Re: links2 stable update for CVE-2008-3329

To: debian-release@lists.debian.org, nion@debian.org
Subject: Re: links2 stable update for CVE-2008-3329
From: Gürkan Sengün <gurkan@phys.ethz.ch>
Date: Fri, 08 Aug 2008 08:14:26 +0200
Message-id: <[🔎] 489BE442.9080005@phys.ethz.ch>
In-reply-to: <20080807231240.GA23623@ngolde.de>
References: <20080807231240.GA23623@ngolde.de>

Hello

the following CVE (Common Vulnerabilities & Exposures) id was
published for links2 some time ago.

CVE-2008-3329[0]:
| Unspecified vulnerability in Links before 2.1, when "only proxies" is
| enabled, has unknown impact and attack vectors related to providing
| "URLs to external programs."

Unfortunately the vulnerability described above is not important enough
to get it fixed via regular security update in Debian stable. It does
not warrant a DSA.

However it would be nice if this could get fixed via a regular point update[1].
Please contact the release team for this.

This is Debian bug #492744.

This is an automatically generated mail, in case you are already working on an
upgrade this is of course pointless.

For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3329
[1] http://www.debian.org/doc/developers-reference/ch-pkgs.en.html#s-upload-stable


the link mentioned at [1] is "Not Found"

I would recommend getting the 2.2 release of links2 for lenny from:
http://gnu.ethz.ch/debian/links2/new/links2_2.2-1.dsc
the changes are minimal, and the security fix is the same in this release
as in the pre37.

Kind regards
Nico


regards,
gürkan

Reply to:

Follow-Ups:
- Re: links2 stable update for CVE-2008-3329
  - From: Nico Golde <debian-release+ml@ngolde.de>

Prev by Date: Re: Fixing #493051 (biococoa.app: Contents do not match name and description.) in Lenny.
Next by Date: Re: Please unblock gtk+2.0
Previous by thread: Re: checkpolicy (2.0.16-1)
Next by thread: Re: links2 stable update for CVE-2008-3329
Index(es):
- Date
- Thread