Re: Security response: how are we doing?
On Thu, Dec 1, 2011 at 6:11 AM, wrote:
> On the other hand, at least from my point of view, things are not looking so
> bright. I have on my watchlist 4 buffer overflows (CVE-2011-3193,
> CVE-2011-3194, CVE-2011-1071, CVE-2011-1097), one DoS (CVE-2011-1659) and a
> number of lesser problems (#628843, #615118, CVE-2011-1521), most of which
> I have at least pinged once, most are around for at least 3 months, some
> for more than 6 months. And my selection is a quite limited one.
At least CVE-2011-3194/5 out of your list above are for a package
(qt4-x11) that has been declared as not receiving security support.
Unfortunately volunteers tend to have limited time, and more help is
always appreciated. Even non-DDs can prepare new package updates for
future DSAs. Pinging isn't necessarily productive, actual work is.
Help with the tracker is also very useful:
http://anonscm.debian.org/viewvc/secure-testing/doc/narrative_introduction?view=co
Best wishes,
Mike
Reply to: