Hi all, a recent DTSA [1] states that CVE-2008-5379 has been fixed in testing by removing the affected package (netdisco-mibs-installer). Indeed, this seems to have happened [2]. However, the package promptly re-entered testing [3]. I think the reason it that there's no (real or fake) RC bug to prevent such a migration. Do I understand correctly that a grave bug should be filed against netdisco-mibs-installer/1.3 in order to prevent it from migrating again and that a second removal request should be issued? [1] http://lists.debian.org/debian-testing-security-announce/2010/01/msg00003.html [2] http://packages.qa.debian.org/n/netdisco-mibs-installer/news/20100107T163926Z.html [3] http://packages.qa.debian.org/n/netdisco-mibs-installer/news/20100108T163921Z.html -- http://www.inventati.org/frx/progs/scripts/pdebuild-hooks.html Need some pdebuild hook scripts? ..................................................... Francesco Poli . GnuPG key fpr == C979 F34B 27CE 5CD8 DC12 31B5 78F4 279B DD6D FCF4
Attachment:
pgpojb2XoNdk5.pgp
Description: PGP signature