[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Security issue with 'elog' package



[CCing to debian-release since I request an update.] 

Hi,

I uploaded the new upstream of Elog a few days ago (this is a sponsored
package).  I've just noticed a possible security flaw which affects both
versions in testing (2.5.7+r1558) and unstable (2.5.8+r1637), as can be
seen in the following CVS log of r1.638:

    http://midas.psi.ch/cgi-bin/cvsweb/elog/src/elogd.c

Since the fix[1] is so trivial to backport, I can easily prepare a new
package for just the version in testing.  But while I'm on it, I think
packaging the new upstream would be more appropriate as the new upstream
has major enhancements over the one in testing.  Could you make a
suggestion?  Should I follow the usual procedure, i.e. first submitting
a new bug in 'critical' severity, and then close it by a 'high' urgency
upload?

Regards,

[1] http://midas.psi.ch/cgi-bin/cvsweb/elog/src/elogd.c.diff?r1=1.645;r2=1.646;f=h

-- 
roktas

Attachment: signature.asc
Description: Digital signature


Reply to: