On Tue, 25 Sep 2007 somebody known as Steffen Joeris wrote:
Package: dibbler
Severity: grave
Tags: security
Justification: user security hole
CVE-2007-5028:
CVE-2007-5029:
CVE-2007-5030:
There might be some other fixes in the new 0.6.1 version, according to
the upstream CHANGELOG. I am still looking at the source code to
separate them. Could you please consider packaging the new upstream
version to fix these issues and please mention the CVE numbers in the
The new upstream version (0.6.1) contains fixes for all reported issues.
I'm currently in the process of preparing DEB packages. Although I don't
have much experience, I believe that the packages will be ready within 2
days. (There are some other issues fixed as well: gcc 4.3 compatibility
fixed, also some new and updated translations).
As I'm not a Debian developer, I always send my DEBs to a collegaue, who
is a DD. He's rather busy, so it may take a week or so before he checks
and uploads the packages. Is there any other ("fast path") way to upload
those fixed packages?
Thanks for your efforts
You are most welcome.
--
Tomasz Mrugalski, | " Talk is cheap. Show me the code." |
thomson(at)klub(dot)com(dot)pl | Linus Torvalds |
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
