[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#308787: CVE IDs (bugzilla)

* Joey Hess (joeyh@debian.org) disait :
> Note this this hole has been assigned two CVE IDs:
> CAN-2005-1564 post_bug.cgi in Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 allows
> CAN-2005-1563 Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 displays a different

Thanks to upstream collaboration, we have now a working patch for
closing this security issue in the 2.16 branch (the first patch was not
ok for 2.16[1]).

I backported the full patch from 2.16.10 to our sarge package (2.16.7).
It works pretty well on my sarge box.

The package source is available on my repository:

    deb-src http://www.sukria.net/debian ./

I don't know what is the best thing to do here, as this is an update of
the 2.16 package (which is in testing) and our sid package is 2.18...

Maybe a t-p-u?


1: https://bugzilla.mozilla.org/show_bug.cgi?id=294655

                                  Alexis Sukrieh <sukria@sukria.net>

« Quidquid latine dictum sit, altum sonatur. » 
Whatever is said in Latin sounds profound.

Reply to: