Re: CVE-2009-1284

To: debian-security-tracker@lists.debian.org
Cc: debian-tex-maint@lists.debian.org
Subject: Re: CVE-2009-1284
From: Raphael Geissert <geissert@debian.org>
Date: Thu, 19 Nov 2009 09:17:59 -0600
Message-id: <[🔎] he3nio$cra$1@ger.gmane.org>
References: <[🔎] 20091119073421.GC17284@gamma.logic.tuwien.ac.at>

Hi,

Norbert Preining wrote:

> Dear security team,
> 
> on the tracker page
> http://security-tracker.debian.org/tracker/CVE-2009-1284
> I see that texlive-bin 2009-1 is still listed as vulnerable.
> 
> We did close the bug 520920, but probably we should add the CVE string
> to close this bug.
> 
> Now my question: If for the next upload we edit the old changelog entry
> will that be enough, or is there anything else we should/need to do?

The bug submitter was not somebody from the team and apparently nobody
noticed it was fixed already, thanks for notifying. The tracker is manually
updated so that changes are reviewed.
If you modify the changelog to add a reference it won't make much a
difference.

> 
> Then, for stable: Do you want us to prepare a security update for lenny?
> 

It would be great if you could prepare uploads for oldstable and stable,
which would go through *-proposed-updates (and not via the security
queues). Thanks!

> For sid/testing I would prefer to just leave it like it is, since after
> a certain testing phase we want to get the 2009 packages into unstable
> anyway.
> 

It's a minor issue, so it seems to be fine to wait.

Cheers,
-- 
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net

Reply to:

Follow-Ups:
- Re: CVE-2009-1284
  - From: Norbert Preining <preining@logic.at>

References:
- CVE-2009-1284
  - From: Norbert Preining <preining@logic.at>

Prev by Date: CVE-2009-1284
Next by Date: Re: CVE-2009-1284
Previous by thread: CVE-2009-1284
Next by thread: Re: CVE-2009-1284
Index(es):
- Date
- Thread