[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA-200-1] Samba buffer overflow

Matt Zimmerman <mdz@debian.org> writes:

> On Mon, Nov 25, 2002 at 08:24:45PM +0900, Olaf Meeuwissen wrote:
> > Hmm, from the version numbers (2.2.3a-6 to 2.2.3a-12) and changelog 
> > entries since the version in stable it looks as if this upgrade does a 
> > little more than just fix the security problem.  Whatever happened to 
> > just backporting the security fix?
> The samba maintainers had already prepared an update for stable
> which contained backported fixes for important bugs.  These fixes
> were appropriate for the next point release, so rather than build a
> security update based on 2.2.3a-6 and then a new stable upload based
> on 2.2.3a-9, the security update was based on 2.2.3a-9 with its
> fixes.  You did not get any changes which were not already destined
> for stable.

It'd be nice if the DSA could say so much.

BTW, thanks for all the good work getting security.debian.org back up
so fast.
Olaf Meeuwissen                            EPSON KOWA Corporation, ECS
GnuPG key: 6BE37D90/AB6B 0D1F 99E7 1BF5 EB97  976A 16C7 F27D 6BE3 7D90
Penguin's lib!       -- I hack, therefore I am --               LPIC-2

Reply to: