[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Security in sarge

Joey Hess wrote:
> Martin Schulze wrote:
> > ruby 1.8.1+1.8.2pre1-4 needed, have 1.8.1-8 for DSA-537
> This is fixed in ruby1.8 in testing; ruby itself is a dependency package.
> I don't know if ruby1.7 was/is vulnetable, do you?

I don't know.

> > CAN-2004-0818: star: local root exploit
> I can't track this one as the CAN is reserved and unreleased.

Jörg is said to have released a new upstream version.

> > CAN-2004-0749: svn, done in 1.0.8-1
> This is an unreleased CAN, according to mitre. I'll pretend you have not
> mentioned it. ;-)

Hmm.  This was supposed to be disclosed on September 22nd and I
thought it was this year...



The only stupid question is the unasked one.

Reply to: