Re: [SECURITY] [DSA 930-1] New smstools packages fix format string vulnerability
On Mon, Jan 09, 2006 at 02:32:18PM +0100, Thijs Kinkhorst wrote:
> >For the unstable distribution the package will be updated shortly.
> >
> It's great to hear that unstable will be fixed soon, but why wasn't
> there a grave bug filed against the package? If for some reason the
> maintainer misses this DSA, it is lateron unknown that the version in
> unstable is vulnerable and still needs to be fixed...
A bug has been filed. If there is no action in a short space
of time I'm happy to perform an NMU.
Testing will get the fix shortly via the package migration, so it
is only sid users who are at risk; and we don't offer explicit
security support there. (Though obviously it should be fixed ASAP.)
Steve
--
Reply to: