libapache2-mod-fcgid in lenny vulnerable to hole for weeks

To: 605484@bugs.debian.org, debian-security@lists.debian.org
Subject: libapache2-mod-fcgid in lenny vulnerable to hole for weeks
From: John Goerzen <jgoerzen@complete.org>
Date: Tue, 21 Dec 2010 10:09:45 -0600
Message-id: <[🔎] 4D10D149.5000005@complete.org>

Hi folks,

I reported bug #605484 regarding a security hole in lenny. I believethe security team was CC'd.

Prior to my report,http://security-tracker.debian.org/tracker/CVE-2010-3872 said thatDebian/stable was not vulnerable. I also notified them to correct thisissue.

My question here is: who's got the ball on security issues? It seemsthat this issue didn't trigger any bugs being created or any bugs beingfiled in Debian when it came out. When I did what I thought wasappropriate, it also didn't trigger much. The maintainer was interestedin it, but AFAICT there are, as yet, no new packages.

This is not an attack on any person/team, just a question about whetherwe have an organizational problem we need to correct.


Thanks,

-- John Goerzen

Reply to:

Follow-Ups:
- Re: libapache2-mod-fcgid in lenny vulnerable to hole for weeks
  - From: Stefan Fritsch <sf@sfritsch.de>

Prev by Date: Missing DSA for xpdf update?
Next by Date: Re: Missing DSA for xpdf update?
Previous by thread: Re: Missing DSA for xpdf update?
Next by thread: Re: libapache2-mod-fcgid in lenny vulnerable to hole for weeks
Index(es):
- Date
- Thread