[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: rssh_2.2.3-1.sarge.2 package with command line parsing fixed.

Russ Allbery wrote:
> > Debian 3.1r2 shipped with a broken rssh package due to a bug introduced
> > with a security fix.
> > I have prepared a new package () with the problem fixed. The patch is
> > attached.
> > The package can be found from
> > http://debian.pumuki.org/rssh/rssh_2.2.3-1.sarge.2_i386.changes
> This probably needs an update on security.debian.org as well, and maybe an
> advisory or advisory update (not sure).  I mailed team@security a while
> back about it with the same patch and got an acknowledgement, but I think
> they then ran out of time to deal with it.
> Cc'ing team@security as a status ping on that.

IIRC CVE-2005-3345 was fixed by an upload, which should have gone to the security
queue, but ended up in the proposed updates for stable. It was later acked by
stable release managers instead of sending out a DSA. Is this an rssh issue,
which was there all the time, or an issue, which was introduced by the sarge1


Reply to: