Lesstif ------- We have a bunch of patches for libxpm which is also part of lesstif1-1 in woody that need to be applied and tested. It needs to be investigated whether the version in sarge needs patches as well. This refers to only a single bug (CAN-2004-0914) but results in quite a large patch that does not cleanly apply. A good C coder with a lesstif test environment is required. Ethereal -------- The test program, Red Hat and iDEFENSE discovered several (read 24) flaws in various disssectors of Ethereal. The patches need to be reviewed and applied to the versions in woody, sarge and sid. For sid the maintainer could yuo some help, hence, I've mentioned it above. The advisory text should be proposed as well. Kernel ------ I have prepared an updated kernel package for woody's 2.4.18 kernel for a number of vulnerabilities (some 40). This work needs to be reviewed and ported to 2.4.16, 2.4.17 and 2.4.19 including testing. The 2.4.18 kernel is running on a test machine and under a real environment during LinuxTag and from time to time afterwards without problems. For all set of packages it needs to be documented which bugs exist in which version. All three issues have escaped the time frame of the security team in the past, hence, I'm now calling for help. The volunteer is required to be a registered Debian developer. If you are interested and sure that you can work on one of these issues, please get in touch with me. If you are not 100% sure that your skills are sufficient, please don't contact me, since I would probably only waste time needed for other stuff. Regards, Joey -- Long noun chains don't automatically imply security. -- Bruce Schneier Please always Cc to me when replying to me on the lists.
Attachment:
signature.asc
Description: Digital signature