Some NMUing has been done lately on some of the older security holes in sarge. Here are the ones the testing security team is currently tracking that are fixed in unstable but don't yet have a fix in sarge, plus a few others of interest: opendchub 0.7.14-1.1 needed, have 0.7.14-1 for CAN-2004-1127 Will go in in a few days. prozilla (unfixed; bug #284117) for CAN-2004-1120 Well it's not fixed, and no patch is known. Candidate for removal. mtink 1.0.5 needed, have 1.0.1-2 for CAN-2004-1110 Goes in today. ppp 2.4.2+20040428-3 needed, have 2.4.2+20040428-2 for CAN-2004-1002 Frozen, same as in last report, see maintainer's comments IIRC. cscope 15.5-1.1 needed, have 15.5-1 for CAN-2004-0996 Should go in RSN. mailutils 1:0.5-4 needed, have 1:0.5-3 for CAN-2004-0984 Blocked for over 1 month by missing s390 builds now. perl 5.8.4-4 needed, have 5.8.4-3 for CAN-2004-0976 Still missing mipsel build, should probably be re-queued or uploaded manually. libc6 2.3.2.ds1-19 needed, have 2.3.2.ds1-18 for CAN-2004-0968 Missing some builds and new RC bug, probably not yet ready for testing. Pity the security fix was bundled with other changes.. kernel-source-2.4.27 2.4.27-6 needed, have 2.4.27-5 for CAN-2004-0814 Too young and buggy. kernel-image-2.4.27-i386 2.4.27-6 needed, have 2.4.27-2 for CAN-2004-0814 Too young and buggy. cyrus21-imapd 2.1.17-1 needed, have 2.1.16-10 for DSA-597-1 Still blocked by perl. kaffeine 0.4.3.1-3 needed, have 0.4.3-1 for CAN-2004-1034 kdelibs 4:3.2.3-3.sarge.1 needed, have 4:3.2.3-2 for CAN-2004-0746 konqueror 4:3.2.3-1.sarge.1 needed, have 4:3.2.2-1 for CAN-2004-0721 kdelibs 4:3.2.3-3.sarge.1 needed, have 4:3.2.3-2 for CAN-2004-0721 kdelibs 4:3.2.3-3.sarge.1 needed, have 4:3.2.3-2 for CAN-2004-0690 koffice 1:1.3.4-1 needed, have 1:1.3.2-1.sarge.1 for CAN-2004-0888 kpdf 4:3.3.1-1 needed, have 4:3.2.3-1.1 for DSA-573-1 kfax 4:3.3.1-1 needed, have 4:3.2.3-1.1 for DSA-573-1 kdelibs 4:3.2.3-3.sarge.1 needed, have 4:3.2.3-2 for DSA-539 All of these are the same old same old KDE issue I'm afraid. So half of sarge's unfixed security holes are now in kde. :-( -- see shy jo
Attachment:
signature.asc
Description: Digital signature