Matt Zimmerman wrote: > On Wed, Mar 31, 2004 at 09:22:38AM +0200, Florian Weimer wrote: > > > Chad Waters wrote: > > > > > Better metric: fix time from vendor's notification date > > > > The last DSA was released with a delay of 2.5 years... > > No idea what you are talking about.
http://cert.uni-stuttgart.de/advisories/postgresql_pam_nss.php http://www.debian.org/security/2004/dsa-469 The package wasn't part of potato, that's why the Security Team wasn't involved. Apparently, the maintainer failed to fix those bugs and the broken version (or a subsequent one) was released with woody. -- Current mail filters: many dial-up/DSL/cable modem hosts, and the following domains: postino.it, tiscali.co.uk, tiscali.cz, tiscali.it, voila.fr.
