[Secure-testing-commits] r7545 - data/CVE
Nico Golde
debian-secure-testing+ml at ngolde.de
Fri Dec 7 17:20:12 UTC 2007
Hi Dominic,
* Dominic Hargreaves <dom at earth.li> [2007-12-07 17:59]:
> On Fri, Dec 07, 2007 at 05:35:06PM +0100, Nico Golde wrote:
[...]
> > Please read the narrative_introduction before commiting to
> > the svn, please. sarge entries need a sarge tag.
>
> D'oh, apologies. Missed that point. I think a lot's changed since I
> last committed.
Just have a look into doc/narrative_introduction, this
should help you. Feel free to ask for any unanswered
questions.
> > > + - e2fsprogs 1.39+1.40-WIP-2006.11.14+dfsg-2
> >
> > Where did you get this information from?
> > From what I can see the fix by Novell (namely
> > e2fsprogs-VUL0_integer_overflow.patch from what I can see)
> > is not fixed in unstable.
>
> Oh dear, that was supposed to indicated that the package was vulnerable,
The tracker tracks if the versions in the distributions are
lower than the one which is marked as fixed so this does not
work, there is no fixed version yet (apart from etch).
> but that's duplicating information from the DSA data in any case.
> so, how about:
>
> [sarge] - e2fsprogs <unfixed>
> - e2fsprogs <unfixed>
>
> As the two lines for this?
Have a look at my commit, this added this item for unstable.
It will be automatically marked as fixed for etch by the
auto-update from joey because there is an entry in DSA/list
for this.
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20071207/b5766a8f/attachment-0001.pgp
More information about the Secure-testing-commits
mailing list