Re: report on current state of sarge security

To: debian-release@lists.debian.org, secure-testing-team@lists.alioth.debian.org
Subject: Re: report on current state of sarge security
From: Frank Lichtenheld <djpig@debian.org>
Date: Wed, 24 Nov 2004 17:55:50 +0100
Message-id: <[🔎] 20041124165550.GM26386@djpig.de>
Mail-followup-to: debian-release@lists.debian.org, secure-testing-team@lists.alioth.debian.org
In-reply-to: <[🔎] 20041123201517.GA21860@kitenet.net>
References: <[🔎] 20041123201517.GA21860@kitenet.net>

On Tue, Nov 23, 2004 at 03:15:17PM -0500, Joey Hess wrote:
> Over the past couple of weeks the testing security team has reviewed all
> CAN and CVE entries announced since the release of woody, to check which
> of these security holes are still present in sarge. Adding this to the
> earlier work to review DSAs, we now have a pretty good picture of
> unfixed security holes in sarge, and can be reasonably sure that there
> are no old forgotten security holes that never got a fix into sarge. Although
> it's always possible we missed some or made mistakes, and we still have 50
> or so items marked TODO or HELP.
> 
> We checked about 2700 items, of these about 600 had affected Debian at
> some point, and 26 remain unfixed in sarge:

I will take care of the NMU candidates at the BSP weekend if not fixed
until then.

Gruesse,
-- 
Frank Lichtenheld <djpig@debian.org>
www: http://www.djpig.de/

Reply to:

References:
- report on current state of sarge security
  - From: Joey Hess <joeyh@debian.org>

Prev by Date: Re: report on current state of sarge security
Next by Date: libpqxx testing migration
Previous by thread: Re: report on current state of sarge security
Next by thread: Re: report on current state of sarge security
Index(es):
- Date
- Thread