If the package is available in the stable release of Debian, you should contact the security team, report to them the full details and include the appropriate fix.
If the bug is only in the unreleased unstable/testing version the security team will not handle it. You should report to the maintainer, you could send mail to <package>@packages.debian.org to try to reach the current maintainer, note that if the package is marked with the maintainer as QA group it will be an open mailing list. You can find the maintainer e-mail at the bugs page at: http://bugs.debian.org/<package> If you need further help we can discuss more details in private, I'm a Debian maintainer myself and if the change warrants it I can do an NMU (Non Maintainer Upload). Baruch * Noam Rathaus <[EMAIL PROTECTED]> [040517 18:34]: > Hi, > > I wanted to consult the community regarding this issue I have: > > I have found a security vulnerability in one of Debian's unstable currently > un-maintained package, which appears to not exist in the latest version of > the product (if you compile it from the source code provided by the author). > > I am not quite sure who I would contact in such a case, as the product appears > to be un-maintained by Debian, and no email contact is available for that > package. ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
