[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

libapache2-mod-fcgid in lenny vulnerable to hole for weeks

Hi folks,

I reported bug #605484 regarding a security hole in lenny. I believe the security team was CC'd.

Prior to my report, http://security-tracker.debian.org/tracker/CVE-2010-3872 said that Debian/stable was not vulnerable. I also notified them to correct this issue.

My question here is: who's got the ball on security issues? It seems that this issue didn't trigger any bugs being created or any bugs being filed in Debian when it came out. When I did what I thought was appropriate, it also didn't trigger much. The maintainer was interested in it, but AFAICT there are, as yet, no new packages.

This is not an attack on any person/team, just a question about whether we have an organizational problem we need to correct.


-- John Goerzen

Reply to: