[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Critical bug in pdns - security team not responding

On Sun, Jul 10, 2005 at 12:28:15AM +0200, Christoph Haas wrote:
> Dear list...
> our package 'pdns' in Sarge has a serious bug which can be abused to run a
> DoS attack against a name server. My co-maintainer already mailed the
> security team but did not get a response yet.
> Currently we are preparing a new package to upload into 'unstable'.
> How else can we get the fixed version into Sarge asap? I have never had
> to deal with bug fixes in stable packages before.

The Security Team FAQ (http://www.debian.org/security/faq) has a question on
just this point (http://www.debian.org/security/faq#care) that will probably
get you most of the way there.  The FAQ, in turn, references DevRef

Presumably knowledge of the bug is public (or else you wouldn't be posting
info about it to a public ML), so an upload to unstable with a fixed package
would be a good idea ASAP.  Send the minimal patch to the security team, and
test it as thoroughly as possible, and then send *that* info to the security
team as well.

- Matt
(Not a Security Team member)

Attachment: signature.asc
Description: Digital signature

Reply to: