On Fri, Oct 1, 2010 at 23:43:17 +0200, Moritz Muehlenhoff wrote:
> Hi,
> I went through the security issues fixed in sid, but not yet in
> Squeeze.
>
> [ I didn't look into the diffs against current testing, some might
> be too intrusive for which we need to poke maintainers with a long
> stick to fix it through t-p-u. ] Please review the following:
>
> zabbix/1:1.8.3-2 -> CVE-2010-2790
643 files changed, 57774 insertions(+), 93146 deletions(-)
:(
> libv8/2.2.24-6 -> CVE-2010-3412
unblocked
> ardour/1:2.8.11-3 -> CVE-2010-3349
silly packaging changes getting in the way... oh well.
unblocked
> magics++/2.10.0.dfsg-5 -> CVE-2010-3393
The fix is broken.
("if test -h ${LD_LIBRARY_PATH}; then [...]")
> roaraudio/0.3-2 -> CVE-2010-3363
has the same bug with PATH as it used to have with LD_LIBRARY_PATH.
unblocked, though
> qt4-x11/4:4.6.3-2 -> CVE-2010-2621
Moves a file from libqt4-dev to libqt4-dbus, needs a Replaces. Looks ok
otherwise.
> couchdb/0.11.0-2.1 -> CVE-2010-2234
unblocked
> aircrack-ng/1:1.0~rc3-2 -> CVE-2010-1159
169 files changed, 6639 insertions(+), 9287 deletions(-)
> moodle/1.9.9.dfsg2-1 -> CVE-2010-2479
unblocked
> otrs2/2.4.8+dfsg1-1 -> CVE-2010-2080, CVE-2010-3476
302 files changed, 93756 insertions(+), 64023 deletions(-)
> This one is in t-p-u, possibly needs some processing/acking?
> bip/0.8.2-1squeeze2 -> CVE-2010-3071
>
approved.
Cheers,
Julien
Attachment:
signature.asc
Description: Digital signature