[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#412904: openser: CVE-2006-6875 / CVE-2006-6876 still unfixed in Etch



Luk Claes <luk@debian.org> wrote:

Hi,

>>> While these two vulnerabilities have been fixed in sid in 1.1.1, they
>>> still affect Etch:
>> 
>> OpenSER 1.1.1 is a bugfix-only release, so I am again requesting an
>> unblock for openser 1.1.1-1, in light of those two CVEs.
>
> We can continue this game, though it won't bring us anywhere...
>
> 116 files changed, 4498 insertions(+), 3113 deletions(-)

There are indeed a lot of bug fixes; there's a reason why I'm asking
for the unblock, you know.

> Any reason why you don't want to backport the security fixes?

They're fixed in a bugfix-only upstream release that is perfectly fit
for the next Debian stable.

JB.

-- 
 Julien BLACHE <jblache@debian.org>  |  Debian, because code matters more 
 Debian & GNU/Linux Developer        |       <http://www.debian.org>
 Public key available on <http://www.jblache.org> - KeyID: F5D6 5169 
 GPG Fingerprint : 935A 79F1 C8B3 3521 FD62 7CC7 CD61 4FD7 F5D6 5169 



Reply to: