On Sun, Jul 23, 2006 at 06:16:00PM +0200, Christian Perrier wrote: > Hello dear Security team (and ftpmasters, and shadow package maintainers), > > Being back from 2 days holiday I discover CVE-2006-3378 which has just > been revealed to our attention (#359174 in the BTS).
I guess you mean #379174 here? > What I propose to you, as soon as we have a fix for CVE-2006-3378: > > > -urgently destroy 4.0.3-31sarge6 and 31sarge7 from the > proposed-updates queue. Need ftpmasters collaboration with high urgency > -the security team, or the shadow package team, prepares > 4.0.3-31sarge6 with the fix for CVE-2006-3378 *ALONE* > -the shadow package team prepares 4.0.3-31sarge7 with BOTH updates and > sends it to the proposed-updates queue so that it can be picked by the > SRM team when they're ready to update sarge > Sounds fine from the security point of view. Once a patch is available at least. Steve --
signature.asc
Description: Digital signature
