[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Security response: how are we doing?



On Thu, Dec 1, 2011 at 6:11 AM,  wrote:
> On the other hand, at least from my point of view, things are not looking so
> bright. I have on my watchlist 4 buffer overflows (CVE-2011-3193,
> CVE-2011-3194, CVE-2011-1071, CVE-2011-1097), one DoS (CVE-2011-1659) and a
> number of lesser problems (#628843, #615118, CVE-2011-1521), most of which
> I have at least pinged once, most are around for at least 3 months, some
> for more than 6 months. And my selection is a quite limited one.

At least CVE-2011-3194/5 out of your list above are for a package
(qt4-x11) that has been declared as not receiving security support.

Unfortunately volunteers tend to have limited time, and more help is
always appreciated.  Even non-DDs can prepare new package updates for
future DSAs.  Pinging isn't necessarily productive, actual work is.

Help with the tracker is also very useful:
http://anonscm.debian.org/viewvc/secure-testing/doc/narrative_introduction?view=co

Best wishes,
Mike


Reply to: