Bug#668456: pu: package wicd/1.7.0+ds1-5+squeeze1

To: David Paleino <dapal@debian.org>
Cc: 668397@bugs.debian.org, 668456@bugs.debian.org
Subject: Bug#668456: pu: package wicd/1.7.0+ds1-5+squeeze1
From: Touko Korpela <touko.korpela@iki.fi>
Date: Mon, 16 Apr 2012 00:40:40 +0300
Message-id: <[🔎] 20120415214040.GA20817@lisko>
Reply-to: Touko Korpela <touko.korpela@iki.fi>, 668456@bugs.debian.org
In-reply-to: <[🔎] 20120412003148.629ae99f@local>
References: <[🔎] 20120412003148.629ae99f@local>

On Thu, Apr 12, 2012 at 12:31:48AM +0200, David Paleino wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian.org@packages.debian.org
> Usertags: pu
> 
> Hello RT,
> 
> I'm hereby requesting permission to upload a fix for wicd to p-u, bug #668397
> (CCed), CVE-2012-2095. "git diff" attached.
> 
> The patch for stable is slightly different from the one just pushed in
> unstable: namely, it needed an additional "has_profile", which was used in
> pre-1.7.1 versions.

I think this should be handled via Debian Security Advisory procedure.
It's a root compromise after all (local but still important imho).

Reply to:

Follow-Ups:
- Re: Bug#668456: pu: package wicd/1.7.0+ds1-5+squeeze1
  - From: Nico Golde <debian-release+ml@ngolde.de>

References:
- Bug#668456: pu: package wicd/1.7.0+ds1-5+squeeze1
  - From: David Paleino <dapal@debian.org>

Prev by Date: Bug#661958: transition: apache2
Next by Date: Re: Bug#668456: pu: package wicd/1.7.0+ds1-5+squeeze1
Previous by thread: Bug#668456: pu: package wicd/1.7.0+ds1-5+squeeze1
Next by thread: Re: Bug#668456: pu: package wicd/1.7.0+ds1-5+squeeze1
Index(es):
- Date
- Thread