A bug report about a vulnerability of 'dir' [1] in package coreutils says it "was fixed upstream in coreutils-5.1.0, and the latest is coreutils-5.2.0"
but Debian/woody is vulnerable (dir is in woody package fileutils). I just filed a bug [2] for fileutils on woody, and I'm posting here because it's security related [3].
What's the/a Right Way (tm) to report security related bugs like this one? Am I supposed to do anything more to make woody's security improve ? (apart from writing patches, which is not obvious ;-)
Christophe
[1] Debian Bug report logs - #236035 coreutils: 'dir' integer overflow vulnerability. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=236035
[2] Debian Bug report logs - #261828 'dir' integer overflow vulnerability http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=261828
[3] http://www.securityfocus.com/archive/1/356174
Christophe
-- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
