On Mon, Jun 06, 2005 at 09:31:05PM -0400, George Georgalis wrote:
>
>This was the changelog.Debian.gz entry for the last bzip2 update:
>
>bzip2 (1.0.2-1.woody2) stable-security; urgency=high
>
> * Non-maintainer upload by the Security Team
> * No changes rebuild because maintainer prevented distribution of
> security fix, thanks a lot!
>
>The only useful information I see threre is "urgency=high" -- but no
>clear explinaton. Was this just an incomplete log? The maintainer did
>not respond to my inquiry. Is there a CAN? Is there a better file to
>extract specific info from?
>
>I can read; but the second point is ambigous, the first point doesn't
>help, nor does the urgency level. So what exactly happened?
I uploaded bzip2 1.0.2-1.1 to stable which clashed with Martin
Schulze's plan.
1.0.2-1.woody2 is the same as 1.0.2-1.1.
bzip2 (1.0.2-1.1) stable; urgency=medium
.
* Fixed RC bug "file permissions modification race (CAN-2005-0953)", closes:
#303300. Patch by Santiago Ruano Rincon <santiago@unicauca.edu.co>.
Original patch available at
http://marc.theaimsgroup.com/?l=bugtraq&m=111352423504277&w=2
I submitted 1.0.2-1.woody3 and Martin included in the last release
of woody.
bzip2 (1.0.2-1.woody3) stable-security; urgency=high
.
* Fixed "CAN-2005-1260 decompression bomb vulnerability", closes: #310803.
Patch by Martin Pitt <martin.pitt@ubuntu.com>.
Regards,
Anibal Monsalve Salazar
--
.''`. Debian GNU/Linux
: :' : Free Operating System
`. `' http://debian.org/
`- http://v7w.com/anibal
Attachment:
signature.asc
Description: Digital signature