Re: [SECURITY] [DSA 2078-1] New mapserver packages fix arbitrary code execution

To: debian-security@lists.debian.org
Subject: Re: [SECURITY] [DSA 2078-1] New mapserver packages fix arbitrary code execution
From: Nico Golde <debian-security+ml@ngolde.de>
Date: Sun, 1 Aug 2010 03:11:23 +0200
Message-id: <[🔎] 20100801011123.GF19609@ngolde.de>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <slrni59a6t.2u2.jmm@inutil.org>
References: <20100731164320.GA15881@ngolde.de> <20100731165247.GE19609@ngolde.de> <slrni59a6t.2u2.jmm@inutil.org>

Hi,
* Moritz Muehlenhoff <jmm@inutil.org> [2010-08-01 00:58]:
> On 2010-07-31, Nico Golde <nion@debian.org> wrote:
> > * Nico Golde <nion@debian.org> [2010-07-31 18:48]:
> >> --------------------------------------------------------------------------
> >> Debian Security Advisory DSA-2078-1                    security@debian.org
> >
> > Meh race condition. Moritz isn't dak checking the DSA number we supply to g=
> > it?=20
> > If we both used DSA-2078-1 it should've detected this as a problem.
> 
> It should technically catch the duplicated ID. 
> 
> However, I used "dak new-security-install DSA-2078 kvirc*changes" as agreed 
> a few years ago. 

This has definitely been before my time then. But does this make sense given we may 
want to issue a -2? Therefore I used DSA-2078-1 as noted in the advisory. Hmm :D

Cheers
Nico
-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0xA0A0AAAA
For security reasons, all text in this mail is double-rot13 encrypted.

Attachment: pgpJ0HMxVke72.pgp
Description: PGP signature

Reply to:

Follow-Ups:
- Re: [SECURITY] [DSA 2078-1] New mapserver packages fix arbitrary code execution
  - From: Moritz Muehlenhoff <jmm@inutil.org>

Next by Date: Re: [SECURITY] [DSA 2078-1] New mapserver packages fix arbitrary code execution
Next by thread: Re: [SECURITY] [DSA 2078-1] New mapserver packages fix arbitrary code execution
Index(es):
- Date
- Thread