Re: CVE-2010-3205 affects textpattern package

To: Moritz Muehlenhoff <jmm@inutil.org>
Cc: debian-security-tracker@lists.debian.org
Subject: Re: CVE-2010-3205 affects textpattern package
From: Steven Chamberlain <steven@pyro.eu.org>
Date: Tue, 21 May 2013 22:16:25 +0100
Message-id: <[🔎] 519BE429.5030905@pyro.eu.org>
In-reply-to: <[🔎] 20130521210919.GA4083@inutil.org>
References: <[🔎] 20130520135840.GA30882@squeeze.pyro.eu.org> <[🔎] 20130521210919.GA4083@inutil.org>

On 21/05/13 22:09, Moritz Muehlenhoff wrote:
> Thanks, I've updated the security tracker!

Okay, thank you!

I couldn't say for sure the exploit given the CVE is real, and there's
very little interest in the package any more (orphaned, low popcon,
removed);  but I thought it is better to mark it as affecting until
someone can actually show otherwise.

I assume NOT-FOR-US was meant for things not packaged at all so was
probably an oversight in this case.

Regards,
-- 
Steven Chamberlain
steven@pyro.eu.org

Reply to:

Follow-Ups:
- Re: CVE-2010-3205 affects textpattern package
  - From: Moritz Mühlenhoff <jmm@inutil.org>

References:
- CVE-2010-3205 affects textpattern package
  - From: Steven Chamberlain <steven@pyro.eu.org>
- Re: CVE-2010-3205 affects textpattern package
  - From: Moritz Muehlenhoff <jmm@inutil.org>

Prev by Date: Re: security-tracker now on https?
Next by Date: Re: CVE-2010-3205 affects textpattern package
Previous by thread: Re: CVE-2010-3205 affects textpattern package
Next by thread: Re: CVE-2010-3205 affects textpattern package
Index(es):
- Date
- Thread