-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Format: 1.7
Date: Sun, 7 Jan 2007 06:53:48 +0100
Source: gallery2
Binary: gallery2
Architecture: source
Version: 2.0.2-1ubuntu0.1
Distribution: dapper-security
Urgency: low
Maintainer: Michael C. Schultheiss <[EMAIL PROTECTED]>
Changed-By: Stefan Poty
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2006-1219
--
security hole in 2.0.2/2.0.3
https://launchpad.net/bugs/35528
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Security review notified, waiting for approval.
** Changed in: gallery2 (Ubuntu Dapper)
Status: In Progress => Fix Committed
--
security hole in 2.0.2/2.0.3
https://launchpad.net/bugs/35528
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinf
Debdiff with updated manifest file as well... btw.: it's not md5sums,
but rather crc32.
** Attachment added: "gallery2_2.0.2-1_to_2.0.2-1ubuntu0.1_final.debdiff"
http://librarian.launchpad.net/5621520/gallery2_2.0.2-1_to_2.0.2-1ubuntu0.1_final.debdiff
--
security hole in 2.0.2/2.0.3
https://
The above debdiff is the minimal code changes needed for the upgrade.
However I still need to test the changes (maybe I'll need to recreate
the manifest files containing md5sums as well).
--
security hole in 2.0.2/2.0.3
https://launchpad.net/bugs/35528
--
ubuntu-bugs mailing list
ubuntu-bugs@li
** Changed in: gallery2 (Ubuntu Dapper)
Assignee: (unassigned) => StefanPotyra
** Changed in: gallery2 (Ubuntu Dapper)
Status: Unconfirmed => In Progress
** Attachment added: "debdiff 2.0.2-1_to_2.0.2-1ubuntu0.1"
http://librarian.launchpad.net/5621346/gallery2_2.0.2-1_to_2.0.2-1u
** Changed in: gallery2 (Ubuntu)
Assignee: (unassigned) => StefanPotyra
--
security hole in 2.0.2/2.0.3
https://launchpad.net/bugs/35528
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Anyone from motu-swat working on the dapper one yet? If so, please make
yourself assignee.
If not, I'll look into getting dapper fixed probably this night.
--
security hole in 2.0.2/2.0.3
https://launchpad.net/bugs/35528
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.u
Rejecting from breezy, gallery2 was never in breezy.
** Changed in: gallery2 (Ubuntu Breezy)
Status: Unconfirmed => Rejected
--
security hole in 2.0.2/2.0.3
https://launchpad.net/bugs/35528
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinf
Well, for security issues that are remotely exploitable I'd say yes. If
someone prepares fixed packages or requests backports (just open a
dapper-backports task on this bug) the bug can be closed.
--
security hole in 2.0.2/2.0.3
https://launchpad.net/bugs/35528
--
ubuntu-bugs mailing list
ubunt
OK resetting to confirmed. No, it was not an 'easy' fix because Edgy
has a much newer release of gallery2. If the rationale for leaving bugs
open is 'fixed in all distros' will we ever close most of these bugs?
Thanks.
** Changed in: gallery2 (Ubuntu)
Status: Fix Released => Confirmed
--
> So what I should be doing, if I understand the two channels correctly,
> and if the bug is severe enough, is to add a dapper-security task to
> this bug. Is that correct?
Actually, I would not consider this bug 'fix released' without a fix in
all supported distros. But since the package is in un
Hrm. Let me clarify the terminology a bit, then:
* dapper-backports: something that I as a dapper user assume is optional to
subscribe to, and which if subscribed to, gives me new features, etc.
* dapper-security: something that I as a dapper user assume is effectively
mandatory to subscribe to,
> I don't know what Dapper's security policy is, so I can't be specific,
> but wouldn't a potential remote exploit pretty much automatically
> qualify for a backport?
A backport requires that the source package builds without modification
on dapper. If that's not the case, a fixed package will ne
I don't know what Dapper's security policy is, so I can't be specific,
but wouldn't a potential remote exploit pretty much automatically
qualify for a backport?
(And isn't the point of all this malone complexity to handle the
distinction between dapper and edgy, so that opening another bug is not
Fixed in Edgy. If you feel that this is severe enough, please file a
new bug requesting a backport for Dapper. Thank you.
** Changed in: gallery2 (Ubuntu)
Status: Confirmed => Fix Released
--
security hole in 2.0.2/2.0.3
https://launchpad.net/bugs/35528
--
ubuntu-bugs mailing list
ubu
16 matches
Mail list logo
