Re: Security update for ‘burn’ package

To: Ben Finney <ben+debian@benfinney.id.au>, Debian release coordination <debian-release@lists.debian.org>
Subject: Re: Security update for ‘burn’ package
From: Philipp Kern <pkern@debian.org>
Date: Sun, 23 Aug 2009 11:17:55 +0200
Message-id: <[🔎] 20090823091755.GA21596@kelgar.0x539.de>
In-reply-to: <[🔎] 20090823055734.GJ5164@benfinney.id.au>
References: <[🔎] 20090823055734.GJ5164@benfinney.id.au>

On Sun, Aug 23, 2009 at 03:57:34PM +1000, Ben Finney wrote:
> The package ‘burn’ has a security bug open, assigned the alert number
> TEMP-0542329 “burn: Insecure escaping of file names”. I have been
> advised to make a bug-fix release of this package for ‘stable’ and
> send a ‘debdiff’ output to this forum.

Advised by whom?  The Security team?  If not, they should be contacted about
it as of [DevRef 5.8.5].

If they told you to just push this as a non-DSA issue, this should be stated
as such.

Kind regards,
Philipp Kern
-- 
 .''`.  Philipp Kern                        Debian Developer
: :' :  http://philkern.de                         Stable Release Manager
`. `'   xmpp:phil@0x539.de                         Wanna-Build Admin
  `-    finger pkern/key@db.debian.org

Attachment: signature.asc
Description: Digital signature

Reply to:

Follow-Ups:
- Re: Security update for ‘burn’ package
  - From: Ben Finney <ben+debian@benfinney.id.au>

References:
- Security update for ‘burn’ package
  - From: Ben Finney <ben+debian@benfinney.id.au>

Prev by Date: Re: Bug#443459: release-notes: With beginning of Lenny /etc/debian_version will be touched with every point release
Next by Date: Re: Security update for ‘burn’ package
Previous by thread: Security update for ‘burn’ package
Next by thread: Re: Security update for ‘burn’ package
Index(es):
- Date
- Thread