Re: [Secure-testing-team] [Secure-testing-commits] r6337 - data/CVE

To: secure-testing-team@lists.alioth.debian.org
Cc: debian-security-tracker@lists.debian.org
Subject: Re: [Secure-testing-team] [Secure-testing-commits] r6337 - data/CVE
From: Moritz Muehlenhoff <jmm@inutil.org>
Date: Thu, 16 Aug 2007 22:53:06 +0200
Message-id: <[🔎] 20070816205306.GA3645@galadriel.inutil.org>
In-reply-to: <20070816130113.GC22533@ngolde.de>
References: <E1ILerW-0001Q7-Ra@alioth.debian.org> <20070816130113.GC22533@ngolde.de>

Nico Golde wrote:
> >  CVE-2007-0667 (The redirect function in Form.pm for (1) LedgerSMB before 1.1.5 and ...)
> > -	- sql-ledger <unfixed> (bug #409703)
> > +	- sql-ledger <unfixed> (bug #409703; medium)
> >  	[etch] - sql-ledger <no-dsa> (Should only be used with trusted users)
> >  	NOTE: sql-ledger 2.6.22-2 adds a note to README.Debian that sql-ledger
> >  	NOTE: is not secure with untrusted users.
> 
> Just wanted to comment this, noting the bug in README.Debian 
> does not fix it and doesn't help users who don't read the 
> file, just if someone wonders why I didn't set low :)

Please use debian-security-tracker@lists.debian.org for tracker
relevant discussion. CCing.

It's certainly _not_ a medium issue, as it's completely beyond
what is supported for this package.

If you want more reliable ways to inform users than README.Debian.security
then please help work on #436161.

Cheers,
        Moritz

Reply to:

Prev by Date: Re: New list / Pseudo-bug
Next by Date: unfixed for suites
Previous by thread: Re: New list / Pseudo-bug
Next by thread: unfixed for suites
Index(es):
- Date
- Thread