Re: Bug#412904: openser: CVE-2006-6875 / CVE-2006-6876 still unfixed in Etch
- To: debian-release@lists.debian.org
- Subject: Re: Bug#412904: openser: CVE-2006-6875 / CVE-2006-6876 still unfixed in Etch
- From: Julien BLACHE <jblache@debian.org>
- Date: Thu, 01 Mar 2007 09:57:34 +0100
- Message-id: <[🔎] 87ps7txrwh.fsf@sonic.technologeek.org>
- In-reply-to: <45E5FA64.7050909@debian.org> (Luk Claes's message of "Wed, 28 Feb 2007 22:55:48 +0100")
- References: <20070228205408.4636.4259.reportbug@localhost.localdomain> <87mz2ynfxj.fsf@sonic.technologeek.org> <45E5FA64.7050909@debian.org>
Luk Claes <luk@debian.org> wrote:
Hi,
>>> While these two vulnerabilities have been fixed in sid in 1.1.1, they
>>> still affect Etch:
>>
>> OpenSER 1.1.1 is a bugfix-only release, so I am again requesting an
>> unblock for openser 1.1.1-1, in light of those two CVEs.
>
> We can continue this game, though it won't bring us anywhere...
>
> 116 files changed, 4498 insertions(+), 3113 deletions(-)
There are indeed a lot of bug fixes; there's a reason why I'm asking
for the unblock, you know.
> Any reason why you don't want to backport the security fixes?
They're fixed in a bugfix-only upstream release that is perfectly fit
for the next Debian stable.
JB.
--
Julien BLACHE <jblache@debian.org> | Debian, because code matters more
Debian & GNU/Linux Developer | <http://www.debian.org>
Public key available on <http://www.jblache.org> - KeyID: F5D6 5169
GPG Fingerprint : 935A 79F1 C8B3 3521 FD62 7CC7 CD61 4FD7 F5D6 5169
Reply to: