[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: status of getting security fixes into sarge

On Mon, Dec 13, 2004 at 06:59:32PM +0100, Moritz Muehlenhoff wrote:
> Steve Langasek wrote:
> >> prozilla (unfixed; bug #284117) for CAN-2004-1120
> >> 	Well it's not fixed, and no patch is known. Candidate for
> >> 	removal.
> >
> > Tagged for removal.

> But as the stable version is already vulnerable this will still leave
> people with an installed exploitable version when upgrading to Sarge?

Yes, this is one of the consequences of RC bugs in software we choose to no
longer support, or which has a security bug that no one is willing/able to
fix.  This is why such packages are marked as "obsolete" by the package
management tools when they're no longer available in the archive, and why
it's a good idea for users of stable to examine the list of obsolete
packages on their system following a major upgrade.

Steve Langasek
postmodern programmer

Attachment: signature.asc
Description: Digital signature

Reply to: