2 lha 1.14i-9 mysql-dfsg 4.0.20-11 hsftp 1.15-1 tomcat4 4.1.30-6 gtksee 0.5.6-1 trr19 1.0beta5-17.1 Of the remainder: pavuk 0.9pl28-3 includes the fix for DSA-527, but there is another security bug affecting this package (same bug #). Hinting this for removal from sarge. rlpr - hinting for removal. log2mail - fixed in 0.2.8-3, but this package was uploaded with urgency=low so is still 7 days out from testing. :P slocate - hinting for removal. > FYI, at least apache2 still has a pending security issue (#256963 should be reopened > and tagged sarge, [CAN-2004-0493] and [CAN-2004-0488]) > Fixed in 2.0.50-1, propagation to testing awaiting builds of 2.0.50-8 for s390 and m68k. > Maybe there are some other packages left - especially those not in woody. apache2 2.0.50-12 is also in testing now. Thanks, -- Steve Langasek postmodern programmer
Attachment:
signature.asc
Description: Digital signature