Re: Security in sarge
Joey Hess wrote:
> Martin Schulze wrote:
> > ruby 1.8.1+1.8.2pre1-4 needed, have 1.8.1-8 for DSA-537
>
> This is fixed in ruby1.8 in testing; ruby itself is a dependency package.
> I don't know if ruby1.7 was/is vulnetable, do you?
I don't know.
> > CAN-2004-0818: star: local root exploit
>
> I can't track this one as the CAN is reserved and unreleased.
Jörg is said to have released a new upstream version.
> > CAN-2004-0749: svn, done in 1.0.8-1
>
> This is an unreleased CAN, according to mitre. I'll pretend you have not
> mentioned it. ;-)
Hmm. This was supposed to be disclosed on September 22nd and I
thought it was this year...
Regards,
Joey
--
The only stupid question is the unasked one.
Reply to: