Re: missing DSAs
On Mon, 30 Mar 2009 15:10:07 -0400, Michael S. Gilbert wrote:
> from what i can gather, this is the first time (ever) that a DSA has
> been issued without including a set of fixed packages, so there is no
> precedent...yet.
i did a little more work and found that dsa-1529, dsa-1604, and
dsa-1605 were also just advisories (they did not include new packages).
they are also not included in the tracker, just like dsa-1753.
dsa-1529 was an issue in the firebird database that was too complex to backport
dsa-1604, and dsa-1605 were the recent bind issues that were not backportable to bind8 and glibc
- note that dsa-1605 says "This DSA will be updated when patches for hardening
the stub resolver are available", but this has not happened. are there any plans to do so?
since i am doing security research, i would really like to see these included in the
tracker so i can make use of the debian tracking system, rather than coming up with my
own special solution just for these issues.
maybe there should be a special tag called "<advisory>" or something like that?
i can go ahead and add the info myself if no one objects.
thanks,
mike
Reply to: