status of getting security fixes into sarge

To: debian-release@lists.debian.org
Cc: secure-testing-team@lists.alioth.debian.org
Subject: status of getting security fixes into sarge
From: Joey Hess <joeyh@debian.org>
Date: Thu, 9 Dec 2004 16:20:12 -0500
Message-id: <[🔎] 20041209212012.GA3607@kitenet.net>
Mail-followup-to: debian-release@lists.debian.org, secure-testing-team@lists.alioth.debian.org

Some NMUing has been done lately on some of the older security holes in
sarge. Here are the ones the testing security team is currently tracking
that are fixed in unstable but don't yet have a fix in sarge, plus a few
others of interest:

opendchub 0.7.14-1.1 needed, have 0.7.14-1 for CAN-2004-1127
	Will go in in a few days.
prozilla (unfixed; bug #284117) for CAN-2004-1120
	Well it's not fixed, and no patch is known. Candidate for
	removal.
mtink 1.0.5 needed, have 1.0.1-2 for CAN-2004-1110
	Goes in today.
ppp 2.4.2+20040428-3 needed, have 2.4.2+20040428-2 for CAN-2004-1002
	Frozen, same as in last report, see maintainer's comments IIRC.
cscope 15.5-1.1 needed, have 15.5-1 for CAN-2004-0996
	Should go in RSN.
mailutils 1:0.5-4 needed, have 1:0.5-3 for CAN-2004-0984
	Blocked for over 1 month by missing s390 builds now.
perl 5.8.4-4 needed, have 5.8.4-3 for CAN-2004-0976
	Still missing mipsel build, should probably be re-queued or
	uploaded manually.
libc6 2.3.2.ds1-19 needed, have 2.3.2.ds1-18 for CAN-2004-0968
	Missing some builds and new RC bug, probably not yet ready for
	testing. Pity the security fix was bundled with other changes..
kernel-source-2.4.27 2.4.27-6 needed, have 2.4.27-5 for CAN-2004-0814
	Too young and buggy.
kernel-image-2.4.27-i386 2.4.27-6 needed, have 2.4.27-2 for CAN-2004-0814
	Too young and buggy.
cyrus21-imapd 2.1.17-1 needed, have 2.1.16-10 for DSA-597-1
	Still blocked by perl.
kaffeine 0.4.3.1-3 needed, have 0.4.3-1 for CAN-2004-1034
kdelibs 4:3.2.3-3.sarge.1 needed, have 4:3.2.3-2 for CAN-2004-0746
konqueror 4:3.2.3-1.sarge.1 needed, have 4:3.2.2-1 for CAN-2004-0721
kdelibs 4:3.2.3-3.sarge.1 needed, have 4:3.2.3-2 for CAN-2004-0721
kdelibs 4:3.2.3-3.sarge.1 needed, have 4:3.2.3-2 for CAN-2004-0690
koffice 1:1.3.4-1 needed, have 1:1.3.2-1.sarge.1 for CAN-2004-0888
kpdf 4:3.3.1-1 needed, have 4:3.2.3-1.1 for DSA-573-1
kfax 4:3.3.1-1 needed, have 4:3.2.3-1.1 for DSA-573-1
kdelibs 4:3.2.3-3.sarge.1 needed, have 4:3.2.3-2 for DSA-539
	All of these are the same old same old KDE issue I'm afraid.
	So half of sarge's unfixed security holes are now in kde. :-(

-- 
see shy jo

Attachment: signature.asc
Description: Digital signature

Reply to:

Follow-Ups:
- Re: status of getting security fixes into sarge
  - From: Martin Schulze <joey@infodrom.org>
- Re: status of getting security fixes into sarge
  - From: Steve Langasek <vorlon@debian.org>
- Re: status of getting security fixes into sarge
  - From: Moritz Muehlenhoff <jmm@inutil.org>

Prev by Date: Re: Bug#279472: full transition to libcurl3
Next by Date: Re: full transition to libcurl3
Previous by thread: gentoo-user-de@lists.gentoo.org is a subscribers only list
Next by thread: Re: status of getting security fixes into sarge
Index(es):
- Date
- Thread