Re: Bug#412904: openser: CVE-2006-6875 / CVE-2006-6876 still unfixed in Etch

To: debian-release@lists.debian.org
Subject: Re: Bug#412904: openser: CVE-2006-6875 / CVE-2006-6876 still unfixed in Etch
From: Julien BLACHE <jblache@debian.org>
Date: Thu, 01 Mar 2007 09:57:34 +0100
Message-id: <[🔎] 87ps7txrwh.fsf@sonic.technologeek.org>
In-reply-to: <45E5FA64.7050909@debian.org> (Luk Claes's message of "Wed, 28 Feb 2007 22:55:48 +0100")
References: <20070228205408.4636.4259.reportbug@localhost.localdomain> <87mz2ynfxj.fsf@sonic.technologeek.org> <45E5FA64.7050909@debian.org>

Luk Claes <luk@debian.org> wrote:

Hi,

>>> While these two vulnerabilities have been fixed in sid in 1.1.1, they
>>> still affect Etch:
>> 
>> OpenSER 1.1.1 is a bugfix-only release, so I am again requesting an
>> unblock for openser 1.1.1-1, in light of those two CVEs.
>
> We can continue this game, though it won't bring us anywhere...
>
> 116 files changed, 4498 insertions(+), 3113 deletions(-)

There are indeed a lot of bug fixes; there's a reason why I'm asking
for the unblock, you know.

> Any reason why you don't want to backport the security fixes?

They're fixed in a bugfix-only upstream release that is perfectly fit
for the next Debian stable.

JB.

-- 
 Julien BLACHE <jblache@debian.org>  |  Debian, because code matters more 
 Debian & GNU/Linux Developer        |       <http://www.debian.org>
 Public key available on <http://www.jblache.org> - KeyID: F5D6 5169 
 GPG Fingerprint : 935A 79F1 C8B3 3521 FD62 7CC7 CD61 4FD7 F5D6 5169

Reply to:

Follow-Ups:
- Re: Bug#412904: openser: CVE-2006-6875 / CVE-2006-6876 still unfixed in Etch
  - From: Steve Langasek <vorlon@debian.org>

Prev by Date: Please unblock twig 2.8.3-2.2
Next by Date: Re: Please unblock twig 2.8.3-2.2
Previous by thread: Re: Please unblock twig 2.8.3-2.2
Next by thread: Re: Bug#412904: openser: CVE-2006-6875 / CVE-2006-6876 still unfixed in Etch
Index(es):
- Date
- Thread