[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Fwd: Cap'n Proto security advisory / Debian

On 2015-03-16 06:17, Tom Lee wrote:
> Hi release team,
> 
> A number of security bugs in the capnproto 0.4.1-2 package in Jessie have
> been reported to me by upstream (please see the attached email to the
> Debian security team for details).

Hi Tom,

Thanks for the heads up.

> I've raised corresponding "critical" bugs against the package

At first glance, "critical" seems to be a "high" for these bugs.  A
critical bug:

"""makes unrelated software on the system (or the whole system) break,
or causes serious data loss, or introduces a security hole on systems
where you install the package."""

Unless this is a remote root exploit (e.g. capnproto is a service
running as root), I suspect "grave" might be more accurate[1].

[1] https://www.debian.org/Bugs/Developer#severities

> and will be preparing an upload to sid that I'd
> like to eventually flow into testing to address these bugs.
> 
> Any problems or concerns in the interim, please let me know.
> 
> Cheers,
> Tom
> 

Excellent, do you have any ETA on the upload?

Thanks,
~Niels
Reply to: