On Tue, Dec 20, 2011 at 01:15:32AM +0100, Christoph Haas wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> http://security-tracker.debian.org/tracker/CVE-2011-2904
> I have extracted a patch using
> svn diff -r r20742:r20789 frontends/php/acknow.php
> from the upstream sources.
>
> http://security-tracker.debian.org/tracker/CVE-2011-3263
> I have extracted a patch using
> svn diff -r r19527:r19561
> from the upstream sources.
>
> http://security-tracker.debian.org/tracker/CVE-2011-3265
> I could not determine a proper minimal patch and am waiting for the
> upstream developers' support. This issue was fixed in 1.8.6 and thus
> does not affect "sid".
>
> http://security-tracker.debian.org/tracker/CVE-2011-4674
> I could not determine a proper minimal patch and am waiting for the
> upstream developers' support. This issue was fixed in 1.8.4 and does not
> affect "sid".
>
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652664
> https://support.zabbix.com/browse/ZBX-4015
> I could not determine a proper minimal patch and am waiting for the
> upstream developers' support. For "sid" we can wait for 1.8.10 to have
> the issue fixed.
>
> Would you like to get a minimal patch for the first two issues already?
> Or rather wait for the upstream response of the remaining three issues?
Let's rather wait until we have a complete patch set.
Thanks,
Moritz
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]