Re: [Secure-testing-commits] r6972 - data/CVE

To: debian-security-tracker@lists.debian.org
Subject: Re: [Secure-testing-commits] r6972 - data/CVE
From: Stefan Fritsch <sf@sfritsch.de>
Date: Tue, 16 Oct 2007 22:30:57 +0200
Message-id: <[🔎] 200710162230.57388.sf@sfritsch.de>
In-reply-to: <[🔎] 20071015214851.GB3688@galadriel.inutil.org>
References: <E1IhVOH-0007fl-62@alioth.debian.org> <[🔎] 20071015214851.GB3688@galadriel.inutil.org>

On Monday 15 October 2007, Moritz Muehlenhoff wrote:
> stef-guest@alioth.debian.org wrote:
> > add vmware-package fixed versions
> > (if some vulnerabilities map so specific installer versions, we
> > should include them to help debsecan users)
>
> The whole "security notes for installer packages" business is going
> too far.
>
> Vmware has online updates built-in, so it's really the business of
> the user who installed this non-free crap through the installer.

For vmware, it's maybe not really that important. But since the 
maintainer included the CVE ids in the changelog, there is really no 
reason not to include them in the tracker.

But for things like flashplugin with its large userbase, Debian should 
provide some security support as long as gnash is no viable 
alternative.

Cheers,
Stefan

Reply to:

Follow-Ups:
- Re: [Secure-testing-commits] r6972 - data/CVE
  - From: Florian Weimer <fw@deneb.enyo.de>

References:
- Re: [Secure-testing-commits] r6972 - data/CVE
  - From: Moritz Muehlenhoff <jmm@inutil.org>

Prev by Date: Re: [Secure-testing-commits] r6972 - data/CVE
Next by Date: Re: [Secure-testing-commits] r6972 - data/CVE
Previous by thread: Re: [Secure-testing-commits] r6972 - data/CVE
Next by thread: Re: [Secure-testing-commits] r6972 - data/CVE
Index(es):
- Date
- Thread