Re: [Secure-testing-commits] r6972 - data/CVE
On Monday 15 October 2007, Moritz Muehlenhoff wrote:
> stef-guest@alioth.debian.org wrote:
> > add vmware-package fixed versions
> > (if some vulnerabilities map so specific installer versions, we
> > should include them to help debsecan users)
>
> The whole "security notes for installer packages" business is going
> too far.
>
> Vmware has online updates built-in, so it's really the business of
> the user who installed this non-free crap through the installer.
For vmware, it's maybe not really that important. But since the
maintainer included the CVE ids in the changelog, there is really no
reason not to include them in the tracker.
But for things like flashplugin with its large userbase, Debian should
provide some security support as long as gnash is no viable
alternative.
Cheers,
Stefan
Reply to: