On Sun, Jul 10, 2005 at 12:28:15AM +0200, Christoph Haas wrote: > Dear list... > > our package 'pdns' in Sarge has a serious bug which can be abused to run a > DoS attack against a name server. My co-maintainer already mailed the > security team but did not get a response yet. > > Currently we are preparing a new package to upload into 'unstable'. > How else can we get the fixed version into Sarge asap? I have never had > to deal with bug fixes in stable packages before.
The Security Team FAQ (http://www.debian.org/security/faq) has a question on just this point (http://www.debian.org/security/faq#care) that will probably get you most of the way there. The FAQ, in turn, references DevRef (http://www.debian.org/doc/developers-reference/ch-pkgs#s-bug-security). Presumably knowledge of the bug is public (or else you wouldn't be posting info about it to a public ML), so an upload to unstable with a fixed package would be a good idea ASAP. Send the minimal patch to the security team, and test it as thoroughly as possible, and then send *that* info to the security team as well. - Matt (Not a Security Team member)
signature.asc
Description: Digital signature
