[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: testing security status (post kde)

On Thu, Nov 03, 2005 at 04:58:17PM -0500, Joey Hess wrote:

> enigmail
> 	17 days old
> 	blocked by mozilla and mozilla-thunderbird
> mozilla
> 	23 days old
> 	vorlon is forcing it, hope that works
> mozilla-thunderbird
> 	23 days old
> 	vorlon is forcing it, hope that works

All in today.

> mozilla-firefox
> 	40 days old
> 	2 RC code bugs
> 	1 RC cpyright bug
> 	At least 7 fixed security bugs, with at least 3 involving remote
> 	code execution.

Overriding the RC bugs, as none of them appear to be regressions.  May
require some more locale removals, just like the mozilla hint did...

> uim
> 	scheduled for removal

Has reverse deps, though, so it's not going anywhere at the moment.  Frank,
thoughts on this?

> uw-imap
> 	21 days old
> 	RC bug #334512 is avoided by upgrading to libssl 0.9.8a-3.
> 	Package needs an upload with a dependency on that version to
> 	close the bug.
> 	BTW, the security hole is remote code execution.

No reupload is needed, really, since this was a transient bug in a
dependency.  The bug has been closed now, so uw-imap should get in with the
next run.

> PS: The current number of untransitioned security fixes is lower than it
>     has been at any point in the past year.
> PPS: But testing/unstable also have well over 100 unfixed security bugs..

Heh.  Would it be worth posting summaries of the unfixed RC security bugs
somewhere from time to time, to try to get more people involved with NMUing
them?  Or are most of these not RC security bugs at this point?

Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
vorlon@debian.org                                   http://www.debian.org/

Attachment: signature.asc
Description: Digital signature

Reply to: