Re: CAN-2003-0794: a local DoS

To: debian-security@lists.debian.org, seb128@debian.org
Cc: rmurray@debian.org
Subject: Re: CAN-2003-0794: a local DoS
From: john@keimel.com (John Keimel)
Date: Wed, 22 Oct 2003 21:00:20 -0400
Message-id: <[🔎] 20031023010020.GA20777@keimel.com>
In-reply-to: <[🔎] E1ACL2Q-0007B9-00@seb128>
References: <[🔎] E1ACL2Q-0007B9-00@seb128>

On Wed, Oct 22, 2003 at 05:36:42PM +0200, Sebastien Bacher wrote:
> Package: gdm
> Version: 2.4.1.6-2
> Severity: important
> Tags: security
> 
> A second security bug that need to be closed, fixed in gdm 2.4.4.4 upstream for about one week (and on others distribs too, is the GDM maintainer taking care of this package ?) :

>From the Security FAQ:

Q: What is the policy for a fixed package to appear in
security.debian.org?

A: Security breakage in the stable distribution warrants a package on
security.debian.org. Anything else does not....

Q: How is security handled for testing and unstable?

A: The short answer is: it's not. Testing and unstable are rapidly
moving targets and the security team does not have the resources needed
to properly support those....

I know that my answer is not really a great 'practical' answer, it is,
in fact, the best answer. 

For extra coverage, I'll cc: the package maintainer (according to
packages.debian.org) for this package. 

HTH

j
-- 

==================================================
+ It's simply not       | John Keimel            +
+ RFC1149 compliant!    | john@keimel.com        +
+                       | http://www.keimel.com  +
==================================================

Reply to:

References:
- CAN-2003-0794: a local DoS
  - From: Sebastien Bacher <seb128@debian.org>

Prev by Date: Re: Why do system users have valid shells
Next by Date: Re: Why do system users have valid shells
Previous by thread: CAN-2003-0794: a local DoS
Next by thread: UNSUBSCRIBE
Index(es):
- Date
- Thread