Re: Fwd: Cap'n Proto security advisory / Debian
On 2015-03-16 06:17, Tom Lee wrote:
> Hi release team,
>
> A number of security bugs in the capnproto 0.4.1-2 package in Jessie have
> been reported to me by upstream (please see the attached email to the
> Debian security team for details).
Hi Tom,
Thanks for the heads up.
> I've raised corresponding "critical" bugs against the package
At first glance, "critical" seems to be a "high" for these bugs. A
critical bug:
"""makes unrelated software on the system (or the whole system) break,
or causes serious data loss, or introduces a security hole on systems
where you install the package."""
Unless this is a remote root exploit (e.g. capnproto is a service
running as root), I suspect "grave" might be more accurate[1].
[1] https://www.debian.org/Bugs/Developer#severities
> and will be preparing an upload to sid that I'd
> like to eventually flow into testing to address these bugs.
>
> Any problems or concerns in the interim, please let me know.
>
> Cheers,
> Tom
>
Excellent, do you have any ETA on the upload?
Thanks,
~Niels
Reply to: