Russ Allbery wrote:
> > Debian 3.1r2 shipped with a broken rssh package due to a bug introduced
> > with a security fix.
>
> > I have prepared a new package () with the problem fixed. The patch is
> > attached.
>
> > The package can be found from
> > http://debian.pumuki.org/rssh/rssh_2.2.3-1.sarge.2_i386.changes
>
> This probably needs an update on security.debian.org as well, and maybe an
> advisory or advisory update (not sure). I mailed [EMAIL PROTECTED] a while
> back about it with the same patch and got an acknowledgement, but I think
> they then ran out of time to deal with it.
>
> Cc'ing [EMAIL PROTECTED] as a status ping on that.
IIRC CVE-2005-3345 was fixed by an upload, which should have gone to the
security
queue, but ended up in the proposed updates for stable. It was later acked by
stable release managers instead of sending out a DSA. Is this an rssh issue,
which was there all the time, or an issue, which was introduced by the sarge1
fix?
Cheers,
Moritz
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
