Re: Security in sarge

To: Debianos Releasis <debian-release@lists.debian.org>, security@debian.org
Subject: Re: Security in sarge
From: Martin Schulze <joey@infodrom.org>
Date: Tue, 28 Sep 2004 10:04:22 +0200
Message-id: <20040928080422.GN15510@finlandia.infodrom.north.de>
In-reply-to: <20040928004113.GD12464@kitenet.net>
References: <20040926120030.GA838@kyllikki.infodrom.north.de> <20040928004113.GD12464@kitenet.net>

Joey Hess wrote:
> Martin Schulze wrote:
> > ruby 1.8.1+1.8.2pre1-4 needed, have 1.8.1-8 for DSA-537
> 
> This is fixed in ruby1.8 in testing; ruby itself is a dependency package.
> I don't know if ruby1.7 was/is vulnetable, do you?

I don't know.

> > CAN-2004-0818: star: local root exploit
> 
> I can't track this one as the CAN is reserved and unreleased.

Jörg is said to have released a new upstream version.

> > CAN-2004-0749: svn, done in 1.0.8-1
> 
> This is an unreleased CAN, according to mitre. I'll pretend you have not
> mentioned it. ;-)

Hmm.  This was supposed to be disclosed on September 22nd and I
thought it was this year...

Regards,

	Joey

-- 
The only stupid question is the unasked one.

Reply to:

References:
- Re: Security in sarge
  - From: Joey Hess <joeyh@debian.org>

Prev by Date: Re: Security in sarge
Next by Date: Re: Bug#273806: Please remove unrar from testing
Previous by thread: Re: Security in sarge
Next by thread: Re: Bug#273806: Please remove unrar from testing
Index(es):
- Date
- Thread