Re: Bug#308787: CVE IDs (bugzilla)

To: Joey Hess <joeyh@debian.org>, 308787@bugs.debian.org
Cc: frankie@debian.org, debian-release@lists.debian.org
Subject: Re: Bug#308787: CVE IDs (bugzilla)
From: Alexis Sukrieh <sukria@sukria.net>
Date: Thu, 19 May 2005 17:26:50 +0200
Message-id: <[🔎] 20050519152646.GA24575@sukria.net>
In-reply-to: <20050516231644.GA28165@kitenet.net>
References: <20050516231644.GA28165@kitenet.net>

* Joey Hess (joeyh@debian.org) disait :
> Note this this hole has been assigned two CVE IDs:
> 
> CAN-2005-1564 post_bug.cgi in Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 allows
> CAN-2005-1563 Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 displays a different

Thanks to upstream collaboration, we have now a working patch for
closing this security issue in the 2.16 branch (the first patch was not
ok for 2.16[1]).

I backported the full patch from 2.16.10 to our sarge package (2.16.7).
It works pretty well on my sarge box.

The package source is available on my repository:

    deb-src http://www.sukria.net/debian ./

I don't know what is the best thing to do here, as this is an update of
the 2.16 package (which is in testing) and our sid package is 2.18...

Maybe a t-p-u?

Cheers.

1: https://bugzilla.mozilla.org/show_bug.cgi?id=294655

-- 
                                  Alexis Sukrieh <sukria@sukria.net>
                                               http://www.sukria.net

« Quidquid latine dictum sit, altum sonatur. » 
Whatever is said in Latin sounds profound.

Reply to:

Follow-Ups:
- Re: Bug#308787: CVE IDs (bugzilla)
  - From: Francesco Paolo Lovergine <frankie@debian.org>
- Re: Bug#308787: CVE IDs (bugzilla)
  - From: Steve Langasek <vorlon@debian.org>

Prev by Date: Re: please accept zope-testcase 0.9.6
Next by Date: Re: Please drop cairo libraries from sarge
Previous by thread: Re: zynaddsubfx 2.2.1-2
Next by thread: Re: Bug#308787: CVE IDs (bugzilla)
Index(es):
- Date
- Thread