Re: [SECURITY] [DSA-2115-2] New moodle packages fix several vulnerabilities

To: debian-security@lists.debian.org
Subject: Re: [SECURITY] [DSA-2115-2] New moodle packages fix several vulnerabilities
From: Ian Jackson <ijackson@chiark.greenend.org.uk>
Date: Mon, 11 Oct 2010 14:14:41 +0100
Message-id: <[🔎] 19635.3521.655481.658955@chiark.greenend.org.uk>
In-reply-to: <87mxqlwbn5.fsf@mid.deneb.enyo.de>
References: <87mxqlwbn5.fsf@mid.deneb.enyo.de>

Florian Weimer writes ("[SECURITY] [DSA-2115-2] New moodle packages fix several vulnerabilities"):
> DSA-2115-1 introduced a regression because it lacked a dependency on
> the wwwconfig-common package, leading to installations problems.  This
> update addresses this issue.  For reference, the text of the original
> advisory is provided below.

This is the second recent regression in a security update.  I'm sure
you'll all agree that this is bad.  It's a shame, because Debian
security updates have historically had a very good reputation.

Is there anything that I could do to help with improving things to
avoid this happening again ?  

A traditional approach might be to hold a postmortem to try to find
the chain of events, identify root causes, and make recommendations
(whether to the Security Team or to others in the project).  Has
anything like that been done in this case ?

Ian.
offering to help - this is not a brickbat

Reply to:

Follow-Ups:
- Re: [SECURITY] [DSA-2115-2] New moodle packages fix several vulnerabilities
  - From: Michael Gilbert <michael.s.gilbert@gmail.com>

Prev by Date: Re: [SECURITY] [DSA-2115-2] New moodle packages fix several vulnerabilities
Next by Date: Re: [SECURITY] [DSA-2115-2] New moodle packages fix several vulnerabilities
Previous by thread: Re: [SECURITY] [DSA-2115-2] New moodle packages fix several vulnerabilities
Next by thread: Re: [SECURITY] [DSA-2115-2] New moodle packages fix several vulnerabilities
Index(es):
- Date
- Thread