Hi, * Touko Korpela <touko.korpela@iki.fi> [2012-04-15 23:44]: > On Thu, Apr 12, 2012 at 12:31:48AM +0200, David Paleino wrote: > > Package: release.debian.org > > Severity: normal > > User: release.debian.org@packages.debian.org > > Usertags: pu > > > > I'm hereby requesting permission to upload a fix for wicd to p-u, bug #668397 > > (CCed), CVE-2012-2095. "git diff" attached. > > > > The patch for stable is slightly different from the one just pushed in > > unstable: namely, it needed an additional "has_profile", which was used in > > pre-1.7.1 versions. > > I think this should be handled via Debian Security Advisory procedure. > It's a root compromise after all (local but still important imho). Sorry to pass the ball on to -release but we decided to not issue a DSA for that. So please allow this upload into the archive. You are right that this is a root compromise, but given in what environments wicd is usually used, I think it is fair to assume that most users are already root anyway. This has very little priority for us currently. Cheers Nico -- Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0xA0A0AAAA For security reasons, all text in this mail is double-rot13 encrypted.
Attachment:
pgp9XNiHNPd_W.pgp
Description: PGP signature