[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Unblocks for security fixes



On 2010-11-15, Julien Cristau <jcristau@debian.org> wrote:
>
> --K90HjsLT/gE7/naG
> Content-Type: text/plain; charset=us-ascii
> Content-Disposition: inline
> Content-Transfer-Encoding: quoted-printable
>
> On Mon, Nov 15, 2010 at 21:05:21 +0100, Rik Theys wrote:
>
>> Hi,
>>=20
>> When looking at the security-tracker page for testing, I noticed some of =
> the
>> security bugs are fixed in unstable.
>>=20
>> aircrack-ng: CVE-2010-1159, fixed in 1:1.1-1
>
> Looks unmaintained.

The 1.1 version was already uploaded in May and only blocked by a silly
license bug. Since this version contains both the security bugfix and the
FTBFS bugfix and the version in testing is only an old prerelease going
with the version seems preferable to me.

>> scilab: CVE-2010-3378, fixed in 5.2.2-8
>
>     out of date on mips: libscilab-java, scilab, scilab-cli, scilab-data, s=
> cilab-doc, scilab-doc-fr, scilab-doc-pt-br, scilab-full-bin, scilab-full-bi=
> n-dbg, scilab-include, scilab-minimal-bin, scilab-minimal-bin-dbg, scilab-t=
> est (from 5.2.2-2)
>     Updating libscilab-java fixes old bugs: #585679
>     scilab (source, i386, amd64, armel, ia64, kfreebsd-amd64, kfreebsd-i386=
> , mips, mipsel, powerpc, s390, sparc, hppa) has new bugs!
>     Updating scilab introduces new bugs: #591541

I suppose it should simply drop support for mips? It's not that anyone will
be doing numbercrunching on mips..

>> ust: CVE-2010-3386, fixed in 0.7-2.1
>
> Needs fixed in tpu.

I've pinged the maintainer yesterday already. I'll hash out the details with
him.

Cheers,
        Moritz


Reply to: