Re: [SECURITY] [DSA 930-1] New smstools packages fix format string vulnerability

To: Thijs Kinkhorst <kink@squirrelmail.org>
Cc: debian-security@lists.debian.org
Subject: Re: [SECURITY] [DSA 930-1] New smstools packages fix format string vulnerability
From: Steve Kemp <skx@debian.org>
Date: Mon, 9 Jan 2006 14:46:05 +0000
Message-id: <[🔎] 20060109144605.GA9464@steve.org.uk>
In-reply-to: <[🔎] 43C265E2.4080905@squirrelmail.org>
References: <E1EvxQN-00066a-70@klecker.debian.org> <[🔎] 43C265E2.4080905@squirrelmail.org>

On Mon, Jan 09, 2006 at 02:32:18PM +0100, Thijs Kinkhorst wrote:

> >For the unstable distribution the package will be updated shortly.
> >  
> It's great to hear that unstable will be fixed soon, but why wasn't 
> there a grave bug filed against the package? If for some reason the 
> maintainer misses this DSA, it is lateron unknown that the version in 
> unstable is vulnerable and still needs to be fixed...

  A bug has been filed.  If there is no action in a short space
 of time I'm happy to perform an NMU.

  Testing will get the fix shortly via the package migration, so it
 is only sid users  who are at risk; and we don't offer explicit
 security support there.  (Though obviously it should be fixed ASAP.)

Steve
--

Reply to:

Follow-Ups:
- Re: [SECURITY] [DSA 930-1] New smstools packages fix format string vulnerability
  - From: Florian Weimer <fw@deneb.enyo.de>

References:
- Re: [SECURITY] [DSA 930-1] New smstools packages fix format string vulnerability
  - From: Thijs Kinkhorst <kink@squirrelmail.org>

Prev by Date: Re: [SECURITY] [DSA 930-1] New smstools packages fix format string vulnerability
Next by Date: Re: [SECURITY] [DSA 930-1] New smstools packages fix format string vulnerability
Previous by thread: Re: [SECURITY] [DSA 930-1] New smstools packages fix format string vulnerability
Next by thread: Re: [SECURITY] [DSA 930-1] New smstools packages fix format string vulnerability
Index(es):
- Date
- Thread