[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Timeliness of Debian Security Announceness? (DSA 756-1 Squirrelmail)

Hi!

I am trying to understand if my organization can rely on the debian
security announcement mailing list as only source of security alerts in
the future.

This would be very convenient- but the delay that seems to have passed
between the original squirrelmail security announcement and the time I
received the alert via security@debian.org is worrying:

The Vulnerability seems to have been described a few weeks ago:
http://www.squirrelmail.org/security/issue/2005-06-15

The Debian Security Advisory 756-1 is dated July 13th, 2005.


I do not want to rude in any way- please try to excuse my way of putting
things, but does anybody have a prediction how probable it is for such a
thing to happen again?

Is there a role/function in debian that is responsible for reviewing
bugtraq or similiar sources, and is ensured that this role is fulfilled
every day?

Or will there be other measures in place to see that security issues are
noticed quickly for all packages- even for strange tools that
are not used by normal unix-centered developers?

Kind regards,
Herwig Wittmann
Reply to: