Hi Branden, On Tue, 10 Feb 2004, Branden Robinson wrote:
> Hi guys, > > As you may have noticed, the last 4.3.0-1 item is done[1]. congratulation to all the XFS > Two security flaws have recently been discovered in XFree86, and the > Debian Security Team has been in contact with me about them. Their > MITRE CVE candidate IDs are CAN-2004-0083 and CAN-2004-0084. The former > was embargoed until 11 February, but since David Dawes committed a fix > for -0083 to XFree86 CVS yesterday, that one is public. The other one > is not yet, and is embargoed until 18 February. > > This will necessitate another security update for woody (4.1.0-16woody3) > and updates to testing/unstable. [SNIP] > It may be that it makes sense to go ahead and release 4.3.0-1 to > unstable even knowing that CAN-2004-0084 will have to be subsequently > fixed, or the embargo may been mooted by third-party action. > > I'd appreciate feedback on this release plan. Of course the security update for woody is a must. I would suggest to upload another 4.2 with both the security fixes and as soon it hits testing go for 4.3. Right now we are sure 4.2 can flow in a few days. 4.3 might not, leaving testing exposed (NOTE: I didn't check the severity of these 2 security problems) but yes you are right.. it's tempting.. :-) > I would also like to hear > from people who would like to join me in the Uploaders: field of the > xfree86 package. Just start with you :-) we can always add ourself later ;) seriously.. it shouldn't matter. Fabio -- <user> fajita: step one <fajita> Whatever the problem, step one is always to look in the error log. <user> fajita: step two <fajita> When in danger or in doubt, step two is to scream and shout.
