On Tue, Jun 07, 2005 at 12:14:19PM +1000, Anibal Monsalve Salazar wrote: >On Mon, Jun 06, 2005 at 09:31:05PM -0400, George Georgalis wrote: >> >>This was the changelog.Debian.gz entry for the last bzip2 update: >> >>bzip2 (1.0.2-1.woody2) stable-security; urgency=high >> >> * Non-maintainer upload by the Security Team >> * No changes rebuild because maintainer prevented distribution of >> security fix, thanks a lot! >> >>The only useful information I see threre is "urgency=high" -- but no >>clear explinaton. Was this just an incomplete log? The maintainer did >>not respond to my inquiry. Is there a CAN? Is there a better file to >>extract specific info from? >> >>I can read; but the second point is ambigous, the first point doesn't >>help, nor does the urgency level. So what exactly happened? > >I uploaded bzip2 1.0.2-1.1 to stable which clashed with Martin >Schulze's plan. > >1.0.2-1.woody2 is the same as 1.0.2-1.1. > > bzip2 (1.0.2-1.1) stable; urgency=medium > . > * Fixed RC bug "file permissions modification race (CAN-2005-0953)", closes: > #303300. Patch by Santiago Ruano Rincon <[EMAIL PROTECTED]>. > Original patch available at > http://marc.theaimsgroup.com/?l=bugtraq&m=111352423504277&w=2 > >I submitted 1.0.2-1.woody3 and Martin included in the last release >of woody.
Aparently, he didn't include it in the last release of woody. > bzip2 (1.0.2-1.woody3) stable-security; urgency=high > . > * Fixed "CAN-2005-1260 decompression bomb vulnerability", closes: #310803. > Patch by Martin Pitt <[EMAIL PROTECTED]>. Anibal Monsalve Salazar -- .''`. Debian GNU/Linux : :' : Free Operating System `. `' http://debian.org/ `- http://v7w.com/anibal
signature.asc
Description: Digital signature
