[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Security unblock requests

On Sat, 2010-10-23 at 14:37 +0200, Moritz Muehlenhoff wrote:
> On 2010-10-20, Moritz Muehlenhoff <jmm@inutil.org> wrote:
> > On 2010-10-18, Moritz Muehlenhoff <jmm@inutil.org> wrote:
> >> On 2010-10-15, Moritz Muehlenhoff <jmm@inutil.org> wrote:
> >>> On 2010-10-11, Moritz Muehlenhoff <jmm@inutil.org> wrote:
> >>>> On 2010-10-06, Moritz Muehlenhoff <jmm@inutil.org> wrote:
> >>>>> On 2010-10-01, Moritz Muehlenhoff <jmm@inutil.org> wrote:
> >>>>>> Hi,
> >>>>>> I went through the security issues fixed in sid, but not yet in
> >>>>>> Squeeze.
> >>>>>>
> >>>>>> [ I didn't look into the diffs against current testing, some might
> >>>>>> be too intrusive for which we need to poke maintainers with a long
> >>>>>> stick to fix it through t-p-u. ] Please review the following: 
> 
> More unblock requests:
> ust/0.7-2.1 -> CVE-2010-3386

testing has 0.5 and the new upstream isn't quickly reviewable.  Could be
fixed via tpu although it would be useful if that took in to account
Julien's comments in #598309

> mailman/1:2.1.13-4.1 -> CVE-2010-3089
> cluster-agents/1:1.0.3-3.1 -> CVE-2010-3389

Unblocked by Julien.

> pidgin/2.7.4-2 -> CVE-2010-3711 (might need a targeted tpu fix?)

There seem to be quite a lot of other code changes and rearrangement in
the diff, so tpu would be preferable.

Regards,

Adam
Reply to: